Struts2拦截器的使用2
2012-10-19 11:40
302 查看
在学习了《Struts2拦截器的使用1》教程之后,根据项目需要,做了一个拦截器,目的是将前端传入的参数中的非法字符做转化,以防止JS注入。另外:拦截器的配置就不说明了,不懂请参考《Struts2拦截器的使用1》,拦截器代码如下:
package com.***.interceptors;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import com.opensymphony.xwork2.util.ValueStack;
import com.***.utils.StringUtil;
public class IllegalCharacterInterceptor extends AbstractInterceptor
{
@Override
public String intercept(ActionInvocation invocation) throws Exception
{
ActionContext ac = invocation.getInvocationContext();
ValueStack stack = ac.getValueStack();
Map valueTreeMap=invocation.getInvocationContext().getParameters();
//下面开始遍历组装
Iterator iterator = valueTreeMap.entrySet().iterator();
while (iterator.hasNext()) {
Entry entry = (Entry) iterator.next();
String key = (String) entry.getKey();
String[] oldValues =null;
if (entry.getValue() instanceof String)
{
oldValues=new String[]{entry.getValue().toString()};
}else
{
oldValues=(String[]) entry.getValue();
}
String newValueStr = null;//新值
if (oldValues.length > 1) {
newValueStr = "{";
for (int i = 0; i < oldValues.length; i++) {
newValueStr += StringUtil.filtrateString(oldValues[i].toString());//字符转义处理
if (i != oldValues.length - 1) {
newValueStr += ",";
}
}
newValueStr += "}";
} else if (oldValues.length == 1) {
newValueStr = StringUtil.filtrateString(oldValues[0].toString());//字符转义处理
} else {
newValueStr = "null";
}
stack.setValue(key, newValueStr);
}
String result=null;
try {
result = invocation.invoke();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return result;
}
}
非法字符处理工具类:
package com.***.utils;
/**
* 过滤字符串特殊字符
*
*/
public class StringUtil {
/**
* 过滤特殊字符
* @param content 要过滤的内容
* @return
*/
public static String filtrateString(String content) {
if (content == null || "".equals(content.trim())) {
return content;
}
//content = content.replaceAll("&", "&");
content = content.replaceAll("<", "<");
content = content.replaceAll(">", ">");
content = content.replaceAll("\t", " ");
content = content.replaceAll("\r\n", "\n");
content = content.replaceAll("\n", "<br/>");
content = content.replaceAll("'", "'");
content = content.replaceAll("\\\\", "\");
content = content.replaceAll("\"", """);
return content;
}
/**
* 特殊字符转文本
* @param content 要转换的内容
* @return
*/
public static String reverseString(String content) {
if (content == null || "".equals(content.trim())) {
return content;
}
//content = content.replaceAll("&", "&");
content = content.replaceAll("<", "<");
content = content.replaceAll(">", ">");
content = content.replaceAll(" ", "\t");
content = content.replaceAll("\n", "\r\n");
content = content.replaceAll("<br/>", "\n");
content = content.replaceAll("'", "'");
content = content.replaceAll("\", "\\\\");
content = content.replaceAll("<", "<");
content = content.replaceAll(">", ">");
content = content.replaceAll(""", "\"");
return content;
}
/**
* 判断字符串是否为数字
* @param str
* @return
*/
public static boolean isNumeric(String str) {
for (int i = 0; i<str.length();i++) {
if (!Character.isDigit(str.charAt(i))) {
return false;
}
}
return true;
}
/**
* 替换特殊字符串
* @Title: ResplaceString
* @param @param content
* @param @return
* @return String
* @throws
*/
public static String ResplaceString(String content) {
if (content == null || "".equals(content.trim())) {
return content;
}
content = content.replaceAll("<", "<");
content = content.replaceAll(">", ">");
// content = content.replaceAll("/", "/");
content = content.replaceAll("\"", """);
return content;
}
}
package com.***.interceptors;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import com.opensymphony.xwork2.util.ValueStack;
import com.***.utils.StringUtil;
public class IllegalCharacterInterceptor extends AbstractInterceptor
