Struts2拦截器的使用2

在学习了《Struts2拦截器的使用1》教程之后，根据项目需要，做了一个拦截器，目的是将前端传入的参数中的非法字符做转化，以防止JS注入。另外：拦截器的配置就不说明了，不懂请参考《Struts2拦截器的使用1》，拦截器代码如下：

package com.***.interceptors;


import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;


import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import com.opensymphony.xwork2.util.ValueStack;
import com.***.utils.StringUtil;


public class IllegalCharacterInterceptor extends AbstractInterceptor   
{      
@Override  
public String intercept(ActionInvocation invocation) throws Exception   
{    
ActionContext ac = invocation.getInvocationContext();   
ValueStack stack = ac.getValueStack();


Map valueTreeMap=invocation.getInvocationContext().getParameters();
//下面开始遍历组装
Iterator iterator = valueTreeMap.entrySet().iterator();


while (iterator.hasNext()) {
Entry entry = (Entry) iterator.next();
String key = (String) entry.getKey();      


String[] oldValues =null;
if (entry.getValue() instanceof String)
{
oldValues=new String[]{entry.getValue().toString()};
}else
{
oldValues=(String[]) entry.getValue();
}


String newValueStr = null;//新值
if (oldValues.length > 1) {
newValueStr = "{";
for (int i = 0; i < oldValues.length; i++) {
newValueStr += StringUtil.filtrateString(oldValues[i].toString());//字符转义处理
if (i != oldValues.length - 1) {
newValueStr += ",";
}
}
newValueStr += "}";
} else if (oldValues.length == 1) {
newValueStr = StringUtil.filtrateString(oldValues[0].toString());//字符转义处理
} else {
newValueStr = "null";
}


stack.setValue(key, newValueStr);


}

String result=null;
try {
result = invocation.invoke();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}  


return result;
}  


}  

非法字符处理工具类：

package com.***.utils;


/**
 * 过滤字符串特殊字符
 *
 */
public class StringUtil {
/**
* 过滤特殊字符
* @param content 要过滤的内容
* @return
*/
public static String filtrateString(String content) {
if (content == null || "".equals(content.trim())) {
return content;
}
//content = content.replaceAll("&", "&amp;");
content = content.replaceAll("<", "&lt;");
content = content.replaceAll(">", "&gt;");
content = content.replaceAll("\t", "    ");
content = content.replaceAll("\r\n", "\n");
content = content.replaceAll("\n", "<br/>");
content = content.replaceAll("'", "&#39;");
                content = content.replaceAll("\\\\", "&#92;");
                content = content.replaceAll("\"", "&quot;");
return content;
}

/**
* 特殊字符转文本
* @param content 要转换的内容
* @return
*/
public static String reverseString(String content) {
if (content == null || "".equals(content.trim())) {
return content;
}
//content = content.replaceAll("&amp;", "&");
content = content.replaceAll("&lt;", "<");
content = content.replaceAll("&gt;", ">");
content = content.replaceAll("    ", "\t");
content = content.replaceAll("\n", "\r\n");
content = content.replaceAll("<br/>", "\n");
content = content.replaceAll("&#39;", "'");
               content = content.replaceAll("&#92;", "\\\\");
               content = content.replaceAll("＜", "<");
               content = content.replaceAll("＞", ">");       
                content = content.replaceAll("＂", "\"");
return content;
}

/**
* 判断字符串是否为数字
* @param str
* @return
*/
public static boolean isNumeric(String str) {
for (int i = 0; i<str.length();i++) {
if (!Character.isDigit(str.charAt(i))) {
return false;
}
}
return true;
}
/**
* 替换特殊字符串
* @Title: ResplaceString
* @param @param content
* @param @return    
* @return String    
* @throws
*/
    public static String ResplaceString(String content) {
        if (content == null || "".equals(content.trim())) {
            return content;
        }
        content = content.replaceAll("<", "＜");
        content = content.replaceAll(">", "＞");
       // content = content.replaceAll("/", "／");
        content = content.replaceAll("\"", "＂");
        return content;
    }

}