1.在web.xml 中配置Filter过滤器例如
<filter>
<filter-name>XssFilter</filter-name>
<filter-class>过滤器路径位置</filter-class>
</filter>
<filter-mapping>
<filter-name>XssFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
在过滤器.java文件中写
public class XssFilter implements Filter {
public void destroy() {
// TODO Auto-generated method stub
}
/**
* 通过url只能访问action
*/
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException,
ServletException {
HttpServletRequest request = (HttpServletRequest) req;
request.setCharacterEncoding("utf-8");
HttpServletResponse resp = (HttpServletResponse) res;
String conString = "";
conString = request.getHeader("REFERER");// 获取父url--如果不是直接输入的话就是先前的访问过来的页面,要是用户输入了,这个父url是不存在的
if ("".equals(conString) || null == conString) { // 判断如果上一个目录为空的话,说明是用户直接输入url访问的
String servletPath = request.getRequestURI();
if(servletPath.contains(".jsp")) {
if(!servletPath.contains("retrieve.jsp")) {
//判断uri地址的后缀名
resp.sendRedirect(request.getContextPath());// 跳回首页
return;
}
}else if (servletPath.contains(".js") || servletPath.contains(".css")
|| servletPath.contains(".html")) {
//判断uri地址的后缀名
resp.sendRedirect(request.getContextPath());// 跳回首页
return;
}
}
chain.doFilter(request , res);
}
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
}