标签:
Jfinal中添加过滤器声明
public void configHandler(Handlers me) { me.add(new XssHandler()); }
过滤器
package com.demo.common.config; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.io.UnsupportedEncodingException; import java.net.URLEncoder; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.jfinal.handler.Handler; /** * 统一XSS处理 */ public class XssHandler extends Handler { @Override public void handle(String target, HttpServletRequest request, HttpServletResponse response, boolean[] isHandled) { System.out.println(target); if(target.equals("/css/2222")) { String abc=target.replaceAll("/", "\\\\"); //这里是为什么要加4个???\\\\
String path="C:\\Users\\Administrator\\Desktop\\jfinal_demo\\WebRoot"+abc; try { response.setHeader("Content-Type","application/octet-stream"); response.setHeader("content-disposition", "attachment;filename=" + URLEncoder.encode("2222", "UTF-8")); InputStream in = null ; OutputStream out = null ; try { in = new FileInputStream(path); //获取文件的流 int len = 0; byte buf[] = new byte[1024];//缓存作用 out = response.getOutputStream();//输出流 while( (len = in.read(buf)) > 0 ) //切忌这后面不能加 分号 ”;“ { out.write(buf, 0, len);//向客户端输出,实际是把数据存放在response中,然后web服务器再去response中读取 } } catch (FileNotFoundException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); }finally { if(in!=null) { try{ in.close(); }catch(IOException e){ e.printStackTrace(); } } if(out!=null) { try{ out.close(); }catch(IOException e){ e.printStackTrace(); } } } } catch (UnsupportedEncodingException e) { // TODO Auto-generated catch block e.printStackTrace(); } } //System.out.println("target -> " + target); // 对于非静态文件,和非指定排除的url实现过滤 /* if (!target.contains(".") && !target.startsWith(exclude)) { System.out.println("target -> " + target); request = new HttpServletRequestWrapper(request); } nextHandler.handle(target, request, response, isHandled);*/ } }
标签:
原文地址:http://www.cnblogs.com/littlehb/p/5520427.html