web.xml添加过滤器:
xssFilter过滤器尽量添加到web.xml最上方。
、、、省略、、、
<filter>
<filter-name>xssFilter</filter-name>
<filter-class>com.***.***.***.XssFilter</filter-class></filter>
<filter-mapping>
<filter-name>xssFilter</filter-name>
<url-pattern>/</url-pattern>
<url-pattern>/*</url-pattern>
</filter-mapping>
、、、省略、、、
XssFilter.java添加:
一般的XssFilter文件,大致都相同
public class XssFilter implements Filter {
public void init(FilterConfig config) throws ServletException {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest)request);
chain.doFilter(xssRequest, response);
}
public void destroy() {
}
}
自己的系统文件
package com.***.***.***;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.web.filter.OncePerRequestFilter;
public class XssFilter extends OncePerRequestFilter