package com.hjzx.goldShopV2.filter;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.lang.StringEscapeUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.ContextLoader;
import com.hjzx.framework.mybatis.Criteria;
import com.hjzx.system.model.SysSensitive;
import com.hjzx.system.service.ISysSensitiveService;
/**
*
* @author xiongyc
*
*/
public class GetHttpServletRequestWrapper extends HttpServletRequestWrapper {
@SuppressWarnings("unused")
private String charset = "UTF-8";
protected final Logger log = LoggerFactory.getLogger(getClass());
public GetHttpServletRequestWrapper(HttpServletRequest request) {
super(request);
}
/**
* 获得被装饰对象的引用和采用的字符编码
*
* @param request
* @param charset
*/
public GetHttpServletRequestWrapper(HttpServletRequest request,
String charset) {
super(request);
this.charset = charset;
}
/**
* 重写getParameter方法获得参数,对特殊字符进行过滤
*/
public String getParameter(String name) {
String value = super.getParameter(name);
value = value == null ? null : convert(value);
return value;
}
/**
* 重写getParameterValues方法获得参数,对特殊字符进行过滤
*/
public String[] getParameterValues(String name){
String[] values = super.getParameterValues(name);
if(values!=null && values.length>0){
values[0] = values[0] == null ? null : convert(values[0]);
}
return values;
}
/**
* 过滤规则
* @param target
* @return
*/
public String convert(String target) {
// target = StringEscapeUtils.escapeHtml(target);
// target = StringEscapeUtils.escapeJavaScript(target);
// target = StringEscapeUtils.escapeSql(target);
// target = target.replace("&", "&");
target = target.replace(";", "*");
target = target.replace("(", "*");
target = target.replace(")", "*");
target = target.replace("、", "*");
target = target.replace("<", "<");
target = target.replace(">", ">");
target = target.replace("'", "'");
// target = target.replace("\"", """);
// target = target.replace("alert", "a lert");
// target = target.replace("script", "s cript");
// target = target.replace("document", "d ocument");
// target = target.replace("cookie", "c ookie");
ApplicationContext ac = ContextLoader.getCurrentWebApplicationContext();
ISysSensitiveService sysSensitiveService = (ISysSensitiveService)ac.getBean("sysSensitiveService");
if(target != null){
//查询敏感字库
List<Map<String, Object>> list= sysSensitiveService.queryPage(new Criteria<SysSensitive>());
for (int i = 0; i < list.size(); i++) {
String sensitive = (String)list.get(i).get("sensitiveWords");
//替换敏感词汇
if(target.indexOf(sensitive)>-1){
log.info("Filter request parameters begin " + target);
target = target.replace(sensitive, "***");
log.info("Filter request parameters after" + target);
}
}
}
return target;
}
}
filter对request请求拦截,对请求参数进行修改
最新推荐文章于 2024-08-16 09:52:37 发布