SpringMVC处理脚本,SQL注入问题

最新推荐文章于 2023-07-30 10:00:17 发布
最新推荐文章于 2023-07-30 10:00:17 发布
阅读量228 收藏 2
点赞数
CC 4.0 BY-SA版权
文章标签: java 测试 javascript ViewUI
原文链接:http://www.cnblogs.com/xxt19970908/p/5587748.html
本文介绍如何在SpringMVC应用中通过自定义过滤器和拦截器防范XSS攻击及SQL注入,包括编写XssHttpServletRequestWrapper、XSSFilter、SqlInjectInterceptor等组件,并在web.xml中进行配置。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

SpringMVC处理脚本,SQL注入问题(写的不好勿喷,互相学习)

使用 Filter 来过滤浏览器发出的请求,对每个URI参数请求过滤些关键字,替换成安全的字符。所有请求的 getParameter 会被替换,如果参数里面含有敏感词会被替换掉。

 

对于类似:>"<script>alert('XSS');</script>

一、过滤些敏感的脚本

 

1、编写XssHttpServletRequestWrapper

import javax. servlet. http. HttpServletRequest;
import javax. servlet. http. HttpServletRequestWrapper;

public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    public XssHttpServletRequestWrapper (HttpServletRequest servletRequest) {
        super(servletRequest);
    }
    public String [] getParameterValues (String parameter) {
        String [] values = super. getParameterValues(parameter);
        if (values == null) {
            return null;
        }
        int count = values. length;
        String [] encodedValues = new String[count];
        for (int i = 0; i < count; i++) {
            encodedValues[i] = cleanXSS(values[i]);
        }
       return encodedValues;
    }
    public String getParameter (String parameter) {
        String value = super. getParameter(parameter);
        if (value == null) {
            return null;
        }
        return cleanXSS(value);
    }
    public String getHeader (String name) {
        String value = super. getHeader(name);
        if (value == null)
            return null;
        return cleanXSS(value);
    }
    private String cleanXSS (String value) {
    value = value. replaceAll ("<", "& lt;"). replaceAll (">", "& gt;");
    value = value. replaceAll ("\\ (", "& #40;"). replaceAll ("\\)", "& #41;");
    value = value. replaceAll ("'", "& #39;");
    value = value. replaceAll ("eval\\ ((. *)\\)", "");
    value = value. replaceAll ("[\\\"\\\’] [\\s] *javascript:(. *)[\\\"\\\']", "\"\"");
        value = value. replaceAll ("script", "");
        return value;

2添加一个过滤器 XssFilter



import java.io.IOException;




import javax. servlet.Filter;




import javax. servlet.FilterChain;




import javax. servlet.FilterConfig;




import javax. servlet.ServletException;




import javax. servlet.ServletRequest;




import javax. servlet.ServletResponse;




import javax. servlet. http. HttpServletRequest;




publicclass XSSFilter implements Filter {




    FilterConfig filterConfig = null;




    publicvoid init (FilterConfig filterConfig) throws ServletException {




        this. filterConfig = filterConfig;




    }




    publicvoid destroys () {




        this. filterConfig = null;




    }




    publicvoid doFilter (ServletRequest request, ServletResponse response, FilterChain chain)




             throws IOException, ServletException {




        chain. doFilter (new
XssHttpServletRequestWrapper((HttpServletRequest) request), response);




    }




}




3web中配置




<filter>




    <filter-name>XssSqlFilter</filter-name>




    <filter-class>com. Controller.XSSFilter</filter-class>




</filter>




<filter-mapping>




    <filter-name>XssSqlFilter</filter-name>




    <url-pattern>/*</url-pattern>




    <dispatcher>REQUEST</dispatcher>




</filter-mapping>




4基于springMVC的配置使用




编写SqlInjectInterceptor




import org.springframework.web. servlet.HandlerInterceptor;




import org.springframework.web. servlet.ModelAndView;




import javax. servlet. http. HttpServletRequest;




import javax. servlet. http. HttpServletResponse;




import java. util. Enumeration;




/** * 防止SQL注入的拦截器  */




publicclass SqlInjectInterceptor implements HandlerInterceptor {




    publicboolean preHandle(HttpServletRequest request,HttpServletResponse response, Object o) throws Exception {




        Enumeration names = request.getParameterNames ();




        while (names. hasMoreElements()) {




             String name = (String) names.nextElement();




             String[] values = request.getParameterValues(name);




             for (String value: values) {




                 value = clearXss(value);




             }




        }




        returntrue;




    }




    publicvoid postHandle(HttpServletRequest request,HttpServletResponse response, Object o, ModelAndView modelAndView) throws Exception {




 




   }




    publicvoidafterCompletion(HttpServletRequest request,HttpServletResponse response, Object o, Exception e)




             throws Exception {




    }




    /** * 处理字符转义 * * @param value * @return */




    private String clearXss (String value) {




        if (value == null || "".equals(value)) {




             returnvalue;




        }




        System.err.println("=========>:处理字符转义");




        value = value. replaceAll ("<", "<"). replaceAll (">", ">");




        value = value.replaceAll("\\(", "(").replace("\\)", ")");




        value = value. replaceAll ("'", "'");




        value = value.replaceAll("eval\\((.*)\\)", "");




        value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");




        value = value.replace("script", "");




        returnvalue;




