做的时候是 想通过Filter的doFilter()方法逻辑处理,简单的实现把字符串中0~9的数字替换为“ * ”。
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
servletRequest.setCharacterEncoding("utf-8");
servletResponse.setContentType("text/html;charset=UTF-8");
String content=servletRequest.getParameter("content");
char []con = context.toCharArray();
for (int i = 0; i < con.length; i++) {
if (con[i]<='9'&&con[i]>='0'){
con[i]='*';
}
}
filterChain.doFilter(servletRequest,servletResponse);
}
这是servlet中的doPost()方法部分代码:
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//设置编码
req.setCharacterEncoding("utf-8");
resp.setContentType("text/html; charset=utf-8");
PrintWriter out=resp.getWriter();
String content=req.getParameter("content");
out.print(content);
out.flush();
out.close();
}
代码这样会发现 是错误的。Servlet中的doPost()方法最后输出的out.print(content)没有被过滤。通过看Filter中的代码可以发现con[]没有被传递出来。
所以后来通过重写了request.getParameter(" name")方法,在doFilter()方法内将servletRequest对象转换为重写后的Request
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//将servletRequest对象转换为重写后的Request
servletRequest=new Request((HttpServletRequest) servletRequest);
filterChain.doFilter(servletRequest,servletResponse);
}
/**
* 内部类重写
*/
class Request extends HttpServletRequestWrapper{
public Request(HttpServletRequest request) {
super(request);
}
//重写getParameter()方法
@Override
public String getParameter(String name) {
//返回过滤后的参数值
return replace(super.getRequest().getParameter(name));
}
}
字符替换重新使用一个方法replace来写
//敏感字符替换
public String replace(String context){
for (int i = 0; i < words.length; i++) {
//判断context是否有敏感字符
if (context.indexOf(words[i])!=-1){
//替换字符
context=context.replaceAll(words[i],"*");
}
}
return context;
}