web 小项目 在线书签的安全问题

注意事项：

在使用：

Eclipse Java EE IDE for Web Developers.

Version: Indigo Service Release 1

Build id: 20110916-0149

(c) Copyright Eclipse contributors and others 2005, 2011. All rights reserved.

Visit http://www.eclipse.org/webtools

来开发软件:

在编写servlet 时会出错时我们这样的做：

在 java Build Path 里找到 Libraries

Add library server runnrime

1、 测试tomcat工作是否正常
运行tomcat安装目录下startup.bat，如果tomcat输出控制台有错误或者运行完后由于错误导致其窗口自

动关闭，表示tomcat运行时不正常的。如果在这之前我们的程序运行时正常的，而且我们没有做太多的程

序改动，那么很有可能是tomcat或者jsp运行中出现了未知错误。我们可以重新启动电脑试一下。大部分

情况下都是可以通过这种方式解决的。
2、测试8080端口是否被占用导致
假如在步骤1中tomcat运行时没有报错，那么我们可以修改server.xml文件中的8080端口为其它端口试一

下。

Bookmarkonline 的安全登录

package cc.openhome.controller;

import cc.openhome.model.Bookmark;

import cc.openhome.model.BookmarkService;

import java.io.IOException;

import java.util.ArrayList;

import java.util.List;

import javax.servlet.ServletException;

import javax.servlet.http.HttpServlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

public class AddBookmark extends HttpServlet {

private String SUCCESS_VIEW = "success.view";

private String ERROR_VIEW = "error.view";

@Override

public void init() throws ServletException {

super.init();

if(this.getInitParameter("SUCCESS") != null) {

SUCCESS_VIEW = this.getInitParameter("SUCCESS");

}

if(this.getInitParameter("ERROR") != null) {

ERROR_VIEW = this.getInitParameter("ERROR");

}

}

@Override

protected void doPost(HttpServletRequest request,

HttpServletResponse response)

throws ServletException, IOException {

request.setCharacterEncoding("UTF-8");

String url = request.getParameter("url");

String title = request.getParameter("title");

String category = request.getParameter("category");

String newCategory = request.getParameter("newCategory");

List<String> errors = new ArrayList<String>();

if (url == null || url.length() == 0) {

errors.add("网址不能空白");

}

if (title == null || title.length() == 0) {

errors.add("请输入网页标题");

}

if ((category == null || category.length() == 0) &&

(newCategory == null || newCategory.length() == 0)) {

errors.add("请设置网页分类");

}

if (errors.size() != 0) {

request.setAttribute("errors", errors);

request.getRequestDispatcher(ERROR_VIEW)

.forward(request, response);

} else {

url = url.trim();

title = title.trim();

if(newCategory != null) {

newCategory = newCategory.trim();

if(newCategory.length() != 0) {

category = newCategory;

}

}

else {

category = category.trim();

}

Bookmark bookmark = new Bookmark(url, title, category);

BookmarkService bookmarkService = (BookmarkService)

getServletContext().getAttribute("bookmarkService");

bookmarkService.addBookmark(bookmark);

request.setAttribute("bookmark", bookmark);

request.getRequestDispatcher(SUCCESS_VIEW)

.forward(request, response);

}

}

}

package cc.openhome.model;

public class Bookmark {

private String url;

private String title;

private String category;

public Bookmark() {

}

public Bookmark(String url, String title, String category) {

this.url = url;

this.title = title;

this.category = category;

}

public String getCategory() {

return category;

}

public void setCategory(String category) {

this.category = category;

}

public String getTitle() {

return title;

}

public void setTitle(String title) {

this.title = title;

}

public String getUrl() {

return url;

}

public void setUrl(String url) {

this.url = url;

}

}

package cc.openhome.model;

import java.io.*;

import java.util.*;

import java.util.logging.*;

public class BookmarkService {

private String filename;

private List<Bookmark> bookmarks;

private List<String> categories;

public BookmarkService(String filename) {

this.filename = filename;

BufferedReader reader = null;

try {

reader = new BufferedReader(

new InputStreamReader(

new FileInputStream(filename), "UTF-8"));

bookmarks = new LinkedList<Bookmark>();

categories = new LinkedList<String>();

String input = null;

while ((input = reader.readLine()) != null) {

String[] tokens = input.split(",");

Bookmark bookmark =

new Bookmark(tokens[0], tokens[1], tokens[2]);

bookmarks.add(bookmark);

if(!categories.contains(tokens[2])) {

categories.add(tokens[2]);

