来自菜鸟程序媛的求助。filter过滤器,在webxml配置了,过滤全局的servlet,但是没有进这个servlet,怎么回事呢

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
  id="WebApp_ID"
  version="2.5">
  <listener>
    <listener-class>com.dhcc.framework.extcomponent.ui.formconfig.listener.LoadXmlConfigListener</listener-class>
  </listener>
  <listener>
    <listener-class>com.business.login.OnlineCounterListener</listener-class>
  </listener>
   <listener>
    <listener-class>com.dhcc.framework.util.LoginServlet</listener-class>
  </listener>
  
  <filter>
    <filter-name>StringFilter</filter-name>
    <filter-class>com.business.filter.StringFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>StringFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  
  <filter>
    <filter-name>ssotokenfilter</filter-name>
    <filter-class>com.business.filter.LoginFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>ssotokenfilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <servlet>
    <servlet-name>MCCServlet</servlet-name>
    <servlet-class>com.dhcc.framework.core.MCCServlet</servlet-class>
    <load-on-startup>3</load-on-startup>
  </servlet>
  <servlet>
    <display-name>loadStartUpServlet</display-name>
    <servlet-name>loadStartUpServlet</servlet-name>
    <servlet-class>com.dhcc.framework.core.LoadStartUpServlet</servlet-class>
    <load-on-startup>100</load-on-startup>
  </servlet>
  <servlet>
    <servlet-name>loadEngineServlet</servlet-name>
    <servlet-class>com.dhcc.workflow.loadEngineServlet</servlet-class>
    <load-on-startup>200</load-on-startup>
  </servlet>
  <servlet>
    <display-name>Quartz Initializer Servlet</display-name>
    <servlet-name>QuartzInitializer</servlet-name>
    <servlet-class>org.quartz.ee.servlet.QuartzInitializerServlet</servlet-class>
    <init-param>
      <param-name>config-file</param-name>
      <param-value>/quartz.properties</param-value>
    </init-param>
    <init-param>
      <param-name>shutdown-on-unload</param-name>
      <param-value>true</param-value>
    </init-param>
    <init-param>
      <param-name>start-scheduler-on-load</param-name>
      <param-value>true</param-value>
    </init-param>
    <load-on-startup>5</load-on-startup>
  </servlet>
  <servlet>
    <servlet-name>TreeServlet</servlet-name>
    <servlet-class>com.dhcc.framework.tree.TreeServlet</servlet-class>
    <load-on-startup>3</load-on-startup>
  </servlet>
  <servlet>
    <servlet-name>ClientTreeServlet</servlet-name>
    <servlet-class>com.dhcc.workflow.client.tree.TreeServlet</servlet-class>
    <load-on-startup>3</load-on-startup>
  </servlet>
  <servlet>
    <servlet-name>OrganizationServlet</servlet-name>
    <servlet-class>com.dhcc.framework.organization.action.OrganizationServlet</servlet-class>
    <load-on-startup>3</load-on-startup>
  </servlet>
  <servlet>
    <servlet-name>DocumentIDCodeServlet</servlet-name>
    <servlet-class>com.dhcc.framework.util.DocumentIDCodeServlet</servlet-class>
    <load-on-startup>3</load-on-startup>
  </servlet>
  <servlet>
    <servlet-name>YozoUploadServlet</servlet-name>
    <servlet-class>com.dhcc.framework.upload.servlet.YozoUploadServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>WpsUploadServlet</servlet-name>
    <servlet-class>com.dhcc.framework.upload.servlet.WpsUploadServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>FoxitDownloadServlet</servlet-name>
    <servlet-class>com.dhcc.framework.upload.servlet.FoxitDownloadServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>FoxitUploadServlet</servlet-name>
    <servlet-class>com.dhcc.framework.upload.servlet.FoxitUploadServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>SuwellUploadServlet</servlet-name>
    <servlet-class>com.dhcc.framework.upload.servlet.SuwellUploadServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>dbpoolAdmin</servlet-name>
    <servlet-class>org.logicalcobwebs.proxool.admin.servlet.AdminServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>MCCServlet</servlet-name>
    <url-pattern>/mcc</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>TreeServlet</servlet-name>
    <url-pattern>/treeServlet</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>ClientTreeServlet</servlet-name>
    <url-pattern>/clientTreeServlet</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>YozoUploadServlet</servlet-name>
    <url-pattern>/yozoUpload</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>WpsUploadServlet</servlet-name>
    <url-pattern>/wpsUpload</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>FoxitDownloadServlet</servlet-name>
    <url-pattern>/foxitDownload</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>FoxitUploadServlet</servlet-name>
    <url-pattern>/foxitUpload</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>SuwellUploadServlet</servlet-name>
    <url-pattern>/suwellUpload</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>OrganizationServlet</servlet-name>
    <url-pattern>/organizationServlet</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>DocumentIDCodeServlet</servlet-name>
    <url-pattern>/documentIDCodeServlet</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>dbpoolAdmin</servlet-name>
    <url-pattern>/dbpoolAdmin</url-pattern>
  </servlet-mapping>
  <servlet>
    <servlet-name>XFireServlet</servlet-name>
    <servlet-class>org.codehaus.xfire.transport.http.XFireConfigurableServlet</servlet-class>
    <load-on-startup>0</load-on-startup>
  </servlet>
  <servlet>
    
