0%

HttpServletRequestWrapper过滤HttpRequest请求

发表于 分类于

文章字数:101,阅读全文大约需要1分钟

HttpServletRequestWrapper使用了装饰模式可以增强request

包装

1
request=new RequestWrapper((HttpServletRequest)request);

实现

1
2
3
4
5
6
7
8
9
10
11
12
13
class RequestWrapper extends HttpServletRequestWrapper{
    //重写需要修改的方法
    @Override
    public String getParameter(String name) {
		return filter(super.getRequest().getParameter("name"));
    }
  
    //过滤...
    private String filter(String value){
        //...
        return value;
    }
}

使用

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
@WebFilter(filterName = "xssFilter", urlPatterns = { "/*" })
public class XSSFilterimplements Filter {

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {}

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {

        // 对request和response进行一些预处理
        request.setCharacterEncoding("UTF-8");
        response.setCharacterEncoding("UTF-8");
        response.setContentType("text/html;charset=UTF-8");
        // 包装一下request
        chain.doFilter(new RequestWrapper((HttpServletRequest)request), response); // 让目标资源执行,放行
    }

    @Override
    public void destroy() {}
}