隱藏不良資訊(HttpServletrequestWrapper)
阿新 • • 發佈:2018-11-04
package com.greatest.Filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; //自定義HttpFilter方法 ,實現Filter介面 public abstract class MyFilter implements Filter { // 用於儲存FilterConfig方法 private FilterConfig fconfig; // 不建議子類直接覆蓋,若直接覆蓋,可能會導致filterconfig成員變數初始化失敗 @Override public void init(FilterConfig Config) throws ServletException { this.fconfig = Config; init(); } // 供子類繼承的初始化方法 可以通過getFilterConfig()方法獲取FilterConfig物件 protected void init() { // TODO Auto-generated method stub }// 直接返回init(ServletConfig)的FilterConfig物件 public FilterConfig getFconfig() { return fconfig; } @Override public void destroy() { } // 原聲的doFilter方法 在方法內部把ServletRequest ,ServletResponse轉為了 // HttpServletRequest 和 HttpSrevletResponse 並呼叫了 // doFilter(ServletRequest Req, ServletResponse Resp, FilterChain Chain) // 若編寫Filter的過濾方法 不建議直接繼承該方法 而建議 繼承 // public abstract void doFilter(HttpServletRequest // request,HttpServletResponse response, // FilterChain Chain) 方法 @Override public void doFilter(ServletRequest Req, ServletResponse Resp, FilterChain Chain) throws IOException, ServletException { HttpServletRequest requesr = (HttpServletRequest) Req; HttpServletResponse response = (HttpServletResponse) Resp; doFilter(requesr, response, Chain); }// 抽像方法 為Http請求定製 必須實現的方法 public abstract void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain Chain) throws IOException, ServletException; }
package com.greatest.Filter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; public class MyHttpServletRequest extends HttpServletRequestWrapper { public MyHttpServletRequest(HttpServletRequest request) { super(request); // TODO Auto-generated constructor stub } @Override //增強方法 不光獲取值 還要判斷 public String getParameter(String name) { String val=super.getParameter(name); if(val!=null&&val.contains(" fuck ")){ val=val.replace("fuck", "****"); } return val; } }
package com.greatest.Filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * Servlet Filter implementation class ContentFilter */ @WebFilter("/bbs.jsp") public class ContentFilter extends MyFilter{ public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { //1. 獲取請求 content 引數的值 String content = request.getParameter("content"); System.out.println(request); HttpServletRequest req = new MyHttpServletRequest(request); //2. 把其中 fuck, shit 等字串替換換為 **** if(content.contains(" fuck ")){ //SerletRequest, HttpServletRequest 中並沒有提供諸如 setParameter(paramName, paramValue) //類似於這樣的方法. //目標: 改變 HttpServletRequest 的 getParameter(String) 方法的行為: 若該方法的返回值中 //包含 " fuck ", 則替換為 " **** " //1. 若對於一個類的方法不滿意, 需要進行重寫, 最常見的方式是, 繼承父類, 重寫方法. //若實現則需要繼承 org.apache.catalina.connector.RequestFacade, 而這僅是 Tomcat //伺服器的實現, 若更換伺服器, 該方案將無法使用. ×. //2. 直接寫一個 HttpServletRequest 介面的實現類: 無法實現 其中方法. × //3. 裝飾目前的 HttpServletRequest 物件: 裝飾其 getParameter 方法, 而其他方法還和其實現相同. //建立一個類, 該類實現 HttpServletRequest 介面, 把當前 doFilter 中的 request 傳入到該類中, 作為 //其成員變數, 使用該成員變數去實現介面的全部方法. } //3. 轉到目標頁面 filterChain.doFilter(req, response); } }
Content JSP
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="bbs.jsp" method="post">
content:<textarea rows="5" cols="21" name="content"></textarea>
<input type="submit" value="Submit"/>
</form>
</body>
</html><%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
content:${param.content }
<br><br>
method:<%=request.getMethod() %>
<br><br>
<%=request %>
</body>
</html>