This project encountered a normal no attention to the problem, that is SPRINGMVC interceptor.
<mvc:mapping path= "/**"/>
This configuration should be familiar to everyone, and this configuration will intercept all requests that match/**.
such as Http://localhost:8080/xx, HTTP://LOCALHOST:8080/XX/XX, HTTP://LOCALHOST:8080/YY/XX/AA
But will such a request be intercepted? http://localhost:8080/xx/ http://localhost:8080/xx/xx/
No, he is not able to intercept all requests with/to end, so this is the case for the user, if some user maliciously sends such a request, it can cause a reflection type XSS attack.
In particular, when a project refers to velocity technology, such a request is sent through Velocityviewservlet and then caught to an exception that cannot find the resource.
However, this exception is not thrown out, but is directly reponse out of the page resulting in uniform exception handling in the system does not work.
So how do we intercept such a request ?
This way I chose filter inside the filter to do an illegal request for all "/" Results of the request processing. Solved the problem.
What do I do with URIs that SPRINGMVC interceptors can't intercept?