六狼论坛

 找回密码
 立即注册

QQ登录

只需一步,快速开始

新浪微博账号登陆

只需一步,快速开始

搜索
查看: 26|回复: 0

java写的一个防注入的filter

[复制链接]

升级  46.67%

32

主题

32

主题

32

主题

秀才

Rank: 2

积分
120
 楼主| 发表于 2013-2-3 14:20:01 | 显示全部楼层 |阅读模式
1.首先编写一个PreventIntoScriptFilter.java,代码如下
package com.questionnaire.common.filter;

import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

public class PreventIntoScriptFilter implements Filter {

private static Log log = LogFactory.getLog(PreventIntoScriptFilter.class);

@Override
public void destroy() {

}

@SuppressWarnings("deprecation")
@Override
public void doFilter(ServletRequest servletRequest,
ServletResponse servletResponse, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
try {
String s = request.getQueryString();
if (s != null) {
// System.out.println("+++++++++++++++++++++++" + s);
Pattern pattern = Pattern
.compile("(?i)[|;$@'\"<>()+,\\\\#]|%7C|%3B|%24|%40|%27|%22|%3C|%3E|%28|%29|%2B|%2C|%5C|%23");
Matcher matcher = pattern.matcher(s);
if (matcher.find()) {
String s3 = s
.replaceAll(
"(?i)[|;$@'\"<>()+,\\\\#]|%7C|%3B|%24|%40|%27|%22|%3C|%3E|%28|%29|%2B|%2C|%5C|%23",
"%20");
// System.out.println("+++++++++++++++++++++++" + s3);
response.sendRedirect(request.getRequestURL() + "?" + s3);
}
}
} catch (Exception e) {
log.error("PreventIntoScriptFilter 出错了:" + e);
}
chain.doFilter(request, response);
}

@Override
public void init(FilterConfig filterConfig) throws ServletException {

}

}
2.在web.xml中添加如下配置即可
<filter>
<filter-name>preventIntoScriptFilter</filter-name>
<filter-class>com.questionnaire.common.filter.PreventIntoScriptFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>preventIntoScriptFilter</filter-name>
<url-pattern>*.view</url-pattern>
</filter-mapping>
您需要登录后才可以回帖 登录 | 立即注册 新浪微博账号登陆

本版积分规则

快速回复 返回顶部 返回列表