用户注册



邮箱:

密码:

用户登录


邮箱:

密码:
记住登录一个月忘记密码?

发表随想


还能输入:200字
云代码 - java代码库

java防止页面脚本注入 特殊字符过滤器

2014-12-28 作者:java源代码大全举报

[java]代码库

Step1:自定义封装request
package com.tsou.comm.servlet;

import java.util.Enumeration;
import java.util.Map;
import java.util.Vector;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
/**
 *
 * <p class="detail">
 * 功能:封装的请求处理特殊字符
 * </p>
 * @ClassName: TsRequest
 * @version V1.0 
 * @date 2014年9月25日
 * @author wangsheng
 */
public class TsRequest extends HttpServletRequestWrapper {
           private Map params;

           public TsRequest(HttpServletRequest request, Map newParams) {
                    super(request);
                    this.params = newParams;
          }

           public Map getParameterMap() {
                    return params ;
          }

           public Enumeration getParameterNames() {
                    Vector l = new Vector( params.keySet());
                    return l.elements();
          }

           public String[] getParameterValues(String name) {
                   Object v = params.get(name);
                    if (v == null ) {
                              return null ;
                   } else if (v instanceof String[]) {
                             String[] value = (String[]) v;
                              for (int i = 0; i < value.length; i++) {
                                      value[i] = value[i].replaceAll( "<", "&lt;" );
                                      value[i] = value[i].replaceAll( ">", "&gt;" );
                             }
                              return (String[]) value;
                   } else if (v instanceof String) {
                             String value = (String) v;
                             value = value.replaceAll( "<", "&lt;" );
                             value = value.replaceAll( ">", "&gt;" );
                              return new String[] { (String) value };
                   } else {
                              return new String[] { v.toString() };
                   }
          }

           public String getParameter(String name) {
                   Object v = params.get(name);
                    if (v == null ) {
                              return null ;
                   } else if (v instanceof String[]) {
                             String[] strArr = (String[]) v;
                              if (strArr.length > 0) {
                                      String value = strArr[0];
                                      value = value.replaceAll( "<", "&lt;" );
                                      value = value.replaceAll( "<", "&gt;" );
                                       return value;
                             } else {
                                       return null ;
                             }
                   } else if (v instanceof String) {
                             String value = (String) v;
                             value = value.replaceAll( "<", "&lt;" );
                             value = value.replaceAll( ">", "&gt;" );
                              return (String) value;
                   } else {
                              return v.toString();
                   }
          }
}

Step2:设置过滤器
package com.tsou.comm.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import com.tsou.comm.servlet.TsRequest;
/**
 *
 * <p class="detail">
 * 功能:特殊字符过滤器
 * </p>
 * @ClassName: CharacterFilter
 * @version V1.0 
 * @date 2014年9月25日
 * @author wangsheng
 */
public class CharacterFilter implements Filter{

           @Override
           public void destroy() {
          }

           @Override
           public void doFilter(ServletRequest req, ServletResponse res,
                             FilterChain chain) throws IOException, ServletException {
                   HttpServletRequest request = (HttpServletRequest)req;
                   TsRequest wrapRequest= new TsRequest(request,request.getParameterMap());
                   chain.doFilter(wrapRequest, res);
          }

           @Override
           public void init(FilterConfig arg0) throws ServletException {
          }
}

Step3:拦截URL
           <filter>
                    <filter-name> characterFilter</filter-name >
                     <filter-class> com.tsou.comm.filter.CharacterFilter</filter-class >
           </filter>
           <filter-mapping>
                    <filter-name> characterFilter</filter-name >
                    <url-pattern> /*</ url-pattern>
           </filter-mapping>


分享到:
更多

网友评论    (发表评论)


发表评论:

评论须知:

  • 1、评论每次加2分,每天上限为30;
  • 2、请文明用语,共同创建干净的技术交流环境;
  • 3、若被发现提交非法信息,评论将会被删除,并且给予扣分处理,严重者给予封号处理;
  • 4、请勿发布广告信息或其他无关评论,否则将会删除评论并扣分,严重者给予封号处理。