1.源代码代码
package com.pcm.web.pubs.servlet;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* @version 1.0
* @author
*/
public class CharFilter implements Filter {
private List names = new ArrayList();
private List values = new ArrayList();
/**
* @see javax.servlet.Filter#void ()
*/
public void destroy() {
}
/**
* @see javax.servlet.Filter#void (javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
public void doFilter(
ServletRequest req,
ServletResponse res,
FilterChain chain)
throws ServletException, IOException {
int skipNum = 0;
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
Map map = request.getParameterMap();
Set keySet = map.keySet();
StringBuffer url = request.getRequestURL().append("?");
for (Iterator it = keySet.iterator(); it.hasNext();) {
String name = it.next().toString();
String value = request.getParameter(name);
//=======================开始过滤字符=====================================
if (value != null) {
System.out.println(
" ================== " + names + " " + values);
boolean bTrim = !value.equals(value.trim());
//两端空格
if (bTrim) {
value = value.trim();
skipNum++;
}
StringBuffer tmp = new StringBuffer(value);
boolean bSkip = false;
for (int i = 0; i < names.size(); i++) {
if (tmp.toString().indexOf((String) names.get(i)) != -1) {
bSkip = true;
break;
}
}
if (bSkip) {
//这里比较麻烦,是因为我用的jdk 1.3
//如果使用jdk 1.4以上版本,直接使用replaceAll()方法,即可替换所有的字符
//jdk 1.4 替换' 为 "" : value.replaceAll("/'","/"") ,够简单吧
for (int i = 0; i < tmp.length(); i++) {
char tmpChar = tmp.charAt(i);
for (int j = 0; j < names.size(); j++) {
if (String
.valueOf(tmpChar)
.equalsIgnoreCase(names.get(j).toString())) {
tmp.replace(i, i + 1, values.get(j).toString());
}
}
}
skipNum++;
value = tmp.toString();
}
//单引号
boolean bYinHao = tmp.toString().indexOf("/'") != -1;
if (bYinHao) {
for (int i = 0; i < url.length(); i++) {
if (tmp.charAt(i) == '/'') {
tmp.replace(i, i + 1, "/"");
}
}
skipNum++;
value = tmp.toString();
}
}
//=======================================================================
url.append(name).append("=").append(value).append("&");
}
if (skipNum > 0) {
System.out.println(url);
String urlStr = url.toString();
//注意,这里是要把编码再从gb2312倒转为ISO8859-1,因为表单参数传递使用的是ISO8859-1编码
urlStr = new String(urlStr.getBytes("gb2312"), "ISO8859-1");
response.sendRedirect(urlStr);
} else {
chain.doFilter(request, response);
}
}
/**
* Method init.
* @param config
* @throws javax.servlet.ServletException
*/
public void init(FilterConfig config) throws ServletException {
String charName = config.getInitParameter("charName");
String charValue = config.getInitParameter("charValue");
//这里比较麻烦,是因为我使用的是jdk1.3
//如果jdk 1.4以上, String[] names=charName.spilt(",");
//就可以把字符串按指定分割符分割为数组
StringTokenizer stkName = new StringTokenizer(charName, ",");
while (stkName.hasMoreTokens()) {
names.add(stkName.nextToken());
}
StringTokenizer stkValue = new StringTokenizer(charValue, ",");
while (stkValue.hasMoreTokens()) {
values.add(stkValue.nextToken());
}
}
}
2.web.xml配置filter