1.重写HttpServletRequest子类
package com.zh.charFilter;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
public class CharRequestWrapper extends HttpServletRequestWrapper{
private Map<String,String> escapeMap=null;
public CharRequestWrapper(HttpServletRequest request) {
super(request);
// TODO Auto-generated constructor stub
}
//重新写了这个构造方法
public CharRequestWrapper(HttpServletRequest arg0,Map<String,String> escapeMap) {
super(arg0);
this.escapeMap=escapeMap;
// TODO Auto-generated constructor stub
}
public String getParameter(String name){
//System.out.println("CharRequestWrapper getParmeter");
return this.doEscape(this.getRequest().getParameter(name));
}
//把收到的 parmeter 中的一些字符 替换
//Map("要替换的","被替换的") 例: Map("<","<");
private String doEscape(String parmeter){
if(parmeter==null){
return null;
}
String result=parmeter;
Iterator<String> iterator=escapeMap.keySet().iterator();
while(iterator.hasNext()){
String origin=iterator.next();
String escape=escapeMap.get(origin);
result=result.replaceAll(origin, escape);
}
return result;
}
}
2.使用过滤器
package com.zh.charFilter;
import java.io.*;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
public class CharFilter implements Filter{
private Map<String,String> escapeMap=null;
public void doFilter(ServletRequest arg0, ServletResponse arg1,
FilterChain arg2) throws IOException, ServletException {
// TODO Auto-generated method stub
HttpServletRequest httpServletWrapper=new CharRequestWrapper((HttpServletRequest)arg0,escapeMap);
//System.out.println("getParameter="+httpServletWrapper.getParameter("<input>"));
arg2.doFilter(httpServletWrapper, arg1);
}
//将要替换的渗格式 写入Map中
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
BufferedReader bufferedReader=null;
try {
bufferedReader=new BufferedReader(new FileReader(arg0.getServletContext().getRealPath("/MyFile/charFiter.txt")));
String input=null;
escapeMap=new HashMap<String,String>();
while( (input = bufferedReader.readLine()) != null){
String[] tokens=input.split("\t");
escapeMap.put(tokens[0], tokens[1]);
}
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}finally{
try {
bufferedReader.close();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
public void destroy() {
// TODO Auto-generated method stub
}
}
3. 过滤的servlet view
package com.zh.charFilter;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class CharServlet extends HttpServlet{
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
out.println("<form action='/MyFilter/CharServlet2' method='get'>");
out.println("<textarea rows='3' name='textarea' cols='30'>");
out.println("</textarea>");
out.println("<input type='submit'/>");
out.println("</form>");
out.close();
}
/**
* The doPost method of the servlet. <br>
*
* This method is called when a form has its tag value method equals to post.
*
* @param request the request send by the client to the server
* @param response the response send by the server to the client
* @throws ServletException if an error occurred
* @throws IOException if an error occurred
*/
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.close();
}
}
4. 过滤的结果
package com.zh.charFilter;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class CharServlet2 extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("<h1>ni hao</h1>");
String s=request.getParameter("textarea");
//System.out.println(s);
out.println(s);
out.close();
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out
.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">");
out.println("<HTML>");
out.println(" <HEAD><TITLE>A Servlet</TITLE></HEAD>");
out.println(" <BODY>");
out.print(" This is ");
out.print(this.getClass());
out.println(", using the POST method");
out.println(" </BODY>");
out.println("</HTML>");
out.flush();
out.close();
}
}
5. 要过滤的字符 和 文件
< <
> >
charFiter.txt
6.设置web.xml
<filter>
<filter-name>CharFilter</filter-name>
<filter-class>com.zh.charFilter.CharFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CharFilter</filter-name>
<url-pattern>/CharServlet2</url-pattern>
</filter-mapping>
浙公网安备 33010602011771号