在学习了《Struts2拦截器的使用1》教程之后,根据项目需要,做了一个拦截器,目的是将前端传入的参数中的非法字符做转化,以防止JS注入。另外:拦截器的配置就不说明了,不懂请参考《Struts2拦截器的使用1》,拦截器代码如下:
package com.***.interceptors;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import com.opensymphony.xwork2.util.ValueStack;
import com.***.utils.StringUtil;
public class IllegalCharacterInterceptor extends AbstractInterceptor
{
@Override
public String intercept(ActionInvocation invocation) throws Exception
{
ActionContext ac = invocation.getInvocationContext();
ValueStack stack = ac.getValueStack();
Map valueTreeMap=invocation.getInvocationContext().getParameters();
//下面开始遍历组装
Iterator iterator = valueTreeMap.entrySet().iterator();
while (iterator.hasNext()) {
Entry entry = (Entry) iterator.next();
String key = (String) entry.getKey();
String[] oldValues =null;
if (entry.getValue() instanceof String)
{
oldValues=new String[]{entry.getValue().toString()};
}else
{
oldValues=(String[]) entry.getValue();
}
String newValueStr = null;//新值
if (oldValues.length > 1) {
newValueStr = "{";
for (int i = 0; i < oldValues.length; i++) {
newValueStr += StringUtil.filtrateString(oldValues[i].toString());//字符转义处理
if (i != oldValues.length - 1) {
newValueStr += ",";
}
}
newValueStr += "}";
} else if (oldValues.length == 1) {
newValueStr = StringUtil.filtrateString(oldValues[0].toString());//字符转义处理
} else {
newValueStr = "null";
}
stack.setValue(key, newValueStr);
}
String result=null;
try {
result = invocation.invoke();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return result;
}
}
非法字符处理工具类:
package com.***.utils;
/**
* 过滤字符串特殊字符
*
*/
public class StringUtil {
/**
* 过滤特殊字符
* @param content 要过滤的内容
* @return
*/
public static String filtrateString(String content) {
if (content == null || "".equals(content.trim())) {
return content;
}
//content = content.replaceAll("&", "&");
content = content.replaceAll("<", "<");
content = content.replaceAll(">", ">");
content = content.replaceAll("\t", " ");
content = content.replaceAll("\r\n", "\n");
content = content.replaceAll("\n", "<br/>");
content = content.replaceAll("'", "'");
content = content.replaceAll("\\\\", "\");
content = content.replaceAll("\"", """);
return content;
}
/**
* 特殊字符转文本
* @param content 要转换的内容
* @return
*/
public static String reverseString(String content) {
if (content == null || "".equals(content.trim())) {
return content;
}
//content = content.replaceAll("&", "&");
content = content.replaceAll("<", "<");
content = content.replaceAll(">", ">");
content = content.replaceAll(" ", "\t");
content = content.replaceAll("\n", "\r\n");
content = content.replaceAll("<br/>", "\n");
content = content.replaceAll("'", "'");
content = content.replaceAll("\", "\\\\");
content = content.replaceAll("<", "<");
content = content.replaceAll(">", ">");
content = content.replaceAll(""", "\"");
return content;
}
/**
* 判断字符串是否为数字
* @param str
* @return
*/
public static boolean isNumeric(String str) {
for (int i = 0; i<str.length();i++) {
if (!Character.isDigit(str.charAt(i))) {
return false;
}
}
return true;
}
/**
* 替换特殊字符串
* @Title: ResplaceString
* @param @param content
* @param @return
* @return String
* @throws
*/
public static String ResplaceString(String content) {
if (content == null || "".equals(content.trim())) {
return content;
}
content = content.replaceAll("<", "<");
content = content.replaceAll(">", ">");
// content = content.replaceAll("/", "/");
content = content.replaceAll("\"", """);
return content;
}
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
