非法字符过滤 HttpServletRequest
IllegalCharacterFilter.javapackage *;import java.io.IOException;import java.util.Date;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletContext;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.http.HttpRequest;import *.IllegalWordUtil;public class IllegalCharacterFilter implements Filter {private ServletContext context;@Overridepublic void destroy() {// TODO Auto-generated method stub}@Overridepublic void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest servletrequest = (HttpServletRequest) request; HttpServletResponse servletresponse = (HttpServletResponse) response; String param = ""; String paramValue = ""; servletresponse.setContentType("text/html"); servletresponse.setCharacterEncoding("utf-8"); servletrequest.setCharacterEncoding("utf-8"); java.util.Enumeration params = request.getParameterNames();//获取request中所有参数的名称 while (params.hasMoreElements()) { param = (String) params.nextElement(); String[] values = servletrequest.getParameterValues(param);//获取每个参数的value for (int i = 0; i < values.length; i++) { System.out.println(param+"="+values); paramValue = values; paramValue = paramValue.replaceAll("<", "&lt"); paramValue = paramValue.replaceAll(">", "&gt"); if(IllegalWordUtil.isIllegalWord(paramValue)){ context.log("["+request.getRemoteHost()+"] url:"+((HttpRequest)request).getRequestLine()); context.log("["+param+"] value:"+paramValue); context.log("["+new Date()+"]"); //替换非法关键字。 values = IllegalWordUtil.filterIllegalWords(paramValue); } } //把转义后的参数重新放回request中 request.setAttribute(param, paramValue); } //继续 chain.doFilter(request, response);}@Overridepublic void init(FilterConfig config) throws ServletException {context = config.getServletContext();}}
IllegalWordUtil.java
package *;import java.io.IOException;import java.util.Properties;import java.util.regex.Matcher;import java.util.regex.Pattern;import org.slf4j.Logger;import org.slf4j.LoggerFactory;public class IllegalWordUtil{protected static final Logger logger = LoggerFactory.getLogger(IllegalWordUtil.class);private final static String pattern;private final static String replacement;private final static String illegalWords;private final static String illegalWordRegx;private static Pattern patterns = null;static{Properties properties = new Properties();try{properties.load(IllegalWordUtil.class.getResourceAsStream("/illegal.keywords.properties"));}catch(IOException ioe){ioe.printStackTrace();logger.error("Cound not load illegal.keywords.properties");throw new RuntimeException("Cound not load illegal.keywords.properties");}illegalWords = properties.getProperty("words", "");pattern = properties.getProperty("pattern", ",");replacement = properties.getProperty("replacerex", "***");;illegalWordRegx = "(" + illegalWords.trim().replaceAll(pattern, "|") + ")";patterns = Pattern.compile(new String(illegalWordRegx.toString()));}public static String filterIllegalWords(String sentence) {Matcher m = patterns.matcher(sentence);return m.replaceAll(replacement);}public static boolean isIllegalWord(String word) {Matcher m = patterns.matcher(word);return m.find(0);}}
web.xml
<filter><filter-name>IllegalCharacterFilter</filter-name><filter-class>desirelist.web.servlet.IllegalCharacterFilter</filter-class></filter><filter-mapping> <filter-name>UrlRewriteFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>
页:
[1]