<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID"
version="2.5">
<listener>
<listener-class>com.dhcc.framework.extcomponent.ui.formconfig.listener.LoadXmlConfigListener</listener-class>
</listener>
<listener>
<listener-class>com.business.login.OnlineCounterListener</listener-class>
</listener>
<listener>
<listener-class>com.dhcc.framework.util.LoginServlet</listener-class>
</listener>
<filter>
<filter-name>StringFilter</filter-name>
<filter-class>com.business.filter.StringFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>StringFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>ssotokenfilter</filter-name>
<filter-class>com.business.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ssotokenfilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>MCCServlet</servlet-name>
<servlet-class>com.dhcc.framework.core.MCCServlet</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet>
<display-name>loadStartUpServlet</display-name>
<servlet-name>loadStartUpServlet</servlet-name>
<servlet-class>com.dhcc.framework.core.LoadStartUpServlet</servlet-class>
<load-on-startup>100</load-on-startup>
</servlet>
<servlet>
<servlet-name>loadEngineServlet</servlet-name>
<servlet-class>com.dhcc.workflow.loadEngineServlet</servlet-class>
<load-on-startup>200</load-on-startup>
</servlet>
<servlet>
<display-name>Quartz Initializer Servlet</display-name>
<servlet-name>QuartzInitializer</servlet-name>
<servlet-class>org.quartz.ee.servlet.QuartzInitializerServlet</servlet-class>
<init-param>
<param-name>config-file</param-name>
<param-value>/quartz.properties</param-value>
</init-param>
<init-param>
<param-name>shutdown-on-unload</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>start-scheduler-on-load</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>5</load-on-startup>
</servlet>
<servlet>
<servlet-name>TreeServlet</servlet-name>
<servlet-class>com.dhcc.framework.tree.TreeServlet</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet>
<servlet-name>ClientTreeServlet</servlet-name>
<servlet-class>com.dhcc.workflow.client.tree.TreeServlet</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet>
<servlet-name>OrganizationServlet</servlet-name>
<servlet-class>com.dhcc.framework.organization.action.OrganizationServlet</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet>
<servlet-name>DocumentIDCodeServlet</servlet-name>
<servlet-class>com.dhcc.framework.util.DocumentIDCodeServlet</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet>
<servlet-name>YozoUploadServlet</servlet-name>
<servlet-class>com.dhcc.framework.upload.servlet.YozoUploadServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>WpsUploadServlet</servlet-name>
<servlet-class>com.dhcc.framework.upload.servlet.WpsUploadServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>FoxitDownloadServlet</servlet-name>
<servlet-class>com.dhcc.framework.upload.servlet.FoxitDownloadServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>FoxitUploadServlet</servlet-name>
<servlet-class>com.dhcc.framework.upload.servlet.FoxitUploadServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>SuwellUploadServlet</servlet-name>
<servlet-class>com.dhcc.framework.upload.servlet.SuwellUploadServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>dbpoolAdmin</servlet-name>
<servlet-class>org.logicalcobwebs.proxool.admin.servlet.AdminServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>MCCServlet</servlet-name>
<url-pattern>/mcc</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TreeServlet</servlet-name>
<url-pattern>/treeServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ClientTreeServlet</servlet-name>
<url-pattern>/clientTreeServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>YozoUploadServlet</servlet-name>
<url-pattern>/yozoUpload</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>WpsUploadServlet</servlet-name>
<url-pattern>/wpsUpload</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>FoxitDownloadServlet</servlet-name>
<url-pattern>/foxitDownload</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>FoxitUploadServlet</servlet-name>
<url-pattern>/foxitUpload</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SuwellUploadServlet</servlet-name>
<url-pattern>/suwellUpload</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>OrganizationServlet</servlet-name>
<url-pattern>/organizationServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DocumentIDCodeServlet</servlet-name>
<url-pattern>/documentIDCodeServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>dbpoolAdmin</servlet-name>
<url-pattern>/dbpoolAdmin</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>XFireServlet</servlet-name>
<servlet-class>org.codehaus.xfire.transport.http.XFireConfigurableServlet</servlet-class>
<load-on-startup>0</load-on-startup>
</servlet>
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>com.dhcc.framework.util.LoginServlet</servlet-class>
</servlet>
<servlet>
<description>This is the description of my J2EE component</description>
<display-name>This is the display name of my J2EE component</display-name>
<servlet-name>getStenByName</servlet-name>
<servlet-class>com.dhcc.performance.stencil.util.getStenByName</servlet-class>
</servlet>
<servlet>
