本文探讨了如何利用拦截器防止SQL注入,并解决了在Filter中注入Service时遇到的空指针异常问题。通过分析Filter的工作原理,提出了三种避免循环重定向的方法,并详细解释了获取ServletContext的途径。同时,文章建议使用Spring MVC的HandlerInterceptor来替代Filter,以更高效地管理拦截逻辑。
web.xml的代码:
<!-- 防止sql注入的拦截器-->
<filter>
<filter-name>sqlInjectionFilter</filter-name>
<filter-class>com.suning.mcms.web.auth.filter.SqlInjectionFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>sqlInjectionFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>package com.suning.mcms.web.auth.filter;
import java.io.IOException;
import java.util.Enumeration;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.context.support.WebApplicationContextUtils;
import org.springframework.web.context.support.XmlWebApplicationContext;
import com.suning.mcms.web.auth.util.RedirectUtils;
import com.suning.zbl.SqlInjectionEntity;
import com.suning.zbl.injection.service.SqlInjectionService;
public class SqlInjectionFilter implements Filter{
@Autowired
private SqlInjectionService sqlInjectionService;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpSession session = request.getSession(false);
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse resp = (HttpServletResponse)response;
ServletContext sc = req.getSession().getServletContext();
XmlWebApplicationContext cxt = (XmlWebApplicationContext)WebApplicationContextUtils.getWebApplicationContext(sc);
if(cxt != null && cxt.getBean("sqlInjectionService") != null && sqlInjectionService == null)
sqlInjectionService = (SqlInjectionService) cxt.getBean("sqlInjectionService");
SqlInjectionEntity sqlInjectionEntity = new SqlInjectionEntity();
sqlInjectionEntity.setKey("sqlInjection");
SqlInjectionEntity result = sqlInjectionService.getSqlInjectionEntity(sqlInjectionEntity);
if(result!=null){
String currentURL = request.getRequestURI();
String badStr = result.getValue();
if(badStr!=null&&!badStr.trim().equals("")){
if(!currentURL.equals("/mcms-portal/j_security_check.do")){
Enumeration em = request.getParameterNames();
while (em.hasMoreElements()) {
String name = (String) em.nextElement();
String value = request.getParameter(name);
Pattern pattern = Pattern.compile(badStr);
Matcher matcher = pattern.matcher(value.toLowerCase());
boolean matches = matcher.matches();
if(matches&&!value.trim().equals("")){
sendRedirect(request, response, "/capital/allocation/sqlInjection.do");
return;
}
}
}else{
Enumeration em = request.getParameterNames();
while (em.hasMoreElements()) {
String name = (String) em.nextElement();
String value = request.getParameter(name);
Pattern pattern = Pattern.compile(badStr);
Matcher matcher = pattern.matcher(value.toLowerCase());
boolean matches = matcher.matches();
if(matches&&!value.trim().equals("")){
sendRedirect(request, response, "/index.do");
return;
}
}
}
}
}
filterChain.doFilter(request, response);
}
protected void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url)
throws IOException {
RedirectUtils.sendRedirect(request, response, url, false);
}
@Override
public void destroy() {
}
}
校验规则:
INSERT INTO SYS_DIC_PARAM( PARAM_KEY, PARAM_VALUE)
VALUES( 'sqlInjection', '''|and|exec|execute|insert|select|delete|update|count|drop|\\*|%|chr|mid|master|truncate|char|declare|sitename|net user|xp_cmdshell|;|or|-|\\+|,|like''|and|exec|execute|insert|create|drop|table|from|grant|use|group_concat|column_name|information_schema.columns|table_schema|union|where|select|delete|update|order|by|count|\\*|chr|mid|master|truncate|char|declare|or|;|-|--|\\+|,|like|//|/|%|#')
