我想用filter过滤一些非法的字符
HttpServletRequest req = (HttpServletRequest)request;
Enumeration<?> keys = req.getParameterNames();
while (keys.hasMoreElements()) {
key = keys.nextElement().toString();
value = req.getParameter(key);
//这里replace掉非法的字符 然后返回
//问题是怎么塞到request中去
}
没有request.setParameter这个方法啊。
有除了setAttribute之外的方法吗。
HttpServletRequest req = (HttpServletRequest)request;
Enumeration<?> keys = req.getParameterNames();
while (keys.hasMoreElements()) {
key = keys.nextElement().toString();
value = req.getParameter(key);
//这里replace掉非法的字符 然后返回
//问题是怎么塞到request中去
}
没有request.setParameter这个方法啊。
有除了setAttribute之外的方法吗。
1. package com.tongtech.bjvsp.sysmng.filter;
2.
3. import java.io.IOException;
4. import java.io.PrintWriter;
5.
6. import javax.servlet.Filter;
7. import javax.servlet.FilterChain;
8. import javax.servlet.FilterConfig;
9. import javax.servlet.ServletException;
10. import javax.servlet.ServletRequest;
11. import javax.servlet.ServletResponse;
12. import javax.servlet.http.HttpServlet;
13. import javax.servlet.http.HttpServletRequest;
14. import javax.servlet.http.HttpServletResponse;
15.
16. import com.tongtech.bjvsp.sysmng.constant.ConstantServlet;
17.
18. public class EncodingFilter extends HttpServlet implements Filter {
19. private FilterConfig filterConfig;
20.
21. // Handle the passed-in FilterConfig
22. public void init(FilterConfig filterConfig) throws ServletException {
23. this.filterConfig = filterConfig;
24. }
25.
26. // Process the request/response pair
27. public void doFilter(ServletRequest request, ServletResponse response,
28. FilterChain filterChain) {
29. try {
30.
31. HttpServletRequest httpRequest = (HttpServletRequest) request;
32. HttpServletResponse httpResponse = (HttpServletResponse) response;
33. boolean isValid = true;
34. String uriStr = httpRequest.getRequestURI();
35. if (uriStr.indexOf(".jsp") == -1 && uriStr.indexOf(".do") == -1) {
36. isValid = true;
37. } else if (uriStr.indexOf("login.jsp") == -1 && uriStr.indexOf("login.do") == -1
38. && httpRequest.getSession().getAttribute("UserWraper") == null) {
39. isValid = false;
40. }
41.
42. if (isValid) {
43. request.setCharacterEncoding("GBK");
44. filterChain.doFilter(request, response);
45. }
46.
47. else {
48. request.setCharacterEncoding("GBK");
49. PrintWriter out = httpResponse.getWriter();
50. if( uriStr.indexOf("index.jsp") == -1 ) {
51. out.write("<script>window.parent.parent.location.href='../../login.jsp'</script>");
52. } else {
53. out.write("<script>window.parent.parent.location.href='../login.jsp'</script>");
54. }
55.
56. }
57.
58. } catch (ServletException sx) {
59. filterConfig.getServletContext().log(sx.getMessage());
60. } catch (IOException iox) {
61. filterConfig.getServletContext().log(iox.getMessage());
62. }
63. }
64.
65. // Clean up resources
66. public void destroy() {
67. }
68. }
在dofiter方法里添加request.setAttribute("", "");来修改属性,具体可以查查j2ee的api文档
发现非法字符就替换成空,然后继续往下执行。别发现非法字符就,跳到个页面说,“你有非法字符”,这样不行。用javax.servlet.Filter实现。
只不过我的代码只是抛砖引玉,你这边需要写个类似的HttpServletRequestWrapper
package wrapper;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
public class GetHttpServletRequestWrapper extends HttpServletRequestWrapper {
private String charset = "UTF-8";
public GetHttpServletRequestWrapper(HttpServletRequest request) {
super(request);
}
/**
* 获得被装饰对象的引用和采用的字符编码
* @param request
* @param charset
*/
public GetHttpServletRequestWrapper(HttpServletRequest request,
String charset) {
super(request);
this.charset = charset;
}
/**
* 实际上就是调用被包装的请求对象的getParameter方法获得参数,然后再进行编码转换
*/
public String getParameter(String name) {
String value = super.getParameter(name);
value = value == null ? null : convert(value);
return value;
}
public String convert(String target) {
System.out.println("编码转换之前:" + target);
try {
return new String(target.trim().getBytes("ISO-8859-1"), charset);
} catch (UnsupportedEncodingException e) {
return target;
}
}
} //下面是一个过虑器,可以把原有的request对象替换成自己写的request对象public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
req = new GetHttpServletRequestWrapper(req,charset);
//传递给目标servlet或jsp的实际上时包装器对象的引用,而不是原始的HttpServletRequest对象
chain.doFilter(req, response); } 也可以参考我的原文:
http://blog.csdn.net/kgd1120/archive/2009/10/11/4653265.aspx