gongchangming 发表于 2013-2-3 13:26:27

非法字符过滤 HttpServletRequest

IllegalCharacterFilter.java
package *;import java.io.IOException;import java.util.Date;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletContext;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.http.HttpRequest;import *.IllegalWordUtil;public class IllegalCharacterFilter implements Filter {private ServletContext context;@Overridepublic void destroy() {// TODO Auto-generated method stub}@Overridepublic void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {   HttpServletRequest servletrequest = (HttpServletRequest) request;   HttpServletResponse servletresponse = (HttpServletResponse) response;    String param = "";   String paramValue = "";   servletresponse.setContentType("text/html");   servletresponse.setCharacterEncoding("utf-8");   servletrequest.setCharacterEncoding("utf-8");   java.util.Enumeration params = request.getParameterNames();//获取request中所有参数的名称   while (params.hasMoreElements()) {    param = (String) params.nextElement();    String[] values = servletrequest.getParameterValues(param);//获取每个参数的value       for (int i = 0; i < values.length; i++) {    System.out.println(param+"="+values);   paramValue = values;         paramValue = paramValue.replaceAll("<", "&lt");   paramValue = paramValue.replaceAll(">", "&gt");   if(IllegalWordUtil.isIllegalWord(paramValue)){   context.log("["+request.getRemoteHost()+"] url:"+((HttpRequest)request).getRequestLine());   context.log("["+param+"] value:"+paramValue);   context.log("["+new Date()+"]");   //替换非法关键字。   values = IllegalWordUtil.filterIllegalWords(paramValue);          }      }    //把转义后的参数重新放回request中    request.setAttribute(param, paramValue);   }   //继续   chain.doFilter(request, response);}@Overridepublic void init(FilterConfig config) throws ServletException {context = config.getServletContext();}}

IllegalWordUtil.java
package *;import java.io.IOException;import java.util.Properties;import java.util.regex.Matcher;import java.util.regex.Pattern;import org.slf4j.Logger;import org.slf4j.LoggerFactory;public class IllegalWordUtil{protected static final Logger logger = LoggerFactory.getLogger(IllegalWordUtil.class);private final static String pattern;private final static String replacement;private final static String illegalWords;private final static String illegalWordRegx;private static Pattern patterns = null;static{Properties properties = new Properties();try{properties.load(IllegalWordUtil.class.getResourceAsStream("/illegal.keywords.properties"));}catch(IOException ioe){ioe.printStackTrace();logger.error("Cound not load illegal.keywords.properties");throw new RuntimeException("Cound not load illegal.keywords.properties");}illegalWords = properties.getProperty("words", "");pattern = properties.getProperty("pattern", ",");replacement = properties.getProperty("replacerex", "***");;illegalWordRegx = "(" + illegalWords.trim().replaceAll(pattern, "|") + ")";patterns = Pattern.compile(new String(illegalWordRegx.toString()));}public static String filterIllegalWords(String sentence) {Matcher m = patterns.matcher(sentence);return m.replaceAll(replacement);}public static boolean isIllegalWord(String word) {Matcher m = patterns.matcher(word);return m.find(0);}}

web.xml
<filter><filter-name>IllegalCharacterFilter</filter-name><filter-class>desirelist.web.servlet.IllegalCharacterFilter</filter-class></filter><filter-mapping>    <filter-name>UrlRewriteFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
页: [1]
查看完整版本: 非法字符过滤 HttpServletRequest