'|and|exec|execute|insert|select|delete|update|count|drop|\\*|%|chr|mid|master|truncate|char|declare|sitename|net user|xp_cmdshell|;|or|-|\\+|,|like'|and|exec|execute|insert|create|drop|table|from|grant|use|group_concat|column_name|information_schema.columns|table_schema|union|where|select|delete|update|order|by|count|\\*|chr|mid|master|truncate|char|declare|or|;|-|--|\\+|,|like|//|/|%|#
Filter也称之为过滤器,它是Servlet2.3以上新增加的一个功能,其技术是非常强大的。通过Filter技术可以对WEB服务器的文件进行拦截过滤,从而实现一些特殊的功能。在JSP开发应用中也是必备的技能之一。
Filter可以改变一个request(请求)和修改一个response(响应)。Filter不是一个Servlet,它不能产生一个response,它能够在一个request达Servlet之前预处理request,也可以在离开Servlet时处理response。
Filter我们可以用它用来做登陆验证,使没有登录的用户(即没有相关权限)无法访问某些功能,当用户访问这些功能的时候自动跳转到登陆界面。下面是我在学习的时候遇到的一个循环重定向的问题,后来也找到了几种解决的方式。
最开始的时候是对所有Servlet和Jsp进行过滤,这也就出现了我遇到的问题。先把最开始的web.xml和Filter写出来。
//最初的web.xml
//最初的Filter
然后对其中的一个查看相关信息的QueryFilterServlet(没有登录的用户无权限访问)进行访问。
以下是我想到的3种解决问题的方式:
1)将重定向改成请求转发
***这种方法的缺点是虽然跳转到了登陆界面,但地址栏显示的依然是QueryFilterServlet而不是login.jsp
————————————————————————————————————————————————
下面我将对出现此问题的原因进行分析一下,然后就可以明白为什么会使用之后的两种方法:出现此问题的原因主要是当访问QueryFilterServlet时,因为用户没有登陆,所以将跳转到login.jsp,但是在Filter同样对login.jsp进行了过滤,所以当浏览器跳转到login.jsp时,经验证还是没有登录,那么会接着进行跳转,然后就报错了。
2)当浏览器跳转到以login.jsp或FilterLoginServlet结尾时直接进行下一步,而不再进行过滤验证
***当浏览器跳转到以login.jsp或FilterLoginServlet结尾时表明是跳转到了登录界面(FilterLoginServlet是对登录信息验证的Servlet,所以此时没有必要再进行过滤)
3)修改web.xml
***这种方法的缺点是只对src文件下的所有Servlet进行过滤,而不对Jsp文件进行过滤,所以我们需要对Jsp文件进行单独的登录验证。
在项目中遇到一个问题,在 Filter中注入 Serivce失败,注入的service始终为null。如下所示:
public class WeiXinFilter implements Filter{ @Autowired private UsersService usersService; public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest)request; HttpServletResponse resp = (HttpServletResponse)response; Users users = this.usersService.queryByOpenid(openid);
}
上面的 usersService 会报空指针异常。
解决方法一:
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest)request; HttpServletResponse resp = (HttpServletResponse)response; ServletContext sc = req.getSession().getServletContext(); XmlWebApplicationContext cxt = (XmlWebApplicationContext)WebApplicationContextUtils.getWebApplicationContext(sc); if(cxt != null && cxt.getBean("usersService") != null && usersService == null) usersService = (UsersService) cxt.getBean("usersService"); Users users = this.usersService.queryByOpenid(openid);
这样就行了。
方法二:
public class WeiXinFilter implements Filter{ private UsersService usersService; public void init(FilterConfig fConfig) throws ServletException { ServletContext sc = fConfig.getServletContext(); XmlWebApplicationContext cxt = (XmlWebApplicationContext)WebApplicationContextUtils.getWebApplicationContext(sc); if(cxt != null && cxt.getBean("usersService") != null && usersService == null) usersService = (UsersService) cxt.getBean("usersService"); }
相关原理:
1. 如何获取 ServletContext:
1)在javax.servlet.Filter中直接获取
ServletContext context = config.getServletContext();
2)在HttpServlet中直接获取
this.getServletContext()
3)在其他方法中,通过HttpServletRequest获得
request.getSession().getServletContext();
2. WebApplicationContext 与 ServletContext (转自:http://blessht.iteye.com/blog/2121845):
Spring的 ContextLoaderListener是一个实现了ServletContextListener接口的监听器,在启动项目时会触发contextInitialized方法(该方法主要完成ApplicationContext对象的创建),在关闭项目时会触发contextDestroyed方法(该方法会执行ApplicationContext清理操作)。
ConextLoaderListener加载Spring上下文的过程
①启动项目时触发contextInitialized方法,该方法就做一件事:通过父类contextLoader的initWebApplicationContext方法创建Spring上下文对象。
②initWebApplicationContext方法做了三件事:创建 WebApplicationContext;加载对应的Spring文件创建里面的Bean实例;将WebApplicationContext放入 ServletContext(就是Java Web的全局变量)中。
③createWebApplicationContext创建上下文对象,支持用户自定义的上下文对象,但必须继承自ConfigurableWebApplicationContext,而Spring MVC默认使用ConfigurableWebApplicationContext作为ApplicationContext(它仅仅是一个接口)的实 现。