<servlet-name>test</servlet-name>
<servlet-class>com.dhcc.performance.stencil.util.test</servlet-class>
</servlet> <servlet-mapping>
<servlet-name>XFireServlet</servlet-name>
<url-pattern>/services/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/login.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/reLogin.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/getUserMsg.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>getStenByName</servlet-name>
<url-pattern>/getStenByName</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>test</servlet-name>
<url-pattern>/servlet/test</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>login.html</welcome-file>
<welcome-file>/index.html</welcome-file>
<welcome-file>/index.htm</welcome-file>
</welcome-file-list>
<jsp-config>
<taglib>
<taglib-uri>http://www.dhcc.com.cn/dhccTag</taglib-uri>
<taglib-location>/WEB-INF/dhccTag.tld</taglib-location>
</taglib>
</jsp-config>
</web-app>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID"
version="2.5">
<listener>
<listener-class>com.dhcc.framework.extcomponent.ui.formconfig.listener.LoadXmlConfigListener</listener-class>
</listener>
<listener>
<listener-class>com.business.login.OnlineCounterListener</listener-class>
</listener>
<listener>
<listener-class>com.dhcc.framework.util.LoginServlet</listener-class>
</listener>
<filter>
<filter-name>StringFilter</filter-name>
<filter-class>com.business.filter.StringFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>StringFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>ssotokenfilter</filter-name>
<filter-class>com.business.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ssotokenfilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>MCCServlet</servlet-name>
<servlet-class>com.dhcc.framework.core.MCCServlet</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet>
<display-name>loadStartUpServlet</display-name>
<servlet-name>loadStartUpServlet</servlet-name>
<servlet-class>com.dhcc.framework.core.LoadStartUpServlet</servlet-class>
<load-on-startup>100</load-on-startup>
</servlet>
<servlet>
<servlet-name>loadEngineServlet</servlet-name>
<servlet-class>com.dhcc.workflow.loadEngineServlet</servlet-class>
<load-on-startup>200</load-on-startup>
</servlet>
<servlet>
<display-name>Quartz Initializer Servlet</display-name>
<servlet-name>QuartzInitializer</servlet-name>
<servlet-class>org.quartz.ee.servlet.QuartzInitializerServlet</servlet-class>
<init-param>
<param-name>config-file</param-name>
<param-value>/quartz.properties</param-value>
</init-param>
<init-param>
<param-name>shutdown-on-unload</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>start-scheduler-on-load</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>5</load-on-startup>
</servlet>
<servlet>
<servlet-name>TreeServlet</servlet-name>
<servlet-class>com.dhcc.framework.tree.TreeServlet</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet>
<servlet-name>ClientTreeServlet</servlet-name>
<servlet-class>com.dhcc.workflow.client.tree.TreeServlet</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet>
<servlet-name>OrganizationServlet</servlet-name>
<servlet-class>com.dhcc.framework.organization.action.OrganizationServlet</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet>
<servlet-name>DocumentIDCodeServlet</servlet-name>
<servlet-class>com.dhcc.framework.util.DocumentIDCodeServlet</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet>
<servlet-name>YozoUploadServlet</servlet-name>
<servlet-class>com.dhcc.framework.upload.servlet.YozoUploadServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>WpsUploadServlet</servlet-name>
<servlet-class>com.dhcc.framework.upload.servlet.WpsUploadServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>FoxitDownloadServlet</servlet-name>
<servlet-class>com.dhcc.framework.upload.servlet.FoxitDownloadServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>FoxitUploadServlet</servlet-name>
<servlet-class>com.dhcc.framework.upload.servlet.FoxitUploadServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>SuwellUploadServlet</servlet-name>
<servlet-class>com.dhcc.framework.upload.servlet.SuwellUploadServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>dbpoolAdmin</servlet-name>
<servlet-class>org.logicalcobwebs.proxool.admin.servlet.AdminServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>MCCServlet</servlet-name>
<url-pattern>/mcc</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TreeServlet</servlet-name>
<url-pattern>/treeServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ClientTreeServlet</servlet-name>
<url-pattern>/clientTreeServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>YozoUploadServlet</servlet-name>
<url-pattern>/yozoUpload</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>WpsUploadServlet</servlet-name>
<url-pattern>/wpsUpload</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>FoxitDownloadServlet</servlet-name>
<url-pattern>/foxitDownload</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>FoxitUploadServlet</servlet-name>
<url-pattern>/foxitUpload</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SuwellUploadServlet</servlet-name>
<url-pattern>/suwellUpload</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>OrganizationServlet</servlet-name>
