//首先在WebRoot/WEB-INF文件夹下新建一个.properties后缀的文件写入你要过滤的敏感字
//name value
//傻逼 **
//自己新建一个 类 继承HttpServletRequestWrapper
package com.hr.util;import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.util.Properties;
import java.util.Set;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
public class MyRequest extends HttpServletRequestWrapper{
public MyRequest(HttpServletRequest request) {
super(request);
// TODO Auto-generated constructor stub
}
@Override
public String getParameter(String name) {
String method=this.getMethod();
String str=null;
if("post".equalsIgnoreCase(method)){
try {
super.setCharacterEncoding("UTF-8");
str=super.getParameter(name);
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}else if("get".equalsIgnoreCase(method)){
str=super.getParameter(name);
try {
str=new String(str.getBytes("iso-8859-1"),"UTF-8");
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
//如何得到properties对象
Properties p=new Properties();
//找到文件 读取webRoot下面的文件需要使用application(ServletContext)对象
ServletContext application=this.getSession().getServletContext();
//获得指定文件的数据流
InputStream is=application.getResourceAsStream("WEB-INF/str.properties");
try {
//使用属性文件对象读取properties文件中的全部内容
p.load(is);
//遍历所有的properties中的key
Set<Object> keys=p.keySet();
//再通过foreach获得所有的值
for (Object obj : keys) {
String key=(String)obj;
String value=p.getProperty(key);
// System.out.println(key+"--"+value);
//如果接收到的字符串中包含了敏感字
if(str.indexOf(key)!=-1){
str=str.replace(key, value);
}
}
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return str;
}
@Override
public String[] getParameterValues(String name) {
String strs[]=super.getParameterValues(name);
for (int i = 0; i < strs.length; i++) {
try {
strs[i]=new String(strs[i].getBytes("iso-8859-1"),"UTF-8");
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
return strs;
}
}
//过滤器代码
ServletRequest request, ServletResponse response把这两个强转成功
HttpServletRequest req=(HttpServletRequest)request;
HttpServletResponse res=(HttpServletResponse)response;
//对响应的编码进行设置
res.setContentType("text/html;charset=UTF-8");
//调用自定义类,转型后的req给它
MyRequest mr=new MyRequest(req);
//放行
chain.doFilter(mr, res);
//servlet 代码
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//调用doPost的方法
doPost(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
//以doPost的方式提交
}
//XML的配置
<filter>
<filter-name>过滤器名字</filter-name>
<filter-class>过滤器路径</filter-class>
</filter>
<filter-mapping>
<filter-name>过滤器名字</filter-name>
<url-pattern>/*</url-pattern>// /*代表过滤全部
</filter-mapping>