    <servlet-name>LoginServlet</servlet-name>
    <servlet-class>com.dhcc.framework.util.LoginServlet</servlet-class>
  </servlet>
  <servlet>
    <description>This is the description of my J2EE component</description>
    <display-name>This is the display name of my J2EE component</display-name>
    <servlet-name>getStenByName</servlet-name>
    <servlet-class>com.dhcc.performance.stencil.util.getStenByName</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>test</servlet-name>
    <servlet-class>com.dhcc.performance.stencil.util.test</servlet-class>
  </servlet>  <servlet-mapping>
    <servlet-name>XFireServlet</servlet-name>
    <url-pattern>/services/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>LoginServlet</servlet-name>
    <url-pattern>/login.do</url-pattern>
  </servlet-mapping>
    <servlet-mapping>
    <servlet-name>LoginServlet</servlet-name>
    <url-pattern>/reLogin.do</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>LoginServlet</servlet-name>
    <url-pattern>/getUserMsg.do</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>getStenByName</servlet-name>
    <url-pattern>/getStenByName</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>test</servlet-name>
    <url-pattern>/servlet/test</url-pattern>
  </servlet-mapping>
  
  
  
  
  <welcome-file-list>
    <welcome-file>login.html</welcome-file>
    <welcome-file>/index.html</welcome-file>
    <welcome-file>/index.htm</welcome-file>
  </welcome-file-list>
  <jsp-config>
    <taglib>
      <taglib-uri>http://www.dhcc.com.cn/dhccTag</taglib-uri>
      <taglib-location>/WEB-INF/dhccTag.tld</taglib-location>
    </taglib>
  </jsp-config>
</web-app>

解决方案 »

  1.   

    package com.business.filter;
        import java.io.IOException;  
        import java.util.Enumeration;  
        import java.util.Iterator;  
          
        import javax.servlet.Filter;  
        import javax.servlet.FilterChain;  
        import javax.servlet.FilterConfig;  
        import javax.servlet.ServletException;  
        import javax.servlet.ServletRequest;  
        import javax.servlet.ServletResponse;  
        import javax.servlet.http.HttpServletRequest;  
        import javax.servlet.http.HttpServletResponse;  
          
        import org.apache.log4j.Logger;  
          
        /** 
         * 防sql注入过滤器,使用时需要注意可能会过滤掉正常访问 
         * @version 1.0 
         */  
        public class StringFilter implements Filter {  
            public static final Logger logger = Logger.getLogger(sun.reflect.Reflection.getCallerClass(1));  
              
            //需要过滤的post参数值字符(不需要空格 可能会对系统访问有影响,请注意删减关键字)  
            private static String postStr="%20,script";  
            //需要过滤的post字符(可能会对系统访问有影响,请注意删减关键字)  
            //private static String sqlStr="<,>,and,exec,insert,select,%20,delete,update,count,*,%,chr,mid,master,truncate,char,like,declare,&,#,(,),/**/,=,script,\u0023,redirect:,xwork2";  
            // --and , count  
            private static String sqlStr="exec,insert,select,%20,delete,update,chr,master,truncate,char,like,declare,#,/**/,script,\u0023,redirect:,xwork2";  
            //需要过滤的url字符(可能会对系统访问有影响,请注意删减关键字)  
            private static String urlStr="%20,%22,%27,<,>,master,truncate,char,script,java.lang.ProcessBuilder,java.lang.String,/etc/,\u0023,redirect:,xwork2,\u0073\u0063\u0072\u0069\u0070\u0074";  
            public void destroy() {  
           }  
          
            public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {  
                request.setCharacterEncoding("utf-8");  
                HttpServletRequest req = (HttpServletRequest)request;  
                HttpServletResponse res = (HttpServletResponse)response;      
          