<url-pattern>/organizationServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DocumentIDCodeServlet</servlet-name>
<url-pattern>/documentIDCodeServlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>dbpoolAdmin</servlet-name>
<url-pattern>/dbpoolAdmin</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>XFireServlet</servlet-name>
<servlet-class>org.codehaus.xfire.transport.http.XFireConfigurableServlet</servlet-class>
<load-on-startup>0</load-on-startup>
</servlet>
<servlet>
<servlet-name>LoginServlet</servlet-name>
<servlet-class>com.dhcc.framework.util.LoginServlet</servlet-class>
</servlet>
<servlet>
<description>This is the description of my J2EE component</description>
<display-name>This is the display name of my J2EE component</display-name>
<servlet-name>getStenByName</servlet-name>
<servlet-class>com.dhcc.performance.stencil.util.getStenByName</servlet-class>
</servlet>
<servlet>
<servlet-name>test</servlet-name>
<servlet-class>com.dhcc.performance.stencil.util.test</servlet-class>
</servlet> <servlet-mapping>
<servlet-name>XFireServlet</servlet-name>
<url-pattern>/services/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/login.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/reLogin.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>/getUserMsg.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>getStenByName</servlet-name>
<url-pattern>/getStenByName</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>test</servlet-name>
<url-pattern>/servlet/test</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>login.html</welcome-file>
<welcome-file>/index.html</welcome-file>
<welcome-file>/index.htm</welcome-file>
</welcome-file-list>
<jsp-config>
<taglib>
<taglib-uri>http://www.dhcc.com.cn/dhccTag</taglib-uri>
<taglib-location>/WEB-INF/dhccTag.tld</taglib-location>
</taglib>
</jsp-config>
</web-app>
import java.io.IOException;
import java.util.Enumeration;
import java.util.Iterator;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
/**
* 防sql注入过滤器,使用时需要注意可能会过滤掉正常访问
* @version 1.0
*/
public class StringFilter implements Filter {
public static final Logger logger = Logger.getLogger(sun.reflect.Reflection.getCallerClass(1));
//需要过滤的post参数值字符(不需要空格 可能会对系统访问有影响,请注意删减关键字)
private static String postStr="%20,script";
//需要过滤的post字符(可能会对系统访问有影响,请注意删减关键字)
//private static String sqlStr="<,>,and,exec,insert,select,%20,delete,update,count,*,%,chr,mid,master,truncate,char,like,declare,&,#,(,),/**/,=,script,\u0023,redirect:,xwork2";
// --and , count
private static String sqlStr="exec,insert,select,%20,delete,update,chr,master,truncate,char,like,declare,#,/**/,script,\u0023,redirect:,xwork2";
//需要过滤的url字符(可能会对系统访问有影响,请注意删减关键字)
private static String urlStr="%20,%22,%27,<,>,master,truncate,char,script,java.lang.ProcessBuilder,java.lang.String,/etc/,\u0023,redirect:,xwork2,\u0073\u0063\u0072\u0069\u0070\u0074";
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {
request.setCharacterEncoding("utf-8");
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
Enumeration names = req.getParameterNames();//获取所有的表单参数
String gotoUrl=req.getRequestURI(); //获取访问的url
String queryString = req.getQueryString();
//判断所有的参数名是否有非法字符
while(names.hasMoreElements()){
String st=names.nextElement().toString();
if(strInj(st,sqlStr)||strInj2(st,urlStr)){
req.getSession().setAttribute("msgStr", "请不要输入非法参数:"+req.getParameter(st)+" !");
res.sendRedirect(req.getContextPath()+"/jsp/common/error.jsp");
return;
}
}
//判断所有的参数值是否有非法字符
Iterator values = req.getParameterMap().values().iterator();//获取所有的表单参数
while(values.hasNext()){
String[] value = (String[])values.next();
for(int i = 0;i < value.length;i++){
if(strInj(value[i],sqlStr)||strInj2(value[i],postStr)){
request.setAttribute("msgStr", "请不要输入非法参数:"+value[i]+" !");
res.sendRedirect(req.getContextPath()+"/jsp/common/error.jsp");
return;
}
}
}
//判断访问的url中是否有非法参数
if(queryString!=null&&strInj2(queryString,urlStr)){
req.getSession().setAttribute("msgStr", "请不要输入非法参数 !");
res.sendRedirect(req.getContextPath()+"/jsp/common/error.jsp");
return;
}
chain.doFilter(request, response);
}
/**
* 判断字符是否包含非法字符
* @param str
* @return
*/
public static boolean strInj(String str,String standStr){
if(str==null||str.length()==0)return false;
String[] inj_stra=standStr.split(",");
for (int i=0 ; i < inj_stra.length ; i++ ){
if (inj_stra[i].length()>0&&str.toLowerCase().indexOf(inj_stra[i])>=0){
System.out.println(inj_stra[i]);
return true;
}
}
return false;
}
/**
* 判断字符是否包含非法字符,没有空格
* @param str
* @return
*/
public boolean strInj2(String str,String standStr){
if(str==null||str.length()==0)return false;
String[] inj_stra=standStr.split(",");
for (int i=0 ; i < inj_stra.length ; i++ ){
if (inj_stra[i].length()>0&&str.toLowerCase().indexOf(inj_stra[i])>=0){
return true;
}
}
return false;
}
public void init(FilterConfig cfg) throws ServletException {
System.out.println("xml黄辣丁拉开几点啦");
}
// public static void main(String[] args){
// SqlFilter2 sf = new SqlFilter2();
// String st = "standardPrice";
// if(strInj(st,sqlStr)){
// System.out.println("=======:"+sqlStr.indexOf(st));
// }
// if(sf.strInj2(st,urlStr)){
// System.out.println("=======:"+urlStr.indexOf(st));
// }
// }
}