1.首先创建一个java web工程,目录如下:
说明: WorldFilter.java -> 过滤非法字符的过滤器 IllegalText.properties - >需要过滤的非法字符
2. WorldFilter.java 代码
package com;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.util.Collection;
import java.util.Iterator;
import java.util.Properties;
import java.util.Random;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
public class WorldFilter implements Filter{
Properties ps = new Properties(); //properties 属性文件
Collection con = null; //非法文字集合(从properties属性文件中读取出来)
private String encoding; //字符编码
private String[] charWorld = new String[]{"~","@","#","$","%","^","&","*"}; //将非法文字替换成 随机字符
Random input = new Random(); //随机产生器(为上面的随机字符提供下标)
public void init(FilterConfig filterConfig) throws ServletException {
//获取字符编码字符串,需要web.xml文件中配置
encoding = filterConfig.getInitParameter("encoding");
try {
//读取properties配置文件
InputStream in = filterConfig.getServletContext().getResourceAsStream("/WEB-INF/IllegalText.properties");
ps.load(in);
con = ps.values(); //得到properties中的所有value值,存入collection集合中
} catch (FileNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
// TODO Auto-generated method stub
if(encoding != null){
request.setCharacterEncoding(encoding); //设置 request字符编码
request = new Request((HttpServletRequest)request);
response.setContentType("text/html;charset=" + encoding); //设置response字符编码
}
chain.doFilter(request, response);
}
public void destroy() {
// TODO Auto-generated method stub
}
//内部类 为了重写request的getParameter 和 getParameterValues
class Request extends HttpServletRequestWrapper{
public Request(HttpServletRequest request) {
super(request);
}
@Override
public String getParameter(String name) {//返回值之前 先进行过滤
return filter(super.getParameter(name));
}
@Override
public String[] getParameterValues(String name) { //返回值之前 先进行过滤
// TODO Auto-generated method stub
String[] values = super.getParameterValues(name);
for (int i = 0; i < values.length; i++) {
values[i] = filter(values[i]);
}
return values;
}
}
public String filter(String param){ //过滤非法字符的方法
try {
if(param != null && param.length()>0){ //保证传入的字符串不为空和空字符串
Iterator it = con.iterator(); //迭代器 可以 把collection中的值一条一条的读出来
if(con != null ){ //集合要被初始化
while (it.hasNext()) { //判断集合里是否还有值
String value = (String)it.next(); //取出该值
if(param.indexOf(value) != -1){
param = param.replace(value, charWorld[input.nextInt(8)]); //对非法字符词语进行替换
}
}
}
}
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return param;
}
}
说明: 本人纯属新手,所以某些注释可能一点都不专业,不过我觉得挺简单易懂的 呵呵
3. IllegalText.properties (三个非法文字为 靠 混蛋 fuck 自己可随意添加)
1=/u9760
2=/u6DF7/u86CB
3=fuck
4. web.xml
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
index.jsp
worldFilter
com.WorldFilter
encoding
UTF-8
worldFilter
/*
5. index.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
5. index.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String message = request.getParameter("message");
%>
你刚刚输入的东东为: <%=message %>
说明: 这里为了方便测试 所以加上了<% %> 呵呵!