④configureAndRefreshWebApplicationContext方法用 于封装ApplicationContext数据并且初始化所有相关Bean对象。它会从web.xml中读取名为 contextConfigLocation的配置,这就是spring xml数据源设置,然后放到ApplicationContext中,最后调用传说中的refresh方法执行所有Java对象的创建。
⑤完成ApplicationContext创建之后就是将其放入ServletContext中,注意它存储的key值常量。
方法三:
直接使用spring mvc中的HandlerInterceptor或者HandlerInterceptorAdapter来替换Filter:
public class WeiXinInterceptor implements HandlerInterceptor { @Autowired private UsersService usersService; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { // TODO Auto-generated method stub return false; } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { // TODO Auto-generated method stub } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { // TODO Auto-generated method stub } }
配置拦截路径:
<mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**" /> <bean class="net.xxxx.interceptor.WeiXinInterceptor" /> </mvc:interceptor> </mvc:interceptors>
Filter 中注入 Service 的示例:
public class WeiXinFilter implements Filter{ private UsersService usersService; public void init(FilterConfig fConfig) throws ServletException {} public WeiXinFilter() {} public void destroy() {} public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest)request; HttpServletResponse resp = (HttpServletResponse)response; String userAgent = req.getHeader("user-agent"); if(userAgent != null && userAgent.toLowerCase().indexOf("micromessenger") != -1){ // 微信浏览器 String servletPath = req.getServletPath(); String requestURL = req.getRequestURL().toString(); String queryString = req.getQueryString(); if(queryString != null){ if(requestURL.indexOf("mtzs.html") !=-1 && queryString.indexOf("LLFlag")!=-1){ req.getSession().setAttribute("LLFlag", "1"); chain.doFilter(request, response); return; } } String openidDES = CookieUtil.getValueByName("openid", req); String openid = null; if(StringUtils.isNotBlank(openidDES)){ try { openid = DesUtil.decrypt(openidDES, "rxxxxxxxxxde"); // 解密获得openid } catch (Exception e) { e.printStackTrace(); } } // ... ... String[] pathArray = {"/weixin/enterAppFromWeiXin.json", "/weixin/getWeiXinUserInfo.json", "/weixin/getAccessTokenAndOpenid.json", "/sendRegCode.json", "/register.json", "/login.json", "/logon.json", "/dump.json", "/queryInfo.json"}; List<String> pathList = Arrays.asList(pathArray); String loginSuccessUrl = req.getParameter("path"); String fullLoginSuccessUrl = "http://www.axxxxxxx.cn/pc/"; if(requestURL.indexOf("weixin_gate.html") != -1){ req.getSession().setAttribute("loginSuccessUrl", loginSuccessUrl); // ... ... } ServletContext sc = req.getSession().getServletContext(); XmlWebApplicationContext cxt = (XmlWebApplicationContext)WebApplicationContextUtils.getWebApplicationContext(sc); if(cxt != null && cxt.getBean("usersService") != null && usersService == null) usersService = (UsersService) cxt.getBean("usersService"); Users users = this.usersService.queryByOpenid(openid); // ... ... if(pathList.contains(servletPath)){ // pathList 中的访问路径直接 pass chain.doFilter(request, response); return; }else{ if(req.getSession().getAttribute(CommonConstants.SESSION_KEY_USER) == null){ // 未登录 String llFlag = (String) req.getSession().getAttribute("LLFlag"); if(llFlag != null && llFlag.equals("1")){ // 处理游客浏览 chain.doFilter(request, response); return; } // ... ...// 3. 从腾讯服务器去获得微信的 openid , req.getRequestDispatcher("/weixin_gate.html").forward(request, response); return; }else{ // 已经登录 // 4. 已经登录时的处理 chain.doFilter(request, response); return; } } }else{ // 非微信浏览器 chain.doFilter(request, response); } } }
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