                Enumeration names = req.getParameterNames();//获取所有的表单参数  
                String gotoUrl=req.getRequestURI();  //获取访问的url  
                String queryString = req.getQueryString();  
                  
                //判断所有的参数名是否有非法字符  
                while(names.hasMoreElements()){           
                String st=names.nextElement().toString();  
                       if(strInj(st,sqlStr)||strInj2(st,urlStr)){  
                           req.getSession().setAttribute("msgStr", "请不要输入非法参数:"+req.getParameter(st)+" !");  
                           res.sendRedirect(req.getContextPath()+"/jsp/common/error.jsp");  
                           return;  
                       }  
             
                }   
                  
                //判断所有的参数值是否有非法字符  
                Iterator values = req.getParameterMap().values().iterator();//获取所有的表单参数  
                while(values.hasNext()){  
                   String[] value = (String[])values.next();  
                   for(int i = 0;i < value.length;i++){  
                       if(strInj(value[i],sqlStr)||strInj2(value[i],postStr)){  
                           request.setAttribute("msgStr", "请不要输入非法参数:"+value[i]+" !");  
                           res.sendRedirect(req.getContextPath()+"/jsp/common/error.jsp");  
                           return;  
                       }  
          
                   }  
                }   
                  
                //判断访问的url中是否有非法参数  
                if(queryString!=null&&strInj2(queryString,urlStr)){  
                        req.getSession().setAttribute("msgStr", "请不要输入非法参数 !");  
                        res.sendRedirect(req.getContextPath()+"/jsp/common/error.jsp");  
                        return;  
                }  
              
                  
                chain.doFilter(request, response);  
            }  
              
            /** 
             * 判断字符是否包含非法字符 
             * @param str 
             * @return 
             */  
            public static boolean strInj(String str,String standStr){  
                if(str==null||str.length()==0)return false;  
                String[] inj_stra=standStr.split(",");  
                for (int i=0 ; i < inj_stra.length ; i++ ){  
                    if (inj_stra[i].length()>0&&str.toLowerCase().indexOf(inj_stra[i])>=0){     
                        System.out.println(inj_stra[i]);  
                       return true;   
                    }  
                }     
                return false;  
            }  
              
            /** 
             * 判断字符是否包含非法字符,没有空格 
             * @param str 
             * @return 
             */  
            public boolean strInj2(String str,String standStr){  
                if(str==null||str.length()==0)return false;  
                String[] inj_stra=standStr.split(",");  
                for (int i=0 ; i < inj_stra.length ; i++ ){  
                    if (inj_stra[i].length()>0&&str.toLowerCase().indexOf(inj_stra[i])>=0){     
                       return true;   
                    }  
                }     
                return false;  
            }  
          
          
            public void init(FilterConfig cfg) throws ServletException {  
                  System.out.println("xml黄辣丁拉开几点啦");
            }  
              
    //        public static void main(String[] args){  
     //           SqlFilter2 sf = new SqlFilter2();  
    //            String st = "standardPrice";  
     //           if(strInj(st,sqlStr)){  
     //               System.out.println("=======:"+sqlStr.indexOf(st));  
     //              }  
    //            if(sf.strInj2(st,urlStr)){  
    //                System.out.println("=======:"+urlStr.indexOf(st));  
     //           }  
    //        }  
        }  
      

  2.   

    有没有大神知道是怎么回事啊?我要实现全局过滤特殊字符,但是现在的问题是他没有过滤,我在StringFilter里打断点,也没有进,不知道咋回事。求大神解答!谢谢!
      

  3.   

    另外一个Filter也不能进去么
      

  4.   

    在哪打的断点?doFilter?
      

  5.   

    嘿呦喂,解决啦,哈哈,是tongweb中间件没有重新部署,我在myeclipse里重新部署不好使。谢谢各位
      

  6.   

    这是真理,你的路径写错了。看看你的包名是不是有.java字段
      

  7.   

    两个filter全部过滤,没毛病,老姐