struts敏感字符过滤器(支持同一个key数组形式)

  |   0 评论   |   2,300 浏览

    public class ParamsFilter implements Filter {
    /** 敏感字符 */
    String regEx=“(SELECT|select)”;

    /** 替换字符串 */
String replaceStr = "**";

@Override
public void destroy() {
    // TODO Auto-generated method stub

}

@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1,
        FilterChain chain) throws IOException, ServletException {
    // TODO Auto-generated method stub
    Pattern p = Pattern.compile(regEx);
    HttpServletRequest request = (HttpServletRequest) arg0;
    HashMap paramterMap = new HashMap(request.getParameterMap());

    /** 过滤敏感字符 */
    Enumeration enu = request.getParameterNames();  
    while(enu.hasMoreElements()){  
        String paraName = (String)enu.nextElement();  
        if(paramterMap.get(paraName) != null){
            try {
                String vs[] = (String[]) paramterMap.get(paraName);
                for(int i = 0;i < vs.length ; i++){
                    String v = vs[i];
                    if(v != null ) v =  v.toLowerCase();
                    Matcher m = p.matcher(v);
                    v = m.replaceAll(replaceStr).trim();
                    vs[i] = v;
                }
                paramterMap.put(paraName, vs);
            } catch (Exception e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
        }

    } 
    ParameterRequestWrapper wrapRequest=new ParameterRequestWrapper(request , paramterMap);
    chain.doFilter(wrapRequest, arg1);
}

@Override
public void init(FilterConfig arg0) throws ServletException {
    // TODO Auto-generated method stub

}

    }

    public class ParameterRequestWrapper extends HttpServletRequestWrapper {
    private Map params;

    public ParameterRequestWrapper(HttpServletRequest request, Map newParams) {
    super(request);
    this.params = newParams;
    // TODO Auto-generated constructor stub
}

public Map getParameterMap() {
    return params;
}

public Enumeration getParameterNames() {
    Vector l = new Vector(params.keySet());
    return l.elements();
}

public String[] getParameterValues(String name) {
    Object v = params.get(name);
    if (v == null) {
        return null;
    } else if (v instanceof String[]) {
        return (String[]) v;
    } else if (v instanceof String) {
        return new String[] { (String) v };
    } else {
        return new String[] { v.toString() };
    }
}

public String getParameter(String name) {
    Object v = params.get(name);
    if (v == null) {
        return null;
    } else if (v instanceof String[]) {
        String[] strArr = (String[]) v;
        if (strArr.length > 0) {
            return strArr[0];
        } else {
            return null;
        }
    } else if (v instanceof String) {
        return (String) v;
    } else {
        return v.toString();
    }
}

    }

    web.xml

    ParamsFilter
    com.filter.ParamsFilter

    评论

    发表评论

    validate