package com.spider.reader.common.filter;
import java.io.IOException;
import java.util.Enumeration;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.spider.reader.common.util.StringUtils;
public class CharsetFilter implements Filter {
protected final static Log log = LogFactory.getLog(CharsetFilter.class);
private String encoding = null;
private String errorforward = null;
private static String postsql = null;
private static String getsql = null;
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if (StringUtils.isEmpty(request.getCharacterEncoding())) {
request.setCharacterEncoding(encoding);
response.setCharacterEncoding(encoding);
response.setContentType("text/html;charset=UTF-8");
chain.doFilter(request, response);
}
boolean bool = UrlFilter((HttpServletRequest) request);
if (bool == false) {
request.getRequestDispatcher(errorforward).forward(request, response);
}
}
public void init(FilterConfig filterconfig) throws ServletException {
encoding = filterconfig.getInitParameter("encoding");
errorforward = filterconfig.getInitParameter("errorforward");
postsql = filterconfig.getInitParameter("postsql");
getsql = filterconfig.getInitParameter("getsql");
}
/**
* URL过滤
*
* @author songnan
* @param request
* @return true为合法 false为非法
*/
public static boolean UrlFilter(HttpServletRequest request) {
String method = request.getMethod().toString().toLowerCase();
StringBuffer sbUrl = request.getRequestURL();
String[] filterurl = postsql.split("\\|");
if("post".equalsIgnoreCase(StringUtils.nvl(method))){
filterurl = getsql.split("\\|");
}
Enumeration emParams = request.getParameterNames();
StringBuffer sb = new StringBuffer("");
boolean bool = true;
while(emParams.hasMoreElements()){
String sParam = (String) emParams.nextElement();
String[] sValues = request.getParameterValues(sParam);
sParam = sParam.replaceAll(" ", "");
String sValue = "";
if(!sParam.startsWith("paragraph")){
for (int i = 0; i < sValues.length; i++) {
sValue = sValues[i];
sValue = sValue.replaceAll(" ", "");
if (sValue != null && sValue.trim().length() != 0 && bool == true) {
bool = false;
sb.append(sParam).append("=").append(sValue);
} else if (sValue != null && sValue.trim().length() != 0 && bool == false) {
sb.append("&").append(sParam).append("=").append(sValue);
}
}
}
}
if (sb.toString() != null) {
String loqueryStr = sb.toString().toLowerCase();
for (int i = 0; i < filterurl.length; i++) {
if (loqueryStr.contains(filterurl[i])) {
log.error("错误链接地址:" + sbUrl.toString());
log.error(loqueryStr + " = " + filterurl[i]);
return false;
}
}
}
return true;
}
}
web.xml
<filter>
<filter-name>encoding</filter-name>
<filter-class>
com.spider.reader.common.filter.CharsetFilter
</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>errorforward</param-name>
<param-value>/index.jsp</param-value>
</init-param>
<init-param>
<param-name>getsql</param-name>
<param-value>
exec|execute|insert|delete|update|master|truncate|char|declare|like|drop|database
</param-value>
</init-param>
<init-param>
<param-name>postsql</param-name>
<param-value>
exec|execute|delete|update|truncate|drop
</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>