对于动态代理,大家一定要深入了解其实现原理,这样对以后权限框架的学习会有更大的帮助
1.准备资源文件
将文本文档写入好放入src下
注意:
1.放入src目录下 , 文件获取路径应当在WEB-INF/classes/敏感词汇.txt
2.定义一个过滤器IoFilter
3.在过滤器init()方法中获取流文件
4.在doFilter()中书写逻辑代码
2.过滤器init()方法中的代码
try {
ServletContext cont = config.getServletContext();
//txt文件设置GBK解码
String realPath = cont.getRealPath("/WEB-INF/classes/敏感词汇.txt");
//GBK解码 这一点要注意
BufferedReader br = new BufferedReader(new FileReader(realPath));
String line = null;
while((line = br.readLine()) != null ){
list.add(line);
}
br.close();
for (String rs:list) {
System.out.println(rs);
}
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
3.doFilter()方法中
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
//判断是不是req.getParameter();
HttpServletRequest req_ht = (HttpServletRequest) req;
//1.实现代理
ServletRequest request = (ServletRequest) Proxy.newProxyInstance(req.getClass().getClassLoader(), req.getClass().getInterfaces(), new InvocationHandler() {
@Override
public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
//判断是不是获取参数的方法
if(method.getName().equals("getParameter")){
//调用方法,看看有没有返回值
String value = (String) method.invoke(req, args);
String method1 = req_ht.getMethod();
if("get".equalsIgnoreCase(method1)){
value = new String(value.getBytes("ISO-8859-1"), "UTF-8");
if(value != null){
//这里是判断这个对象是否为空,如果不是空,那就更改设置
for (String str:list) {
if(value.contains(str)){
value = value.replaceAll(str,"***");
}
}
}
System.out.println(value);
}else{
req.setCharacterEncoding("utf-8");
for (String str:list) {
if(value.contains(str)){
value = value.replaceAll(str,"***");
}
}
}
return value;
}
return method.invoke(req,args);
}
});
chain.doFilter(request, resp);
}
4.servlet中接受参数
//?user=张三&age=你个大笨蛋
String name = req.getParameter("user");
String age = req.getParameter("age");
System.out.println(name+":"+age);
控制台输出:你个大**
好啦,动态代理实现铭感词汇过滤就这些了