Use Spring Filter Filter form of illegal characters
1 package test; 2 3 import java.io.IOException; 4 import java.util.Iterator; 5 import java.util.Map; 6 7 import javax.servlet.FilterChain; 8 import javax.servlet.ServletException; 9 import javax.servlet.http.HttpServletRequest; 10 import javax.servlet.http.HttpServletRequestWrapper; 11 import javax.servlet.http.HttpServletResponse; 12 13 import org.springframework.beans.BeanWrapper; 14 importorg.springframework.beans.BeansException; 15 Import org.springframework.web.filter.OncePerRequestFilter; 16 Import org.springframework.web.multipart.MultipartHttpServletRequest; . 17 Import org.springframework.web.multipart.commons.CommonsMultipartResolver; 18 is . 19 / * * 20 * Spring use filters to filter requests illegal characters <br> 21 is * if the request is redirected, this filter will be executed before the execution controller method be redirected 22 is * @author ADMIN 23 is * 24 * / 25 public class CharacterFilter the extends OncePerRequestFilter { 26 is 27 // If CommonsMultipartResolver file upload process, and the form of type multipart / form-Data 28 @ is used here for an CommonsMultipartResolver, which parameters should be consistent with the profile 29 Private CommonsMultipartResolver the MultipartResolver = null ; 30 31 is / * * 32 loading * the filter loading, initBeanWrapper (BeanWrapper) method will initFilterBean before () method <br> 33 is * by super.getFilterConfig (). getInitParameter ( "param1 ") method to obtain the configuration in web.xml init -param parameter 34 is * / 35 @Override 36 protected void initBeanWrapper (the BeanWrapper BW) throws BeansException { 37 [ String param1 = super.getFilterConfig().getInitParameter("param1"); 38 System.out.println("param1:" + param1); 39 40 super.initBeanWrapper(bw); 41 } 42 43 @Override 44 protected void initFilterBean() throws ServletException { 45 multipartResolver = new CommonsMultipartResolver(); 46 multipartResolver.setMaxInMemorySize(104857600); 47 multipartResolver.setDefaultEncoding("utf-8"); 48 49 super.initFilterBean(); 50 } 51 52 @Override 53 protected void doFilterInternal(HttpServletRequest request, 54 HttpServletResponse response, FilterChain filterChain) 55 throws ServletException, IOException { 56 //此处可通过配置参数判断是否需要过滤 .. 57 58 HttpServletRequest httpRequest = (HttpServletRequest)request; 59 if(httpRequest.getContentType().toLowerCase().contains("multipart/form-data")){ 60 MultipartHttpServletRequest resolveMultipart = multipartResolver.resolveMultipart(httpRequest); 61 filterChain.doFilter(new CharacterFilterRequestWrapper(resolveMultipart), response); 62 }else{ 63 filterChain.doFilter(new CharacterFilterRequestWrapper(httpRequest), response); 64 } 65 66 } 67 68 class CharacterFilterRequestWrapper extends HttpServletRequestWrapper { 69 70 public CharacterFilterRequestWrapper(HttpServletRequest request) { 71 super(request); 72 } 73 74 @Override 75 public String getParameter(String name) { 76 return filterString(super.getParameter(name)); 77 } 78 79 @Override 80 public String[] getParameterValues(String name) { 81 return filterString(super.getParameterValues(name)); 82 } 83 84 @Override 85 public Map<String, String> getParameterMap() { 86 Map<String, String> map = super.getParameterMap(); 87 if(map == null){ 88 return null; 89 } 90 91 Iterator<String> it = map.keySet().iterator(); 92 while(it.hasNext()){ 93 String param = it.next(); 94 String value = map.get(param); 95 map.put(param, filterString(value)); 96 } 97 98 return map; 99 } 100 101 private String filterString(String value){ 102 if(value == null){ 103 return null; 104 } 105 106 value = value.replaceAll("\r\n", ""); 107 value = value.replaceAll("\t", " "); 108 value = value.replaceAll(">", ">"); 109 value = value.replaceAll("<", "<"); 110 value = value.replaceAll("\"", """); 111 112 return value; 113 } 114 115 private String[] filterString(String[] values){ 116 if(values == null){ 117 return null; 118 } 119 120 for (int i = 0; i < values.length; i++) { 121 values[i] = filterString(values[i]); 122 } 123 124 return values; 125 } 126 127 } 128 129 }