Filter - 敏感词过滤
- 过滤器细节
- 执行流程
- 生命周期(
项目部署
) - 拦截路径
- 拦截方式
- 从文件中获取敏感词清单
- 将所有敏感词替换为***
- 动态代理(
设计模式
)
- 动态代理(
一:过滤器细节
二:从文件中获取敏感词清单
List<String> sensitiveWordsList = new ArrayList<>();
@Override
public void init(FilterConfig filterConfig){
// 1. 获取敏感词清单,读取进入List
try {
String sensitiveFilePath = "/WEB-INF/classes/sensitiveWords.txt";
ServletContext servletContext = filterConfig.getServletContext();
String realPath = servletContext.getRealPath(sensitiveFilePath);
BufferedReader br = new BufferedReader(new InputStreamReader(new FileInputStream(realPath),
StandardCharsets.UTF_8));
// 1.1 如何从BufferedReader中循环读取每一行
String line = null;
while ((line = br.readLine())!=null) {
sensitiveWordsList.add(line);
}
br.close();
}catch(Exception e){
e.printStackTrace();
}
}
三:将所有敏感词替换为***
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
// FORWARD请求转发的的request是:org.apache.catalina.core.ApplicationHttpRequest
// 使用动态代理强转ServletQuest时报错
// Tomcat9.0.38
System.out.println(servletRequest);
// 1. 增强request的getParameter方法
ServletRequest proxyReq = (ServletRequest) Proxy.newProxyInstance(servletRequest.getClass().getClassLoader(), servletRequest.getClass().getInterfaces(), (proxy, method, args) -> {
if ("getParameter".equals(method.getName())) {
String res = (String) method.invoke(servletRequest, args);
if (res != null) {
for (String s :
sensitiveWordsList) {
if (res.contains(s)) {
res = res.replaceAll(s, "***");
}
}
}
return res;
}
return method.invoke(servletRequest, args);
});
// 2. 使用代理对象放行
filterChain.doFilter(proxyReq,servletResponse);
}