非常简单只需三个步骤:
第一步,在你的工程加入如下所示的过滤器代码,一共两个类:
CharFilter.java
package com.hyjx.filter;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.Map.Entry;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
/**
* @author jfish
* @since 2006.1.12
*/
public class CharFilter implements Filter {
public FilterConfig config;
public void setFilterConfig(FilterConfig config) {
this.config = config;
}
public FilterConfig getFilterConfig() {
return config;
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
boolean filter = true;// 是否过滤;
String excludeURL;// 不过滤的url地址
excludeURL = config.getInitParameter("excludeURL");
if (excludeURL == null || "".equals(excludeURL)) {
filter = true;
} else {
String url = req.getRequestURI();// url地址
String[] excludeURLA = excludeURL.split(",");
for (int i = 0; i < excludeURLA.length; i++) {
if (url.indexOf(excludeURLA[i]) > 0) {// 如果含有不让过滤的url地址则不过滤。
filter = false;
}
}
}
//得到应用服务器类型
String appServer = config.getInitParameter("appServer");
if(filter)//需要过滤
{
if("tomcat".equals(appServer))//应用服务器为tomcat时则:
{
if(checkTomcat(req,res))
{
String webapp = req.getContextPath();
res.sendRedirect(webapp + "/charError/charError.html");
}
else
{
chain.doFilter(request, response);
}
}
else//应用服务器为weblogic时则:
{
Map m = req.getParameterMap();
if(req instanceof ParameterRequestWrapper) {
m = ((ParameterRequestWrapper)req).getSuperRequest().getParameterMap();
req = ((ParameterRequestWrapper)req).getSuperRequest();
}
//System.out.println(((String[])m.get("op"))[0] + "-----------" + req.getParameter("op"));
ParameterRequestWrapper wrapRequest=new ParameterRequestWrapper(req, m);
if(checkWeblogic(wrapRequest, res))
{
String webapp = req.getContextPath();
res.sendRedirect(webapp + "/charError/charError.html");
}
else
{
chain.doFilter(wrapRequest, response);
}
}
}
else//不需要过滤
{
chain.doFilter(request, response);
}
}
public boolean checkWeblogic(HttpServletRequest req, HttpServletResponse response) {
Map map = req.getParameterMap();
Set set = map.entrySet();
//request中的参数设置
boolean bl = false;
if (map != null) {
for (Iterator it = set.iterator(); it.hasNext();) {
Map.Entry entry = (Entry) it.next();
if (entry.getValue() instanceof String[]) {
String[] values = (String[]) entry.getValue();
for (int i = 0; i < values.length; i++) {
//替换成全角字符。
values[i] = getQjString(values[i]);
//是否包含有特殊字符
if (getCheckString(values[i])) {
return true;
}
}
}
}
}
//cookie过滤:除了JSESSIONID以外的cookie进行过滤
Cookie[] cookies = req.getCookies();
String cookieName = "";
String cookieValue="";
if(cookies!=null)
{
for (int i = 0; i < cookies.length; i++)
{
Cookie c = cookies[i];
cookieName = c.getName();
//System.out.println("=======cookie:"+cookieName);
if(cookieName!= null && !"JSESSIONID".equals(cookieName.toUpperCase()))
{
cookieValue = c.getValue();
if (getCheckString(cookieValue)) {
return true;
}
//进行特殊字符替换
cookieValue = getQjString(cookieValue);
c.setValue(cookieValue);
response.addCookie(c) ;
}
}
}
return bl;
}
public boolean checkTomcat(HttpServletRequest req, HttpServletResponse response) {
Map map = req.getParameterMap();
//运用反射机制,让其可修改。
try
{
Method method=map.getClass().getMethod("setLocked",new Class[]{boolean.class});
method.invoke(map,new Object[]{new Boolean(false)});
}
catch(Exception e)
{
e.printStackTrace();
}
Set set = map.entrySet();
boolean bl = false;
if (map != null) {
for (Iterator it = set.iterator(); it.hasNext();) {
Map.Entry entry = (Entry) it.next();
if (entry.getValue() instanceof String[]) {
String[] values = (String[]) entry.getValue();
for (int i = 0; i < values.length; i++) {
//替换成全角字符。
values[i] = getQjString(values[i]);
//是否包含有特殊字符
if (getCheckString(values[i])) {
return true;
}
}
}
}
}
//cookie过滤:除了JSESSIONID以外的cookie进行过滤
Cookie[] cookies = req.getCookies();
String cookieName = "";
String cookieValue="";
if(cookies!=null)
{
for (int i = 0; i < cookies.length; i++)
{
Cookie c = cookies[i];
cookieName = c.getName();
//System.out.println("=======cookie:"+cookieName);
if(!"JSESSIONID".equals(cookieName))
{
cookieValue = c.getValue();
if (getCheckString(cookieValue)) {
return true;
}
//进行特殊字符替换
cookieValue = getQjString(cookieValue);
c.setValue(cookieValue);
response.addCookie(c) ;
}
}
}
return bl;
}
//特殊符号替换成全角.
