基于注解的敏感词过滤功能
项目需要对用户发布的内容进行过滤,将其中的敏感词替换为 * 等特殊字符。大部分Web项目在处理这方面需求时都会选择过滤器( Filter ),在过滤器中将 Request 包上一层 Wrapper ,并重写其 getParameter 等方法,例如:
public class SafeTextRequestWrapper extends HttpServletRequestWrapper {
public SafeTextRequestWrapper(HttpServletRequest req) {
super(req);
}
@Override
public Map<String, String[]> getParameterMap() {
Map<String, String[]> paramMap = super.getParameterMap();
for (String[] values : paramMap.values()) {
for (int i = 0; i < values.length; i++) {
values[i] = SensitiveUtil.filter(values[i]);
}
}
return paramMap ;
}
@Override
public String getParameter(String name) {
return SensitiveUtil.filter(super.getParameter(name));
}
}
public class SafeTextFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
SafeTextRequestWrapper safeTextRequestWrapper = new SafeTextRequestWrapper((HttpServletRequest) request);
chain.doFilter(safeTextRequestWrapper, response);
}
@Override
public void destroy() {
}
}
但是这样做会有一些明显的问题,比如无法控制具体对哪些信息进行过滤。如果用户注册的邮箱或是密码中也带有 fuck 之类的敏感词,那就属于误伤了。
所以改用Spring MVC的Formatter进行拓展,只需要在 @RequestParam 的参数上使用 @SensitiveFormat 注解,Spring MVC就会在注入该属性时自动进行敏感词过滤。既方便又不会误伤,实现方法如下:
声明 @SensitiveFormat 注解:
@Target({ElementType.FIELD, ElementType.PARAMETER})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface SensitiveFormat {
}
创建 SensitiveFormatter 类。实现 Formatter 接口,重写 parse 方法(将接收到的内容转换成对象的方法),在该方法中对接收内容进行过滤:
public class SensitiveFormatter implements Formatter<String> {
@Override
public String parse(String text, Locale locale) throws ParseException {
return SensitiveUtil.filter(text);
}
@Override
public String print(String object, Locale locale) {
return object;
}
}
创建 SensitiveFormatAnnotationFormatterFactory 类,实现 AnnotationFormatterFactory 接口,将 @SensitiveFormat 与 SensitiveFormatter 绑定:
public class SensitiveFormatAnnotationFormatterFactory implements AnnotationFormatterFactory<SensitiveFormat> {
@Override
public Set<Class<?>> getFieldTypes() {
Set<Class<?>> fieldTypes = new HashSet<>();
fieldTypes.add(String.class);
return fieldTypes;
}
@Override
public Printer<?> getPrinter(SensitiveFormat annotation, Class<?> fieldType) {
return new SensitiveFormatter();
}
@Override
public Parser<?> getParser(SensitiveFormat annotation, Class<?> fieldType) {
return new SensitiveFormatter();
}
}
最后将 SensitiveFormatAnnotationFormatterFactory 注册到Spring MVC中:
@Configuration
public class WebMvcConfig extends WebMvcConfigurerAdapter {
@Override
public void addFormatters(FormatterRegistry registry) {
registry.addFormatterForFieldAnnotation(new SensitiveFormatAnnotationFormatterFactory());
super.addFormatters(registry);
}
}