java防止页面脚本注入 特殊字符过滤器

转载自:http://yuncode.net/code/c_54a003069e20d32




Step1:自定义封装request
package com.tsou.comm.servlet;
 
import java.util.Enumeration;
import java.util.Map;
import java.util.Vector;
 
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
/**
 *
 *

 * 功能:封装的请求处理特殊字符
 *

 * @ClassName: TsRequest
 * @version V1.0
 * @date 2014年9月25日
 * @author wangsheng
 */
public class TsRequest extends HttpServletRequestWrapper {
           private Map params;
 
           public TsRequest(HttpServletRequest request, Map newParams) {
                    super(request);
                    this.params = newParams;
          }
 
           public Map getParameterMap() {
                    return params ;
          }
 
           public Enumeration getParameterNames() {
                    Vector l = new Vector( params.keySet());
                    return l.elements();
          }
 
           public String[] getParameterValues(String name) {
                   Object v = params.get(name);
                    if (v == null ) {
                              return null ;
                   else if (v instanceof String[]) {
                             String[] value = (String[]) v;
                              for (int i = 0; i < value.length; i++) {
                                      value[i] = value[i].replaceAll( "<""<" );
                                      value[i] = value[i].replaceAll( ">"">" );
                             }
                              return (String[]) value;
                   else if (v instanceof String) {
                             String value = (String) v;
                             value = value.replaceAll( "<""<" );
                             value = value.replaceAll( ">"">" );
                              return new String[] { (String) value };
                   else {
                              return new String[] { v.toString() };
                   }
          }
 
           public String getParameter(String name) {
                   Object v = params.get(name);
                    if (v == null ) {
                              return null ;
                   else if (v instanceof String[]) {
                             String[] strArr = (String[]) v;
                              if (strArr.length > 0) {
                                      String value = strArr[0];
                                      value = value.replaceAll( "<""<" );
                                      value = value.replaceAll( "<"">" );
                                       return value;
                             else {
                                       return null ;
                             }
                   else if (v instanceof String) {
                             String value = (String) v;
                             value = value.replaceAll( "<""<" );
                             value = value.replaceAll( ">"">" );
                              return (String) value;
                   else {
                              return v.toString();
                   }
          }
}
 
Step2:设置过滤器
package com.tsou.comm.filter;
 
import java.io.IOException;
 
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
 
import com.tsou.comm.servlet.TsRequest;
/**
 *
 *

 * 功能:特殊字符过滤器
 *

 * @ClassName: CharacterFilter
 * @version V1.0
 * @date 2014年9月25日
 * @author wangsheng
 */
public class CharacterFilter implements Filter{
 
           @Override
           public void destroy() {
          }
 
           @Override
           public void doFilter(ServletRequest req, ServletResponse res,
                             FilterChain chain) throws IOException, ServletException {
                   HttpServletRequest request = (HttpServletRequest)req;
                   TsRequest wrapRequest= new TsRequest(request,request.getParameterMap());
                   chain.doFilter(wrapRequest, res);
          }
 
           @Override
           public void init(FilterConfig arg0) throws ServletException {
          }
}
 
Step3:拦截URL
           
                     characterFilter
                     class> com.tsou.comm.filter.CharacterFilterclass >
           
           
                     characterFilter
                     /*
           

你可能感兴趣的:(Java学习)