非法字符过滤 HttpServletRequest
程序员文章站
2024-02-08 18:14:10
...
IllegalCharacterFilter.java
IllegalWordUtil.java
web.xml
package *;
import java.io.IOException;
import java.util.Date;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.HttpRequest;
import *.IllegalWordUtil;
public class IllegalCharacterFilter implements Filter {
private ServletContext context;
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest servletrequest = (HttpServletRequest) request;
HttpServletResponse servletresponse = (HttpServletResponse) response;
String param = "";
String paramValue = "";
servletresponse.setContentType("text/html");
servletresponse.setCharacterEncoding("utf-8");
servletrequest.setCharacterEncoding("utf-8");
java.util.Enumeration params = request.getParameterNames();//获取request中所有参数的名称
while (params.hasMoreElements()) {
param = (String) params.nextElement();
String[] values = servletrequest.getParameterValues(param);//获取每个参数的value
for (int i = 0; i < values.length; i++) {
System.out.println(param+"="+values[i]);
paramValue = values[i];
paramValue = paramValue.replaceAll("<", "<");
paramValue = paramValue.replaceAll(">", ">");
if(IllegalWordUtil.isIllegalWord(paramValue)){
context.log("["+request.getRemoteHost()+"] url:"+((HttpRequest)request).getRequestLine());
context.log("["+param+"] value:"+paramValue);
context.log("["+new Date()+"]");
//替换非法关键字。
values[i] = IllegalWordUtil.filterIllegalWords(paramValue);
}
}
//把转义后的参数重新放回request中
request.setAttribute(param, paramValue);
}
//继续
chain.doFilter(request, response);
}
@Override
public void init(FilterConfig config) throws ServletException {
context = config.getServletContext();
}
}
IllegalWordUtil.java
package *;
import java.io.IOException;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class IllegalWordUtil{
protected static final Logger logger = LoggerFactory.getLogger(IllegalWordUtil.class);
private final static String pattern;
private final static String replacement;
private final static String illegalWords;
private final static String illegalWordRegx;
private static Pattern patterns = null;
static{
Properties properties = new Properties();
try{
properties.load(IllegalWordUtil.class.getResourceAsStream("/illegal.keywords.properties"));
}catch(IOException ioe){
ioe.printStackTrace();
logger.error("Cound not load illegal.keywords.properties");
throw new RuntimeException("Cound not load illegal.keywords.properties");
}
illegalWords = properties.getProperty("words", "");
pattern = properties.getProperty("pattern", ",");
replacement = properties.getProperty("replacerex", "***");;
illegalWordRegx = "(" + illegalWords.trim().replaceAll(pattern, "|") + ")";
patterns = Pattern.compile(new String(illegalWordRegx.toString()));
}
public static String filterIllegalWords(String sentence) {
Matcher m = patterns.matcher(sentence);
return m.replaceAll(replacement);
}
public static boolean isIllegalWord(String word) {
Matcher m = patterns.matcher(word);
return m.find(0);
}
}
web.xml
<filter>
<filter-name>IllegalCharacterFilter</filter-name>
<filter-class>desirelist.web.servlet.IllegalCharacterFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
上一篇: 软件构造实验四总结