1.在spring-servlet.xml中配置拦截器:由于本系统框架比较旧(spring2.4版本的,spring 3.0以上的才支持mvc标签)--项目中使用并通过了安全扫描
<bean id="handlerInterceptor1" class="com.sunrise.grid.common.actions.FileShellInterceptor"/>
<bean class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping">
<property name="interceptors">
<list>
<ref bean="handlerInterceptor1"/>
</list>
</property>
</bean>
2.具体的拦截器实现类代码如下:
package com.sunrise.grid.common.actions;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileItemIterator;
import org.apache.commons.fileupload.FileItemStream;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.commons.fileupload.util.Streams;
import org.slf4j.Logger;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartHttpServletRequest;
import org.springframework.web.multipart.commons.CommonsMultipartResolver;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.itextpdf.text.pdf.codec.Base64.InputStream;
import com.sunrise.bdc.commons.log.LoggingHelper;
public class FileShellInterceptor extends HandlerInterceptorAdapter{
Logger log = LoggingHelper.getLog("FileShellInterceptor.class");
@Override
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception{
boolean flag= true;
log.info("进入了文件上传拦截器!!!");
System.out.println("进入了文件上传拦截器=-=-=-=-=-=-=-=-=-=------------=--");
// 判断是否为文件上传请求
if (request instanceof MultipartHttpServletRequest) {
MultipartHttpServletRequest multipartRequest =
(MultipartHttpServletRequest) request;
Map<String, MultipartFile> files= multipartRequest.getFileMap();
Iterator<String> iterator = files.keySet().iterator();
//对多部件请求资源进遍历
while (iterator.hasNext()) {
String formKey = (String) iterator.next();
MultipartFile multipartFile =
multipartRequest.getFile(formKey);
String filename=multipartFile.getOriginalFilename();
//判断是否为限制文件类型
if (! checkFile(filename)) {
log.info("存在非法参数不能放行!请核对上传文件格式,重新刷新页面再次上传!");
flag = false;
}
}
}
return flag;
}
@Override
public void postHandle(HttpServletRequest request,
HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
System.out.println("Post-handle");
}
@Override
public void afterCompletion(HttpServletRequest request,
HttpServletResponse response, Object handler, Exception ex)
throws Exception {
System.out.println("After completion handle");
}
/**
* 判断是否为允许的上传文件类型,true表示允许
*/
private boolean checkFile(String fileName) {
//设置允许上传文件类型
String suffixList = "jpg,gif,png,ico,bmp,jpeg,zip,zp,rar,doc,docx,excel,xls,xlxs";
// 获取文件后缀
String suffix = fileName.substring(fileName.lastIndexOf(".")
+ 1, fileName.length());
if (suffixList.contains(suffix.trim().toLowerCase())) {
System.out.println("无非法参数可以放行!!!");
log.info("无非法参数可以放行!!!");
return true;
}
log.info("存在非法参数不能放行!请核对上传文件格式,重新刷新页面再次上传!");
return false;
}
}