Java 使用过滤器过滤非法字符
package com.iapppay.wap.common;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.iapppay.wap.control.LoginControl;
/**
* Servlet Filter implementation class CharFilter
*/
@WebFilter("/CharFilter")
public class CharFilter implements Filter {
private String[] characterParams = null;
private boolean OK = true;
private static Logger logger = LoggerFactory.getLogger(LoginControl.class);
/**
* Default constructor.
*/
public CharFilter() {
// TODO Auto-generated constructor stub
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// TODO Auto-generated method stub
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest servletrequest = (HttpServletRequest) request;
HttpServletResponse servletresponse = (HttpServletResponse) response;
boolean status = false;
java.util.Enumeration params = request.getParameterNames();
String param = "";
String paramValue = "";
servletresponse.setContentType("text/html");
servletresponse.setCharacterEncoding("utf-8");
while (params.hasMoreElements()) {
param = (String) params.nextElement();
String[] values = request.getParameterValues(param);
paramValue = "";
if (OK) {// 过滤字符串为0个时 不对字符过滤
for (int i = 0; i < values.length; i++)
paramValue = paramValue + values[i];
for (int i = 0; i < characterParams.length; i++)
if (paramValue.indexOf(characterParams[i]) >= 0) {
status = true;
break;
}
if (status)
break;
}
}
// System.out.println(param+"="+paramValue+";");
if (status) {
logger.warn("输入的值不合法:"+paramValue);
StringBuffer url = servletrequest.getRequestURL();
servletresponse.sendRedirect(servletrequest.getContextPath()+"/v/login/illegalchar?url="+url.toString());
} else
chain.doFilter(request, response);
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(FilterConfig fConfig) throws ServletException {
String str=fConfig.getInitParameter("characterParams");
if(str==null||"".equals(str)){
OK = false;
}else{
this.characterParams = fConfig.getInitParameter("characterParams").split(",");
}
}
}
WEB.XML
<filter>
<filter-name>charFilter</filter-name>
<filter-class>com.iapppay.wap.common.CharFilter</filter-class>
<init-param>
<param-name>characterParams</param-name>
<param-value>|,&,;,$,%,',",\',\",\,<,>,(,),+,CR,LF,BS</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>charFilter</filter-name>
<url-pattern>/v/*</url-pattern>
</filter-mapping>
浙公网安备 33010602011771号