问题描述:
所有post方式提交的数据都需要对上传文件的类型和表单值关键字做过滤,所以写了一个过滤器,过滤普通的表单没有问题,但是当form中有enctype="multipart/form-data" 的时候,就出现问题了。 从网上查了N多资料,说是二进制什么的只能获取一次,但是chain.doFilter(request, response)之后 在Action中 确拿不到表单提交过来的值了(不加过滤器之前是可以正常获取到值的)。求高手帮助:这个过滤器该怎么写?
过滤器主要代码:
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)(servletRequest);
HttpServletResponse response = (HttpServletResponse)(servletResponse);
String method = request.getMethod();
String errMsg = "";
// 判断enctype属性是否为multipart/form-data
boolean isMultipart = false;
isMultipart = ServletFileUpload.isMultipartContent(request);
if("post".equals(method.toLowerCase())){
System.out.println("AttackAndFileUpFilter----------------过滤---------" + isMultipart + "---");
boolean checkFlag = true;
if(isMultipart){ //为上传文件类请求
//List<Object> list = new ArrayList<Object>(); list.s
System.out.println("处理了文件上传的请求-----------------------------------");
DiskFileItemFactory factory = new DiskFileItemFactory();
ServletFileUpload upload = new ServletFileUpload(factory);
try {
List<?> items = upload.parseRequest(request);
Iterator iter = items.iterator();
while (iter.hasNext()) {
FileItem item = (FileItem) iter.next();
if (item.isFormField()) { //表单的先不做
//如果是普通表单字段
String name = item.getFieldName();
String value = item.getString(); //获取值
System.out.println("文件表单---普通字段----"+name+"---value: " + value);
/* if(value!=null&&"".equals(value)){
checkFlag = checkFilter(this.filterContent,value);
}
if(!checkFlag){
errMsg="提交表单内容错误,表单内容不能包含以下关键字:"+this.filterContent;
break;
}*/
} else {
//如果是文件字段
//String fieldName = item.getFieldName();
String fileName = item.getName(); //获取文件名
//String contentType = item.getContentType();
System.out.println("文件表单---文件字段----文件名: " + fileName);
if(fileName!=null&&!"".equals(fileName)){
System.out.println(fileName+"========" + fileName.split("\\.").length);
String fileSuffix = fileName.split("\\.")[fileName.split("\\.").length - 1];
checkFlag = checkFilter(this.filterContent,fileSuffix);
System.out.println("check result: "+checkFlag);
}
if(!checkFlag){
errMsg="上传的文件类型存在异常,不能含有以下文件类型:"+this.fileSuffixes;
break;
}
}
}
if(!checkFlag){
response.sendRedirect(errPage+"?errInfo=" + errMsg);
}else{
chain.doFilter(request, response);
}
} catch (Exception e) {
System.out.println("出现错误:" + e.getMessage());
e.printStackTrace();
}
}else{ //表单数据先不做处理
//System.out.println("处理普通表单请求-----------------------------------");
/*Enumeration<String> names = request.getParameterNames();
while (names.hasMoreElements()) {
String strings = (String) names.nextElement();
String[] parameterValues = request.getParameterValues(strings);
for (int i = 0;parameterValues!=null&&i < parameterValues.length; i++) {
System.out.println("普通表单---普通字段----value:"+strings+":"+parameterValues[i]);
checkFlag = checkFilter(this.fileSuffixes,parameterValues[i]);
if(!checkFlag){
response.sendRedirect(errPage+"?errInfo=" + "上传的文件类型存在异常,不能含有以下文件类型:"+this.fileSuffixes);
break;
}
}
}*/
chain.doFilter(servletRequest, servletResponse);
}
}else{
chain.doFilter(servletRequest, servletResponse);
}
}