java 过滤器(过滤客户端表单特殊字符、服务器端特殊字符、以及编码过滤)
2012-03-23 16:59
501 查看
package com.lk.test;
import java.io.CharArrayWriter;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
//定义具有缓存功能response
public class HttpCharacterResponseWrapper extends HttpServletResponseWrapper {
//定义字符数组
private CharArrayWriter cw = new CharArrayWriter();
public HttpCharacterResponseWrapper(HttpServletResponse response) {
super(response);
}
@Override
public PrintWriter getWriter() throws IOException {
return new PrintWriter(cw);
}
public CharArrayWriter getCw() {
return cw;
}
}
//Filter类
package com.lk.test;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Iterator;
import java.util.Properties;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class OutputReplaceFilter implements Filter {
private Properties pp = new Properties();
//非法词、敏感词、特殊字符、配置在初始化参数中
public void init(FilterConfig config) throws ServletException {
//配置文件位置
String file = config.getInitParameter("file");
//文件实际位置
String realPath = config.getServletContext().getRealPath(file);
try {
//加载非法词
pp.load(new FileInputStream(realPath));
} catch (IOException e) {
e.printStackTrace();
}
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest rq = (HttpServletRequest)request;
//过滤编码
if(rq.getMethod().equalsIgnoreCase("post")){
rq.setCharacterEncoding("utf-8");
}else{
Iterator its = rq.getParameterMap().values().iterator();
while(its.hasNext()){
String[] params = (String[])its.next();
int len = params.length;
for (int i = 0; i < len; i++) {
params[i] = new String(params[i].getBytes("utf-8"),"utf-8");
}
}
}
//过滤客户端提交表单中特殊字符
Iterator its = rq.getParameterMap().values().iterator();
while(its.hasNext()){
String[] params = (String[])its.next();
for (int i = 0; i < params.length; i++) {
for (Object oj :pp.keySet()) {
String key = (String)oj;
params[i] = params[i].replace(key, pp.getProperty(key));
}
}
}
//过滤服务器端的特殊字符(服务器端response输出到客户端的特殊汉字(色情、情色、赌博等))
response.setCharacterEncoding("utf-8");
HttpCharacterResponseWrapper rs = new HttpCharacterResponseWrapper((HttpServletResponse)response);
chain.doFilter(rq, rs);
//得到response输出内容
String output = rs.getCw().toString();
//遍历所有敏感词
for (Object oj :pp.keySet()) {
String key = (String)oj;
//替换敏感词
output = output.replace(key, pp.getProperty(key));
}
//通过原来的response输出内容
response.getWriter().print(output);
}
public void destroy() {
}
}
OutputReplaceFilter过滤器类在web.xml中配置
<filter>
<filter-name>OutputReplaceFilter</filter-name>
<filter-class>com.lk.test.OutputReplaceFilter</filter-class>
<init-param>
<param-name>file</param-name>
<param-value>/WEB-INF/sensitive.properties</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>OutputReplaceFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
import java.io.CharArrayWriter;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
//定义具有缓存功能response
public class HttpCharacterResponseWrapper extends HttpServletResponseWrapper {
//定义字符数组
private CharArrayWriter cw = new CharArrayWriter();
public HttpCharacterResponseWrapper(HttpServletResponse response) {
super(response);
}
@Override
public PrintWriter getWriter() throws IOException {
return new PrintWriter(cw);
}
public CharArrayWriter getCw() {
return cw;
}
}
//Filter类
package com.lk.test;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Iterator;
import java.util.Properties;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class OutputReplaceFilter implements Filter {
private Properties pp = new Properties();
//非法词、敏感词、特殊字符、配置在初始化参数中
public void init(FilterConfig config) throws ServletException {
//配置文件位置
String file = config.getInitParameter("file");
//文件实际位置
String realPath = config.getServletContext().getRealPath(file);
try {
//加载非法词
pp.load(new FileInputStream(realPath));
} catch (IOException e) {
e.printStackTrace();
}
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest rq = (HttpServletRequest)request;
//过滤编码
if(rq.getMethod().equalsIgnoreCase("post")){
rq.setCharacterEncoding("utf-8");
}else{
Iterator its = rq.getParameterMap().values().iterator();
while(its.hasNext()){
String[] params = (String[])its.next();
int len = params.length;
for (int i = 0; i < len; i++) {
params[i] = new String(params[i].getBytes("utf-8"),"utf-8");
}
}
}
//过滤客户端提交表单中特殊字符
Iterator its = rq.getParameterMap().values().iterator();
while(its.hasNext()){
String[] params = (String[])its.next();
for (int i = 0; i < params.length; i++) {
for (Object oj :pp.keySet()) {
String key = (String)oj;
params[i] = params[i].replace(key, pp.getProperty(key));
}
}
}
//过滤服务器端的特殊字符(服务器端response输出到客户端的特殊汉字(色情、情色、赌博等))
response.setCharacterEncoding("utf-8");
HttpCharacterResponseWrapper rs = new HttpCharacterResponseWrapper((HttpServletResponse)response);
chain.doFilter(rq, rs);
//得到response输出内容
String output = rs.getCw().toString();
//遍历所有敏感词
for (Object oj :pp.keySet()) {
String key = (String)oj;
//替换敏感词
output = output.replace(key, pp.getProperty(key));
}
//通过原来的response输出内容
response.getWriter().print(output);
}
public void destroy() {
}
}
OutputReplaceFilter过滤器类在web.xml中配置
<filter>
<filter-name>OutputReplaceFilter</filter-name>
<filter-class>com.lk.test.OutputReplaceFilter</filter-class>
<init-param>
<param-name>file</param-name>
<param-value>/WEB-INF/sensitive.properties</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>OutputReplaceFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
相关文章推荐
- Java获取字符的Unicode编码以及如何过滤特殊字符ZWNJ
- java 过滤掉特殊字符以及sql、shell命令
- java 过滤文本特殊字符 以及单斜杠替换成双斜杠
- Java过滤特殊字符的正则表达式
- java防SQL注入html编码入侵特殊字符转义和方法入参检测工具(Spring) ---转载
- java 过滤html特殊字符
- [系统] Solr 介绍以及 XML 中特殊字符 Unicode 编码
- java字符编码过滤器EncodingFilter
- JAVA特殊字符过滤
- PHP对表单提交特殊字符的过滤和处理(转)
- javaWed项目中用过滤器实现转码功能,敏感词汇过滤更能,处理Get和Post接收数据中的中文乱码问题以及敏感词汇的处理
- java过滤特殊字符的正则表达式
- 利用简单的过滤器 过滤特殊字符实现 防止XSS攻击
- Java过滤特殊字符的正则表达式
- Java过滤特殊字符的正则表达式
- 日期转换工具以及常用的字符,产生随机数,将java流中的编码转换为utf-8----java
- PHP对表单提交特殊字符的过滤和处理
- Grails中表单输入的特殊字符的转义,以及用到传值窗口链接的特殊字符处理
- 过滤Java中特殊字符
- java中的字节、字符、编码以及中文乱码问题