}

}

} catch (IOException ex) {

Logger.getLogger(BookmarkService.class.getName())

.log(Level.SEVERE, null, ex);

} finally {

try {

reader.close();

} catch (IOException ex) {

Logger.getLogger(BookmarkService.class.getName())

.log(Level.SEVERE, null, ex);

}

}

}

public List<Bookmark> getBookmarks() {

return bookmarks;

}

public List<String> getCategories() {

return categories;

}

public List<Bookmark> addBookmark(Bookmark bookmark) {

BufferedWriter writer = null;

try {

writer = new BufferedWriter(new OutputStreamWriter(

new FileOutputStream(filename, true), "UTF-8"));

writer.write(bookmark.getUrl() + "," + bookmark.getTitle() +

"," + bookmark.getCategory()

+ System.getProperty("line.separator"));

this.getBookmarks().add(bookmark);

if (!categories.contains(bookmark.getCategory())) {

categories.add(bookmark.getCategory());

}

} catch (IOException ex) {

Logger.getLogger(BookmarkService.class.getName())

.log(Level.SEVERE, null, ex);

} finally {

try {

writer.close();

} catch (IOException ex) {

Logger.getLogger(BookmarkService.class.getName())

.log(Level.SEVERE, null, ex);

}

}

return this.getBookmarks();

}

}

package cc.openhome.web;

import cc.openhome.model.BookmarkService;

import javax.servlet.*;

public class BookmarkInitializer implements ServletContextListener {

public void contextInitialized(ServletContextEvent sce) {

ServletContext context = sce.getServletContext();

String bookmarkFile = context.getInitParameter("BOOKMARK");

BookmarkService bookmarkService = new BookmarkService(

this.getClass().getClassLoader()

.getResource("../" + bookmarkFile).getFile());

context.setAttribute("bookmarkService", bookmarkService);

}

public void contextDestroyed(ServletContextEvent sce) {

}

}

/*

* To change this template, choose Tools | Templates

* and open the template in the editor.

*/

package cc.openhome.web;

import java.io.*;

import java.util.*;

import java.util.logging.Level;

import java.util.logging.Logger;

import javax.servlet.*;

import javax.servlet.http.*;

public class CharacterFilter implements Filter {

private Map<String, String> escapeMap;

public void init(FilterConfig filterConfig)

throws ServletException {

BufferedReader reader = null;

try {

String escapeListFile = filterConfig

.getInitParameter("ESCAPE_LIST");

reader = new BufferedReader(

new InputStreamReader(

filterConfig.getServletContext()

.getResourceAsStream(escapeListFile)));

String input = null;

escapeMap = new HashMap<String, String>();

while ((input = reader.readLine()) != null) {

String[] tokens = input.split("\t");

escapeMap.put(tokens[0], tokens[1]);

}

} catch (IOException ex) {

Logger.getLogger(CharacterFilter.class.getName())

.log(Level.SEVERE, null, ex);

}

finally {

try {

reader.close();

} catch (IOException ex) {

Logger.getLogger(CharacterFilter.class.getName())

.log(Level.SEVERE, null, ex);

}

}

}

public void doFilter(ServletRequest request, ServletResponse response,

FilterChain chain) throws IOException, ServletException {

HttpServletRequest requestWrapper =

new CharacterRequestWrapper(

(HttpServletRequest) request, escapeMap);

chain.doFilter(requestWrapper, response);

}

public void destroy() {

}

}

package cc.openhome.web;

import java.util.*;

import javax.servlet.http.*;

import javax.servlet.http.HttpServletRequestWrapper;

public class CharacterRequestWrapper extends HttpServletRequestWrapper {

private Map<String, String> escapeMap;

public CharacterRequestWrapper(HttpServletRequest request,

Map<String, String> escapeMap) {

super(request);

this.escapeMap = escapeMap;

}

@Override

public String getParameter(String name) {

return doEscape(this.getRequest().getParameter(name));

}

private String doEscape(String parameter) {

if(parameter == null) {

return null;

}

String result = parameter;

Iterator<String> iterator = escapeMap.keySet().iterator();

while (iterator.hasNext()) {

String origin = iterator.next();

String escape = escapeMap.get(origin);

result = result.replaceAll(origin, escape);

}

return result;

}

}

<%@page contentType="text/html" pageEncoding="UTF-8"%>

<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"

"http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<title>添加书签</title>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

