使用Filter 过滤 敏感文字
在src文件下新建过滤器文件filter,新建java文件,我取名Filter。
要导的包
package Filter;
import util.MyRequest2;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import java.io.*;
import java.util.Properties;
import java.util.Set;
第二步
配置xml文件或者注解
配置xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
version="4.0">
<filter>
<filter-name>AFilter</filter-name>
<filter-class>filter.AFilter</filter-class>
</filter>
<filter>
<filter-name>BFilter</filter-name>
<filter-class>filter.BFilter</filter-class>
</filter>
<!--这里BFilter在AFilter之前-->
<filter-mapping>
<filter-name>BFilter</filter-name>
<url-pattern>/filter.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>AFilter</filter-name>
<url-pattern>/filter.jsp</url-pattern>
</filter-mapping>
常用配置项
urlPatterns
配置要拦截的资源
- 以指定资源匹配。例如
"/index.jsp"
- 以目录匹配。例如
"/servlet/*"
- 以后缀名匹配,例如
"*.jsp"
- 通配符,拦截所有web资源。
"/*"
initParams
配置初始化参数,跟Servlet配置一样
因为注解比配置xml文件方便我选择注解
@WebFilter("/*")
——————
@WebFilter(filterName = "CharsetFilter",
urlPatterns = "/*",/*通配符(*)表示对所有的web资源进行拦截*/
initParams = {
@WebInitParam(name = "charset", value = "utf-8")/*这里可以放一些初始化的参数*/
})
这里我是选择把这个项目中所有敏感字符过滤掉(/*表示项目中所有路径)
如果是指定路径的话把/*改为/指定的路径
第三步
实现Filter接口
这里一定要配置Tomcat 因为是过滤jsp页面字符,要通过servlet请求
public class Char2Filter implements Filter{
}
实现里面的方法
/*初始化方法 接收一个FilterConfig类型的参数 该参数是对Filter的一些配置*/
public void init(FilterConfig filterConfig) {
}
/*过滤方法 主要是对request和response进行一些处理,然后交给下一个过滤器或Servlet处理*/
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain){
}
/*销毁时调用*/
public void destroy() {
}
实现代码
package Filter;
import util.MyRequest2;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import java.io.*;
import java.util.Properties;
import java.util.Set;
@WebFilter("/*")
public class Char2Filter implements Filter {
//private List<String> list=new ArrayList<>();
private Properties p = new Properties();
@Override
public void init(FilterConfig filterConfig) throws ServletException {
//获得敏感字符所在的properties文件
InputStream stream = filterConfig.getServletContext().getResourceAsStream("/WEB-INF/str.properties");
InputStreamReader is=null;
BufferedReader reader=null;
try {
is=new InputStreamReader(stream,"utf-8");
reader = new BufferedReader(is);
String txt="";
while ((txt=reader.readLine())!=null){
list.add(txt);
}
}catch (Exception e){
e.printStackTrace();
}finally {
try {
reader.close();
is.close();
stream.close();
}catch (Exception e){
e.printStackTrace();
}
}
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)servletRequest;
request.setCharacterEncoding("utf-8");
servletResponse.setContentType("text/html;charset=utf-8");
//新建一个java类用来接收页面传过来值并进行修改
MyRequest myRequest=new MyRequest(request,p);
filterChain.doFilter(myRequest2,servletResponse);
}
@Override
public void destroy() {
}
}
在上面我新建了一个MyRequest.java 这是用来接收页面传过来值并进行修改的
他继承HttpServletRequestWrappe类
这个MyRequest.java把从Servlet传过来的参数进行替换
原理是获得从页面上的参数用的是getParameter()方法
只要重写这个方法在传参过程中把其中的敏感字符进行过滤把字符替换成*好
package util;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.util.ArrayList;
import java.util.List;
public class MyRequest extends HttpServletRequestWrapper {
/*private HttpServletRequest httpServletRequest;
private List<String> list = new ArrayList<>();
public MyRequest(HttpServletRequest request,List list) {
super(request);
httpServletRequest = request;
this.list = list;
}
public String getParameter(String name){
String txt = httpServletRequest.getParameter(name);
if(txt!=null&&txt.isEmpty()){
for(int i=0;i<list.size();i++){
if (txt.indexOf(list.get(i))!=-1){
int cd=txt.length();
String x="";
for(int j=0;j<cd;j++){
x+="*";
}
txt=txt.replaceAll(list.get(i),x);
}
}
}
return txt;
}*/
private HttpServletRequest httpServletRequest;
private List<String> list = new ArrayList<>();
public MyRequest(HttpServletRequest request,List list) {
super(request);
httpServletRequest = request;
this.list = list;
}
@Override
public String getParameter(String name) {
String txt = httpServletRequest.getParameter(name);
//
if(txt!=null&&!txt.isEmpty()){
for (int i=0;i<list.size();i++){
if(txt.indexOf(list.get(i))!=-1){
//txt = txt.replaceAll(list.get(i),"***");
int cd=txt.length();
String x="";
for(int j=0;j<cd;j++){
x+="*";
}
txt=txt.replaceAll(list.get(i),x);
}
}
}
return txt;
}
}
这就是过滤器过滤敏感字符的全部内容了