如何用jsp+servlet+fliter实现非法字符过滤

jsp+servlet+fliter实现非法字符过滤

---

创建WordFilter类

package com.wt.wordFilter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

public class WordFilter implements Filter {

    private String[] words;
    private String encoding;
    /**
     * @see Filter#init(FilterConfig)
     */
    public void init(FilterConfig fConfig) throws ServletException {
        encoding = fConfig.getInitParameter("encoding");
        words = new String[]{"卧槽","我草","我cao","操你妈","傻逼","sb","fuck"};
    }
    /**
     * 具体过滤方法，并将非法字符替换成“***”
     */
    public String filter(String param){
        if(words!=null&&words.length>0){
            for(int i=0;iif(param.indexOf(words[i])!= -1){
                    param = param.replaceAll(words[i], "***");
                }
            }
        }
        return param;

    }

    /**
     * 一般使用ServletRequest对象获取表单提交的数据，
     * （主要通过 getParameter() 和 getParameterValues()
     * 方法获取），再此创建内部类Request,重写getParameter()
     * 和 getParameterValues()，并在重写的两个方法中实现过滤 
     */

    class Request extends HttpServletRequestWrapper{//HttpServletRequest                                                                      //Wrapper是servletRequest的实现类

        public Request(HttpServletRequest request) {
            super(request);
        }

        @Override
        public String getParameter(String name) {
            // 返回过滤后的参数值
            return filter(super.getRequest().getParameter(name));
        }

        @Override
        public String[] getParameterValues(String name) {
            // 获取所有参数值
            String[] values = super.getRequest().getParameterValues(name);
            //通过循环对所有参数进行进行过滤
            for(int i=0;ireturn values;
        }

    }

    /**
     * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
     */
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        if(encoding != null){
            request.setCharacterEncoding(encoding);
            //将request替换为重写后的request
            request = new Request((HttpServletRequest) request);
            response.setContentType("text/html; charset = "+encoding);

        }
        chain.doFilter(request, response);
    }

    /**
     * @see Filter#destroy()
     */
    public void destroy() {
        this.words = null;
        this.encoding = null;
    }
}

Filter接口中的方法和说明

方法	说明
public void init(FilterConfig filterCofig)	过滤器的初始化方法，容器调用此方法完成过滤的初始化。对每个Filter实例，此方法只调用一次
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)	当请求及响应交给过滤器时，调用此方法过滤。
public void destroy()	结束过滤器的生命周期。释放过滤器占用的资源

FilterConfig接口中的用到的方法和说明

方法	说明
public String getInitParameter(String name)	返回初始化name的值，在本例中是encoding的值

---

创建MessageServlet

用于处理index.jsp提交的文本内容，这块比较简单，撒个懒，就不详细解释了，有问题可以留言^_^

package com.wt.wordFilter;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class MessageServlet extends HttpServlet {
    private static final long serialVersionUID = 1L;

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    }

    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        String content = request.getParameter("content");
        request.setAttribute("content", content);
        request.getRequestDispatcher("index.jsp").forward(request, response);
    }

}

最后就是在web.xml中写入配置信息

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">

  <servlet>
    <servlet-name>MessageServletservlet-name>
    <servlet-class>com.wt.wordFilter.MessageServletservlet-class>
  servlet> 
  <servlet-mapping>
    <servlet-name>MessageServletservlet-name>
    <url-pattern>/MessageServleturl-pattern>
  servlet-mapping>


  <filter>
    <filter-name>WordFilterfilter-name>
    <filter-class>com.wt.wordFilter.WordFilterfilter-class>
    <init-param>
      <param-name>encodingparam-name>
      <param-value>utf-8param-value>
    init-param>
  filter>
  <filter-mapping>
    <filter-name>WordFilterfilter-name>
    <url-pattern>/*url-pattern>
  filter-mapping>
web-app>

用于结果测试的index.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>非法字符过滤测试title>
head>
<body>
<center>
<form action="MessageServlet" method="post">
内容：<input type="text"  name="content" ><br>
<input type="submit" value="提交">
form>
<hr>
------过滤后的结果显示-------<br><br><br>
<%
    String content =(String) request.getAttribute("content");
    if(content!=null&&!content.isEmpty()){
        out.println(content);
    }

%>
center>
body>
html>

最后就是运行效果了