标签:multipart string 定向 super ack eal asn har ipa
使用Spring Filter过滤表单中的非法字符
1 package test; 2 3 import java.io.IOException; 4 import java.util.Iterator; 5 import java.util.Map; 6 7 import javax.servlet.FilterChain; 8 import javax.servlet.ServletException; 9 import javax.servlet.http.HttpServletRequest; 10 import javax.servlet.http.HttpServletRequestWrapper; 11 import javax.servlet.http.HttpServletResponse; 12 13 import org.springframework.beans.BeanWrapper; 14 import org.springframework.beans.BeansException; 15 import org.springframework.web.filter.OncePerRequestFilter; 16 import org.springframework.web.multipart.MultipartHttpServletRequest; 17 import org.springframework.web.multipart.commons.CommonsMultipartResolver; 18 19 /** 20 * 使用Spring过滤器来过滤请求中的非法字符<br> 21 * 如果请求被重定向,则在被重定向的控制器方法执行前此过滤器也会执行 22 * @author admin 23 * 24 */ 25 public class CharacterFilter extends OncePerRequestFilter { 26 27 // 如果使用CommonsMultipartResolver处理文件上传,并且表单类型为multipart/form-data 28 // 则此处需使用CommonsMultipartResolver,其参数设置应与配置文件中保持一致 29 private CommonsMultipartResolver multipartResolver = null; 30 31 /** 32 * 过滤器加载时,initBeanWrapper(BeanWrapper)方法会在initFilterBean()方法之前加载<br> 33 * 可以通过super.getFilterConfig().getInitParameter("param1")方法获取在web.xml中配置的init-param参数 34 */ 35 @Override 36 protected void initBeanWrapper(BeanWrapper bw) throws BeansException { 37 String param1 = super.getFilterConfig().getInitParameter("param1"); 38 System.out.println("param1:" + param1); 39 40 super.initBeanWrapper(bw); 41 } 42 43 @Override 44 protected void initFilterBean() throws ServletException { 45 multipartResolver = new CommonsMultipartResolver(); 46 multipartResolver.setMaxInMemorySize(104857600); 47 multipartResolver.setDefaultEncoding("utf-8"); 48 49 super.initFilterBean(); 50 } 51 52 @Override 53 protected void doFilterInternal(HttpServletRequest request, 54 HttpServletResponse response, FilterChain filterChain) 55 throws ServletException, IOException { 56 //此处可通过配置参数判断是否需要过滤 .. 57 58 HttpServletRequest httpRequest = (HttpServletRequest)request; 59 if(httpRequest.getContentType().toLowerCase().contains("multipart/form-data")){ 60 MultipartHttpServletRequest resolveMultipart = multipartResolver.resolveMultipart(httpRequest); 61 filterChain.doFilter(new CharacterFilterRequestWrapper(resolveMultipart), response); 62 }else{ 63 filterChain.doFilter(new CharacterFilterRequestWrapper(httpRequest), response); 64 } 65 66 } 67 68 class CharacterFilterRequestWrapper extends HttpServletRequestWrapper { 69 70 public CharacterFilterRequestWrapper(HttpServletRequest request) { 71 super(request); 72 } 73 74 @Override 75 public String getParameter(String name) { 76 return filterString(super.getParameter(name)); 77 } 78 79 @Override 80 public String[] getParameterValues(String name) { 81 return filterString(super.getParameterValues(name)); 82 } 83 84 @Override 85 public Map<String, String> getParameterMap() { 86 Map<String, String> map = super.getParameterMap(); 87 if(map == null){ 88 return null; 89 } 90 91 Iterator<String> it = map.keySet().iterator(); 92 while(it.hasNext()){ 93 String param = it.next(); 94 String value = map.get(param); 95 map.put(param, filterString(value)); 96 } 97 98 return map; 99 } 100 101 private String filterString(String value){ 102 if(value == null){ 103 return null; 104 } 105 106 value = value.replaceAll("\r\n", ""); 107 value = value.replaceAll("\t", " "); 108 value = value.replaceAll(">", ">"); 109 value = value.replaceAll("<", "<"); 110 value = value.replaceAll("\"", """); 111 112 return value; 113 } 114 115 private String[] filterString(String[] values){ 116 if(values == null){ 117 return null; 118 } 119 120 for (int i = 0; i < values.length; i++) { 121 values[i] = filterString(values[i]); 122 } 123 124 return values; 125 } 126 127 } 128 129 }
标签:multipart string 定向 super ack eal asn har ipa
原文地址:https://www.cnblogs.com/liuyb/p/11425617.html