{
@Override
public String intercept(ActionInvocation invocation) throws Exception
{
ActionContext ac = invocation.getInvocationContext();
ValueStack stack = ac.getValueStack();
Map valueTreeMap=invocation.getInvocationContext().getParameters();
//下面开始遍历组装
Iterator iterator = valueTreeMap.entrySet().iterator();
while (iterator.hasNext()) {
Entry entry = (Entry) iterator.next();
String key = (String) entry.getKey();
String[] oldValues =null;
if (entry.getValue() instanceof String)
{
oldValues=new String[]{entry.getValue().toString()};
}else
{
oldValues=(String[]) entry.getValue();
}
String newValueStr = null;//新值
if (oldValues.length > 1) {
newValueStr = "{";
for (int i = 0; i < oldValues.length; i++) {
newValueStr += StringUtil.filtrateString(oldValues[i].toString());//字符转义处理
if (i != oldValues.length - 1) {
newValueStr += ",";
}
}
newValueStr += "}";
} else if (oldValues.length == 1) {
newValueStr = StringUtil.filtrateString(oldValues[0].toString());//字符转义处理
} else {
newValueStr = "null";
}
stack.setValue(key, newValueStr);
}
String result=null;
try {
result = invocation.invoke();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return result;
}
}
非法字符处理工具类:
package com.***.utils;
/**
* 过滤字符串特殊字符
*
*/
public class StringUtil {
/**
* 过滤特殊字符
* @param content 要过滤的内容
* @return
*/
public static String filtrateString(String content) {
if (content == null || "".equals(content.trim())) {
return content;
}
//content = content.replaceAll("&", "&");
content = content.replaceAll("<", "<");
content = content.replaceAll(">", ">");
content = content.replaceAll("\t", " ");
content = content.replaceAll("\r\n", "\n");
content = content.replaceAll("\n", "<br/>");
content = content.replaceAll("'", "'");
content = content.replaceAll("\\\\", "\");
content = content.replaceAll("\"", """);
return content;
}
/**
* 特殊字符转文本
* @param content 要转换的内容
* @return
*/
public static String reverseString(String content) {
if (content == null || "".equals(content.trim())) {
return content;
}
//content = content.replaceAll("&", "&");
content = content.replaceAll("<", "<");
content = content.replaceAll(">", ">");
content = content.replaceAll(" ", "\t");
content = content.replaceAll("\n", "\r\n");
content = content.replaceAll("<br/>", "\n");
content = content.replaceAll("'", "'");
content = content.replaceAll("\", "\\\\");
content = content.replaceAll("<", "<");
content = content.replaceAll(">", ">");
content = content.replaceAll(""", "\"");
return content;
}
/**
* 判断字符串是否为数字
* @param str
* @return
*/
public static boolean isNumeric(String str) {
for (int i = 0; i<str.length();i++) {
if (!Character.isDigit(str.charAt(i))) {
return false;
}
}
return true;
}
/**
* 替换特殊字符串
* @Title: ResplaceString
* @param @param content
* @param @return
* @return String
* @throws
*/
public static String ResplaceString(String content) {
if (content == null || "".equals(content.trim())) {
return content;
}
content = content.replaceAll("<", "<");
content = content.replaceAll(">", ">");
// content = content.replaceAll("/", "/");
content = content.replaceAll("\"", """);
return content;
}
}
相关文章推荐
- Struts2拦截器的使用 (详解)
- struts2拦截器的使用(详解) 讲的不错,基本都包括了
- struts2 使用拦截器 实现用户权限的验证
- Struts2默认拦截器(AliasInterceptor)的使用及源码阅读
- Struts2拦截器的使用 (详解)
- (IDEA)使用struts2后出现启动拦截器失败
- struts2中使用拦截器(Interceptor)控制登录和权限
- Struts2拦截方法拦截器的使用(十三)
- struts2使用AbstractInterceptor实现拦截器
- 如何使用struts2拦截器 详解
- struts2拦截器使用
- 用文件上传了解struts2拦截器的使用
- struts2使用拦截器完成登陆显示用户信息操作和Struts2的国际化
- struts2使用AbstractInterceptor实现拦截器
- Struts2拦截器的使用
- Struts2拦截器的使用 (详解)
- Struts2使用拦截器完成权限控制示例
- struts2中自定义拦截器intercept的相关配置及使用方法
- Struts2拦截器之使用拦截器模拟实现登陆校验
- Struts2使用MethodFilterInterceptor来实现方法拦截器