/*
单引号'
双引号"
小于号<
大于号>
分号;
等号=
注释符--
尖括号<>
百分比%
括号()
与符号&
加号+
*/
public String getQjString(String parameter)
{
if (parameter == null || "".equals(parameter)) {
return "";
}
parameter = parameter.replaceAll("'","‘");// 单引号
parameter = parameter.replaceAll("--","--");//注释符
parameter = parameter.replaceAll("=","=");//等号
parameter = parameter.replaceAll("\"","“");//双引号
parameter = parameter.replaceAll("<","《");//小于号
parameter = parameter.replaceAll(">","》");//大于号
parameter = parameter.replaceAll(";",";");//分号
parameter = parameter.replaceAll("<>","《》");//尖括号
parameter = parameter.replaceAll("%","%");//百分比
//parameter = parameter.replaceAll("()","()");//括号
//parameter = parameter.replaceAll("(","(");//前括号
//parameter = parameter.replaceAll(")",")");//后括号
parameter = parameter.replaceAll("&"," ");//与符号
//parameter = parameter.replaceAll("+","+");// 加号
return parameter;
}
// 检查字符串是否有特殊字符
public boolean getCheckString(String parameter) {
if (parameter == null || "".equals(parameter)) {
return false;
}
// if (parameter.indexOf("'") >= 0){// 单引号
// return true;
// }
// if (parameter.indexOf("--") >= 0){//
// return true;
// }
// if (parameter.indexOf("=") >= 0){//
// return true;
// }
// if (parameter.indexOf("\"") >= 0){// 双引号
// return true;
// }
// if (parameter.indexOf("<") >= 0){// 小于号
// return true;
// }
// if (parameter.indexOf(">") >= 0){// 大于号
// return true;
// }
// if (parameter.indexOf(";") >= 0){// 分号
// return true;
// }
parameter = parameter.toLowerCase();
if (parameter.indexOf("script") >= 0){// 有javascript代码
parameter.replaceAll(" ", "");
if (parameter.indexOf("script") >= 0)return true;
}
return false;
}
public void destroy() {
this.config = null;
}
public void init(FilterConfig filterConfig) throws ServletException {
this.config = filterConfig;
}
public String toParamenterString(Object obj) {
if (obj == null)
return "NULL";
if (obj instanceof String[]) {
StringBuffer sb = new StringBuffer();
String[] values = (String[]) obj;
for (int i = 0; i < values.length; i++) {
sb.append(values[i] + ",");
}
return sb.toString();
}
if (obj instanceof String) {
return obj.toString();
}
return obj.toString();
}
public void printHttpHeader(HttpServletRequest request) {
Enumeration e = request.getHeaderNames();
if (e != null) {
System.out.println("\n\n\n开始打印HTTP头信息");
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
String value = request.getHeader(name);
System.out.println(name + "=" + value);
}
System.out.println("打印完毕\n\n\n");
}
}
// Map map = req.getParameterMap();
// Set set = map.entrySet();
// System.out.println("\n\n\n\n开始打印参数列表:");
// for (Iterator it = set.iterator(); it.hasNext();) {
// Map.Entry entry = (Entry) it.next();
// System.out.println(entry.getKey() + "="
// + toParamenterString(entry.getValue()));
// }
// System.out.println("参数列表打印完毕\n\n\n\n");
}
ParameterRequestWrapper.java
package com.hyjx.filter;
import java.util.Enumeration;
import java.util.Map;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
public class ParameterRequestWrapper extends HttpServletRequestWrapper {
private Map params;
private HttpServletRequest request ;
public ParameterRequestWrapper(HttpServletRequest request, Map newParams)
{
super(request);
this.params = newParams;
this.request = request;
}
public HttpServletRequest getSuperRequest(){
return this.request;
}
public Map getParameterMap()
{
return params;
}
public Enumeration getParameterNames()
{
Vector l = new Vector(params.keySet());
return l.elements();
}
public String[] getParameterValues(String name)
{
Object v = params.get(name);
if (v == null)
{
return super.getParameterValues(name);
} else if (v instanceof String[])
{
return (String[]) v;
} else if (v instanceof String)
{
return new String[]
{ (String) v };
} else
{
return new String[]
{ v.toString() };
}
}
public String getParameter(String name)
{
Object v = params.get(name);
/*
if("op".equals(name))
{
return super.getParameter(name);
}
*/
//System.out.println("11111111111111111111111111111111"+super.getParameter(name));
if (v == null)
{
return super.getParameter(name);
} else if (v instanceof String[])
{
String[] strArr = (String[]) v;
if (strArr.length > 0)
{
return strArr[0];
} else
{
return null;
}
} else if (v instanceof String)
{
return (String) v;
} else
{
return v.toString();
}
}
}
第二步:在你工程的web.xml中加入如下代码:
<filter>
<filter-name>CharFilter</filter-name>
<filter-class>com.hangyjx.filter.CharFilter</filter-class>
<init-param>
<param-name>excludeURL</param-name>
<param-value>columncontentAction!insert.dhtml,columncontentAction!update.dhtml</param-value>
</init-param>
<init-param>
<param-name>appServer</param-name>
<param-value>weblogic</param-value>
</init-param>
</filter>
第三步:写一个错误提示页面。
就是第一个类中的/charError/charError.html