这中间起到最关键作用的就是HttpServletRequestWrapper
首先创建一个类继承HttpServletRequestWrapper。然后重写getAttribute,getParameter,getParameterValues,getParameterMap这几个方法。
public class OpRequestWrap extends HttpServletRequestWrapper {
public OpRequestWrap(HttpServletRequest request) {
super(request);
}
private String format(String name) {
return StringUtils.replaceEach(name,//
new String[]{"\"","'","<",">"}, //
new String[]{""","´","<",">"});
//return StringEscapeUtils.escapeHtml4(name);
}
/**
*
* @param name
* @return
*/
public Object getAttribute(String name) {
Object value = super.getAttribute(name);
if (value instanceof String) {
value = format(String.valueOf(value));
}
return value;
}
/**
* 重写getParameter方法
*
* @param name
* @return
*/
public String getParameter(String name) {
String value = super.getParameter(name);
if (value == null)
return null;
return format(value);
}
/**
*
* @param name
* @return
*/
public String[] getParameterValues(String name) {
String[] values = super.getParameterValues(name);
if (values != null) {
for (int i = 0; i < values.length; i++) {
values[i] = format(values[i]);
}
}
return values;
}
/**
* @return
*/
public Map<String, String[]> getParameterMap() {
HashMap<String, String[]> paramMap = (HashMap<String, String[]>) super.getParameterMap();
paramMap = (HashMap<String, String[]>) paramMap.clone();
for (Iterator iterator = paramMap.entrySet().iterator(); iterator.hasNext(); ) {
Map.Entry<String,String[]> entry = (Map.Entry<String,String[]>) iterator.next();
String [] values = entry.getValue();
for (int i = 0; i < values.length; i++) {
if(values[i] instanceof String){
values[i] = format(values[i]);
}
}
entry.setValue(values);
}
return paramMap;
}
}
然后配置一个过滤器;
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
filterChain.doFilter(new OpRequestWrap((HttpServletRequest) servletRequest),servletResponse);
}
请仔细看doFilter里面的request,这一步也很重要。它是对request进行包装,才能起到修改request中参数,属性的功能。