</head>

<body>

<c:if test="${requestScope.errors != null}">

<h1>添加书签失败</h1>

<ul style="color: rgb(255, 0, 0);">

<c:forEach var="error" items="${requestScope.errors}">

<li>${error}</li>

</c:forEach>

</ul>

</c:if>

<form method="post" action="add.do">

网址&nbsp;http:// <input name="url" value="${param.url}"><br>

网页名称：<input name="title" value="${param.title}"><br>

分　　类：<select name="category">

<c:forEach var="category"

items="${applicationScope.bookmarkService.categories}">

<option value="${category}">${category}</option>

</c:forEach>

</select>

添加分类：<input type="text" name="newCategory" value=""><br>

<input value="送出" type="submit"><br>

</form>

</body>

</html>

<%@page contentType="text/html" pageEncoding="UTF-8"%>

<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"

"http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<title>查看线上书签</title>

</head>

<body>

<table style="text-align: left; width: 100%;" border="0">

<tbody>

<tr>

<td style="background-color: rgb(51, 255, 255);">网页</td>

<td style="background-color: rgb(51, 255, 255);">分类</td>

</tr>

<c:forEach var="bookmark"

items="${applicationScope.bookmarkService.bookmarks}">

<tr>

<td>

<a href="http://${bookmark.url}">${bookmark.title}</a>

</td>

<td>${bookmark.category}</td>

</tr>

</c:forEach>

</tbody>

</table>

</body>

</html>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

<title>登录</title>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

</head>

<body>

<form action="j_security_check" method="post">

名称：<input type="text" name="j_username"><br>

密码：<input type="password" name="j_password"><br><br>

<input type="submit" value="登录">

</form>

</body>

</html>

<%@page contentType="text/html" pageEncoding="UTF-8"%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"

"http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<meta http-equiv="Content-Type"

content="text/html; charset=UTF-8">

<title>添加书签成功</title>

</head>

<body>

<h1>添加书签成功</h1>

<ul>

<li>网址：http:// ${requestScope.bookmark.url} </li>

<li>名称：${requestScope.bookmark.title}</li>

<li>分类：${requestScope.bookmark.category}</li>

</ul>

<a href="index.html">返回首页</a>

</body>

</html>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

<title>登录</title>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

</head>

<body>

<form action="j_security_check" method="post">

名称：<input type="text" name="j_username"><br>

密码：<input type="password" name="j_password"><br><br>

<input type="submit" value="登录">

</form>

</body>

</html>

<?xml version="1.0" encoding="UTF-8"?>

<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://java.sun.com/xml/ns/javaee

http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

<context-param>

<param-name>BOOKMARK</param-name>

<param-value>bookmarks.txt</param-value>

</context-param>

<filter>

<filter-name>CharacterFilter</filter-name>

<filter-class>cc.openhome.web.CharacterFilter</filter-class>

<init-param>

<param-name>ESCAPE_LIST</param-name>

<param-value>/WEB-INF/escapelist.txt</param-value>

</init-param>

</filter>

<filter-mapping>

<filter-name>CharacterFilter</filter-name>

<url-pattern>/add.do</url-pattern>

</filter-mapping>

<listener>

<listener-class>cc.openhome.web.BookmarkInitializer</listener-class>

</listener>

<servlet>

<servlet-name>AddBookmark</servlet-name>

<servlet-class>cc.openhome.controller.AddBookmark</servlet-class>

<init-param>

<param-name>SUCCESS</param-name>

<param-value>success.jsp</param-value>

</init-param>

<init-param>

<param-name>ERROR</param-name>

<param-value>add.jsp</param-value>

</init-param>

</servlet>

<servlet-mapping>

<servlet-name>AddBookmark</servlet-name>

<url-pattern>/add.do</url-pattern>

</servlet-mapping>

<session-config>

<session-timeout>

30

</session-timeout>

</session-config>

<welcome-file-list>

<welcome-file>index.html</welcome-file>

</welcome-file-list>

<security-constraint>

<web-resource-collection>

<web-resource-name>Login Required</web-resource-name>

<url-pattern>*.jsp</url-pattern>

<url-pattern>/add.do</url-pattern>

</web-resource-collection>

<auth-constraint>

<description/>

<role-name>admin</role-name>

</auth-constraint>

</security-constraint>

<login-config>

<auth-method>FORM</auth-method>

<realm-name/>

<form-login-config>

<form-login-page>/login.html</form-login-page>

<form-error-page>/login.html</form-error-page>

</form-login-config>

</login-config>

<security-role>

<role-name>admin</role-name>

</security-role>

</web-app>