如果想对数据处理,进行一些安全方面的转义,这样可以通过较少的代码修改来实现。
在实现的时候,发现request对象并没有提供setParameter方法让我们来修改参数内容。
我们可以通过以下方式来实现。
1.新建立一个项目,项目名称webProject
2.index.jsp里代码如下,打印接收到的参数内容
<% String name=request.getParameter("username"); System.out.println("name:"+name); %>
3.访问http://localhost:8080/webProject/index.jsp?username=123<a><input>,结果为
name:123<a><input>
4.在web.xml里添加一个filter
<filter> <filter-name>securityFilter</filter-name> <filter-class>info.frady.SecurityFilter</filter-class> </filter> <filter-mapping> <filter-name>securityFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
5.SecurityFilter的代码如下
package info.frady; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; public class SecurityFilter implements Filter { private FilterConfig filterConfig; @Override public void init(FilterConfig filterConfig) throws ServletException { // TODO Auto-generated method stub this.filterConfig = filterConfig; } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // TODO Auto-generated method stub SecirityHttpServletRequestWrapper requestwrapper = new SecirityHttpServletRequestWrapper((HttpServletRequest)request); //对自定义装饰器初始化后,继续发关原先的请求,不过将ServletRequest request 改为自定义装饰器的对像requestwrapper chain.doFilter(requestwrapper, response); } @Override public void destroy() { // TODO Auto-generated method stub } }
6.SecirityHttpServletRequestWrapper为自定义的类,继承自HttpServletRequestWrapper
代码如下:
package info.frady; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; public class SecirityHttpServletRequestWrapper extends HttpServletRequestWrapper { public SecirityHttpServletRequestWrapper(HttpServletRequest request) { super(request); } //覆写getParameter方法 @Override public String getParameter(String name) { String postValue=super.getParameter(name); postValue=postValue.replace("<", "<").replace(">", ">"); return postValue; } }
7.访问http://localhost:8080/webProject/index.jsp?username=123<a><input>,结果为
name:123<a><input>