web项目特殊字符限制 过滤器实例
2013-12-04 09:12
330 查看
import java.io.IOException;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
public class IllegalCharacterFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
System.out.println("过滤器.....");
req.setCharacterEncoding("utf-8");
res.setCharacterEncoding("utf-8");
String[] strBadChar = {
"and"
,"exec"
,"insert"
,"delete"
,"update"
,"count"
,"*"
,"%"
,"\'"
,"\""
,"master"
,"truncate"
,"declare"
,"SiteName"
,"net user"
,"xp_cmdshell"
,"/add"
,"exec master.dbo.xp_cmdshell"
,"net localgroup administrators"
};
Map pamamap=req.getParameterMap();
Object[] obj = pamamap.keySet().toArray();
boolean state = true;
if(!pamamap.isEmpty()){
for(int i=0;i<obj.length;i++){
String content=req.getParameter(obj[i].toString());
System.out.println("验证:" +content);
if(content != null){
for(String str : strBadChar){
if(content.toUpperCase().indexOf(str.toUpperCase()) != -1){
state = false;
req.setAttribute("err", "含有禁止的字符:" + str);
System.out.println("参数[" + content + "]含有特殊字符[" + str +"]");
break;
}
}
}
if(!state){
break;
}
System.out.println("key:" + obj[i].toString());
System.out.println("content:" + content);
System.out.println("================");
}
}
System.out.println(state);
if(state){
chain.doFilter(req, res);
}else{
req.getRequestDispatcher("/illegalErr.jsp").forward(req, res);
}
}
public void init(FilterConfig arg0) throws ServletException {
}
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
public class IllegalCharacterFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
System.out.println("过滤器.....");
req.setCharacterEncoding("utf-8");
res.setCharacterEncoding("utf-8");
String[] strBadChar = {
"and"
,"exec"
,"insert"
,"delete"
,"update"
,"count"
,"*"
,"%"
,"\'"
,"\""
,"master"
,"truncate"
,"declare"
,"SiteName"
,"net user"
,"xp_cmdshell"
,"/add"
,"exec master.dbo.xp_cmdshell"
,"net localgroup administrators"
};
Map pamamap=req.getParameterMap();
Object[] obj = pamamap.keySet().toArray();
boolean state = true;
if(!pamamap.isEmpty()){
for(int i=0;i<obj.length;i++){
String content=req.getParameter(obj[i].toString());
System.out.println("验证:" +content);
if(content != null){
for(String str : strBadChar){
if(content.toUpperCase().indexOf(str.toUpperCase()) != -1){
state = false;
req.setAttribute("err", "含有禁止的字符:" + str);
System.out.println("参数[" + content + "]含有特殊字符[" + str +"]");
break;
}
}
}
if(!state){
break;
}
System.out.println("key:" + obj[i].toString());
System.out.println("content:" + content);
System.out.println("================");
}
}
System.out.println(state);
if(state){
chain.doFilter(req, res);
}else{
req.getRequestDispatcher("/illegalErr.jsp").forward(req, res);
}
}
public void init(FilterConfig arg0) throws ServletException {
}
相关文章推荐
- Web项目配置字符过滤器
- [javaweb]xml特殊字符简记
- web项目Log4j日志输出路径配置问题 问题描述:一个web项目想在一个tomcat下运行多个实例(通过修改war包名称的实现),然后每个实例都将日志输出到tomcat的logs目录下实例名命名的文
- Python语句中基本的规则与特殊字符简单操作实例
- web.config中配置字符串中特殊字符的处理
- web.config文件中出现特殊字符的解决方法
- web.config中配置字符串中特殊字符的处理
- web开发中特殊字符的对应值与转义字符
- javaWeb项目SpringMVC3.2.1与Mybatis3.0.4整合实例(Mybaits-spring配置文件的几种方式)之一SqlSessionDaoSupport方式
- appfuse实例中的web.xml学习笔记之过滤器
- 关于 android 中 edittext 特殊字符过滤和字符长度限制的最优方法
- iOS开发中手机号码和价格金额有效性判断及特殊字符的限制
- # webpack+vue+vueRouter 模块化构建完整项目实例
- Java Web 一些特殊字符的过滤(appscan检查的安全问题)
- 在web项目中使用线程池发送邮件实例
- 用户名限制输入特殊字符
- 最近一个web项目的架构实例
- PHP中ltrim与rtrim去除左右空格及特殊字符实例
- Web.config中的特殊字符
- iOS开发中手机号码和价格金额有效性判断及特殊字符的限制