Spring Filter过滤表单中的非法字符
Posted liuyb
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Spring Filter过滤表单中的非法字符相关的知识,希望对你有一定的参考价值。
使用Spring Filter过滤表单中的非法字符
1 package test; 2 3 import java.io.IOException; 4 import java.util.Iterator; 5 import java.util.Map; 6 7 import javax.servlet.FilterChain; 8 import javax.servlet.ServletException; 9 import javax.servlet.http.HttpServletRequest; 10 import javax.servlet.http.HttpServletRequestWrapper; 11 import javax.servlet.http.HttpServletResponse; 12 13 import org.springframework.beans.BeanWrapper; 14 import org.springframework.beans.BeansException; 15 import org.springframework.web.filter.OncePerRequestFilter; 16 import org.springframework.web.multipart.MultipartHttpServletRequest; 17 import org.springframework.web.multipart.commons.CommonsMultipartResolver; 18 19 /** 20 * 使用Spring过滤器来过滤请求中的非法字符<br> 21 * 如果请求被重定向,则在被重定向的控制器方法执行前此过滤器也会执行 22 * @author admin 23 * 24 */ 25 public class CharacterFilter extends OncePerRequestFilter 26 27 // 如果使用CommonsMultipartResolver处理文件上传,并且表单类型为multipart/form-data 28 // 则此处需使用CommonsMultipartResolver,其参数设置应与配置文件中保持一致 29 private CommonsMultipartResolver multipartResolver = null; 30 31 /** 32 * 过滤器加载时,initBeanWrapper(BeanWrapper)方法会在initFilterBean()方法之前加载<br> 33 * 可以通过super.getFilterConfig().getInitParameter("param1")方法获取在web.xml中配置的init-param参数 34 */ 35 @Override 36 protected void initBeanWrapper(BeanWrapper bw) throws BeansException 37 String param1 = super.getFilterConfig().getInitParameter("param1"); 38 System.out.println("param1:" + param1); 39 40 super.initBeanWrapper(bw); 41 42 43 @Override 44 protected void initFilterBean() throws ServletException 45 multipartResolver = new CommonsMultipartResolver(); 46 multipartResolver.setMaxInMemorySize(104857600); 47 multipartResolver.setDefaultEncoding("utf-8"); 48 49 super.initFilterBean(); 50 51 52 @Override 53 protected void doFilterInternal(HttpServletRequest request, 54 HttpServletResponse response, FilterChain filterChain) 55 throws ServletException, IOException 56 //此处可通过配置参数判断是否需要过滤 .. 57 58 HttpServletRequest httpRequest = (HttpServletRequest)request; 59 if(httpRequest.getContentType().toLowerCase().contains("multipart/form-data")) 60 MultipartHttpServletRequest resolveMultipart = multipartResolver.resolveMultipart(httpRequest); 61 filterChain.doFilter(new CharacterFilterRequestWrapper(resolveMultipart), response); 62 else 63 filterChain.doFilter(new CharacterFilterRequestWrapper(httpRequest), response); 64 65 66 67 68 class CharacterFilterRequestWrapper extends HttpServletRequestWrapper 69 70 public CharacterFilterRequestWrapper(HttpServletRequest request) 71 super(request); 72 73 74 @Override 75 public String getParameter(String name) 76 return filterString(super.getParameter(name)); 77 78 79 @Override 80 public String[] getParameterValues(String name) 81 return filterString(super.getParameterValues(name)); 82 83 84 @Override 85 public Map<String, String> getParameterMap() 86 Map<String, String> map = super.getParameterMap(); 87 if(map == null) 88 return null; 89 90 91 Iterator<String> it = map.keySet().iterator(); 92 while(it.hasNext()) 93 String param = it.next(); 94 String value = map.get(param); 95 map.put(param, filterString(value)); 96 97 98 return map; 99 100 101 private String filterString(String value) 102 if(value == null) 103 return null; 104 105 106 value = value.replaceAll("\r\n", ""); 107 value = value.replaceAll("\t", " "); 108 value = value.replaceAll(">", ">"); 109 value = value.replaceAll("<", "<"); 110 value = value.replaceAll("\"", """); 111 112 return value; 113 114 115 private String[] filterString(String[] values) 116 if(values == null) 117 return null; 118 119 120 for (int i = 0; i < values.length; i++) 121 values[i] = filterString(values[i]); 122 123 124 return values; 125 126 127 128 129
以上是关于Spring Filter过滤表单中的非法字符的主要内容,如果未能解决你的问题,请参考以下文章