百度,google了半天即使再万能的stackoverflow上也没有得到解答,今天偶然间发现springmvc注解@RequestParam不是通过HttpServletRequest.java的getParameter(String name)方法得到的参数值,而是通过getParameterValues得到的,怪不得debug了半天getParameter方法就是未被调用,filter也没生效。
相关代码如下:
RequestFilter.java
01 | package com.zuidaima.filter; |
03 | import java.io.IOException; |
04 | import java.io.UnsupportedEncodingException; |
06 | import javax.servlet.FilterChain; |
07 | import javax.servlet.ServletException; |
08 | import javax.servlet.http.HttpServletRequest; |
09 | import javax.servlet.http.HttpServletRequestWrapper; |
10 | import javax.servlet.http.HttpServletResponse; |
12 | import org.springframework.web.filter.OncePerRequestFilter; |
14 | *@author www.zuidaima.com |
16 | public class RequestFilter extends OncePerRequestFilter { |
18 | public String filter(HttpServletRequest request, String input) { |
21 | if (input == null || input.trim().equals( "(null)" )) { |
25 | final String userAgent = request.getHeader( "User-Agent" ); |
26 | final String method = request.getMethod(); |
28 | if (method.equalsIgnoreCase( "get" ) |
29 | || userAgent.toLowerCase().indexOf( "android" ) != - 1 ) { |
31 | ret = new String(input.getBytes( "ISO8859-1" ), "utf-8" ); |
32 | } catch (UnsupportedEncodingException e) { |
40 | protected void doFilterInternal( final HttpServletRequest request, |
41 | HttpServletResponse response, FilterChain chain) |
42 | throws ServletException, IOException { |
44 | chain.doFilter( new HttpServletRequestWrapper(request) { |
46 | public String getParameter(String name) { |
47 | String value = super .getParameter(name); |
48 | return filter( this , value); |
52 | public String[] getParameterValues(String name) { |
53 | String[] values = super .getParameterValues(name); |
57 | for ( int i = 0 ; i < values.length; i++) { |
58 | values[i] = filter( this , values[i]); |
当然必须在web.xml中配置启动该过滤器:
2 | < filter-name >RequestFilter</ filter-name > |
3 | < filter-class >com.zuidaima.filter.RequestFilter</ filter-class > |
6 | < filter-name >RequestFilter</ filter-name > |
7 | < url-pattern >*.htm</ url-pattern > |
这样就可以实现全局的控制springmvc的参数过滤,比如xss,编解码等业务,比在每个springmvc方法中对每个参数值进行判断和过滤简单方便多了。