java防止页面脚本注入 特殊字符过滤器

Step1:自定义封装request

package

com.tsou.comm.servlet;

import

java.util.Enumeration;

import

java.util.Map;

import

java.util.Vector;

import

javax.servlet.http.HttpServletRequest;

import

javax.servlet.http.HttpServletRequestWrapper;

/**

*

*
<pclass="detail">

*
功能：封装的请求处理特殊字符

*
</p>

*
@ClassName:TsRequest

*
@versionV1.0

*
@date2014年9月25日

*
@authorwangsheng

*/

public

class

TsRequest

extends

HttpServletRequestWrapper
{

private

Map
params;

public

TsRequest(HttpServletRequest
request,MapnewParams){

super

(request);

this

.params
=newParams;

}

public

Map
getParameterMap(){

return

params
;

}

public

Enumeration
getParameterNames(){

Vector
l=

new

Vector(
params.keySet());

return

l.elements();

}

public

String[]
getParameterValues(Stringname){

Object
v=params.get(name);

if

(v
==

null

)
{

return

null

;

}

else

if

(v

instanceof

String[])
{

String[]
value=(String[])v;

for

(

int

i
=

0

;
i<value.length;i++){

value[i]
=value[i].replaceAll(

"<"

,

"<"

);

value[i]
=value[i].replaceAll(

">"

,

">"

);

}

return

(String[])
value;

}

else

if

(v

instanceof

String)
{

String
value=(String)v;

value
=value.replaceAll(

"<"

,

"<"

);

value
=value.replaceAll(

">"

,

">"

);

return

new

String[]
{(String)value};

}

else

{

return

new

String[]
{v.toString()};

}

}

public

String
getParameter(Stringname){

Object
v=params.get(name);

if

(v
==

null

)
{

return

null

;

}

else

if

(v

instanceof

String[])
{

String[]
strArr=(String[])v;

if

(strArr.length
>

0

)
{

String
value=strArr[

0

];

value
=value.replaceAll(

"<"

,

"<"

);

value
=value.replaceAll(

"<"

,

">"

);

return

value;

}

else

{

return

null

;

}

}

else

if

(v

instanceof

String)
{

String
value=(String)v;

value
=value.replaceAll(

"<"

,

"<"

);

value
=value.replaceAll(

">"

,

">"

);

return

(String)
value;

}

else

{

return

v.toString();

}

}

}

Step2:设置过滤器

package

com.tsou.comm.filter;

import

java.io.IOException;

import

javax.servlet.Filter;

import

javax.servlet.FilterChain;

import

javax.servlet.FilterConfig;

import

javax.servlet.ServletException;

import

javax.servlet.ServletRequest;

import

javax.servlet.ServletResponse;

import

javax.servlet.http.HttpServletRequest;

import

com.tsou.comm.servlet.TsRequest;

/**

*

*
<pclass="detail">

*
功能：特殊字符过滤器

*
</p>

*
@ClassName:CharacterFilter

*
@versionV1.0

*
@date2014年9月25日

*
@authorwangsheng

*/

public

class

CharacterFilter

implements

Filter{

@Override

public

void

destroy()
{

}

@Override

public

void

doFilter(ServletRequest
req,ServletResponseres,

FilterChain
chain)

throws

IOException,
ServletException{

HttpServletRequest
request=(HttpServletRequest)req;

TsRequest
wrapRequest=

new

TsRequest(request,request.getParameterMap());

chain.doFilter(wrapRequest,
res);

}

@Override

public

void

init(FilterConfig
arg0)

throws

ServletException
{

}

}

Step3:拦截URL

<filter>

<filter-name>
characterFilter</filter-name>

<filter-

class

>
com.tsou.comm.filter.CharacterFilter</filter-

class

>

</filter>

<filter-mapping>

<filter-name>
characterFilter</filter-name>

<url-pattern>
/*</url-pattern>

</filter-mapping>