    }




}




二、对含有敏感的脚本,直接处理掉。




1编写SX_Filter




import java.io.IOException;




import java. util.Enumeration;




import javax. servlet.Filter;




import javax. servlet.FilterChain;




import javax. servlet.FilterConfig;




import javax. servlet.ServletException;




import javax. servlet.ServletRequest;




import javax. servlet.ServletResponse;




import javax. servlet.http. HttpServletRequest;




import javax. servlet. http. HttpServletResponse;




publicclass SX_Filterimplements Filter {




    private FilterConfig config;




    privatestatic String errorPath;// 出错跳转的目的地




    privatestatic String[] excludePaths;// 不进行拦截的url




    privatestatic String [] safeless = { // 需要拦截的字符关键字、url编码




             "<script",




             "</script",




             "<iframe",




             "</iframe",




             "<frame",




             "</frame",




             "set-cookie",




             "%3cscript",




             "%3c/script",




             "%3ciframe",




             "%3c/iframe",




             "%3cframe",




             "%3c/frame",




             "src=\"javascript:",




             "<body",




        "</body",




             "%3cbody",




             "%3c/body",




             "<", ">","</","/>","%3c","%3e","%3c/","/%3e"};




publicvoid doFilter(ServletRequest req, ServletResponse resp, FilterChain filterChain)




             throws IOException, ServletException {




        Enumeration params = req. getParameterNames ();




        HttpServletRequest request = (HttpServletRequest) req;




        HttpServletResponse response = (HttpServletResponse)resp;




        booleanisSafe = true;




        String requestUrl = request. getRequestURI ();




        if (isSafe(requestUrl)) {




             requestUrl = requestUrl.substring(requestUrl.indexOf("/"));




             if (! excludeUrl(requestUrl)) {




                 while (params. hasMoreElements ()) {




                 String cache = req.getParameter((String) params.nextElement());




                     if (null != cache && cache.length() > 0) {




                         if (!isSafe(cache)) {




                             isSafe = false;




                             break;




                         }




                     }




                 }




             }




        }else{




             isSafe = false;




        }




        if (! isSafe) {




             request.setAttribute("error", "您输入的参数有非法字符!");




             response. sendRedirect ("http://... ");




             return;




        }




        filterChain.doFilter(req, resp);




    }




    privatestaticboolean isSafe (String str) {




        if (null! = str && str. length () > 0) {




             for (String s: safeless) {




                 if (str. toLowerCase ().contains(s)) {




                     returnfalse;




                 }




             }




        }




        returntrue;




    }




    privateboolean excludeUrl (String url) {




        if (excludePaths != null && excludePaths.length > 0) {




             for (String path : excludePaths) {




                 if (url. toLowerCase (). equals(path)) {




                     returntrue;




                 }




             }




        }




        returnfalse;




    }




    publicvoid destroy() {




    }




    publicvoid init(FilterConfig config) throws ServletException {




        this.config = config;




        errorPath = config. getInitParameter("errorPath");




        String excludePath = config.getInitParameter("excludePaths");




        if (null != excludePath && excludePath.length() > 0) {




             excludePaths = excludePath.split(",");




        }




    }




}




2web中配置




<filter>




    <filter-name>XssSqlFilter</filter-name>




    <filter-class>com. Controller. SX_Filter </filter-class>




</filter>




<filter-mapping>




    <filter-name>XssSqlFilter</filter-name>




    <url-pattern>/*</url-pattern>




    <dispatcher>REQUEST</dispatcher>




</filter-mapping>




 






Spring MVC处理脚本和SQL注入


使用 Filter 来过滤浏览器发出的请求,对每个URI参数请求过滤些关键字,替换成安全的字符。所有请求的 getParameter 会被替换,如果参数里面含有敏感词会被替换掉。


对于类似:>"<script>alert('XSS');</script>


一、过滤些敏感的脚本


1、编写XssHttpServletRequestWrapper


import javax. servlet. http. HttpServletRequest;


import javax. servlet. http. HttpServletRequestWrapper;


 


publicclassXssHttpServletRequestWrapper extendsHttpServletRequestWrapper{


    public XssHttpServletRequestWrapper (HttpServletRequest servletRequest) {


        super(servletRequest);


    }


    public String [] getParameterValues (String parameter) {


        String [] values = super. getParameterValues(parameter);


        if (values == null) {


             returnnull;


        }


        intcount = values. length;


        String [] encodedValues = new String[count];


        for (inti = 0; i < count; i++) {


             encodedValues[i] = cleanXSS(values[i]);


        }


        returnencodedValues;


    }


    public String getParameter (String parameter) {


        String value = super. getParameter(parameter);


        if (value == null) {


             returnnull;


        }


        return cleanXSS(value);


    }


    public String getHeader (String name) {


        String value = super. getHeader(name);


        if (value == null)


             returnnull;


        return cleanXSS(value);


    }


    private String cleanXSS (String value) {


    value = value. replaceAll ("<", "& lt;"). replaceAll (">", "& gt;");


    value = value. replaceAll ("\\ (", "& #40;"). replaceAll ("\\)", "& #41;");


    value = value. replaceAll ("'", "& #39;");


    value = value. replaceAll ("eval\\ ((. *)\\)", "");


    value = value. replaceAll ("[\\\"\\\’] [\\s] *javascript:(. *)[\\\"\\\']", "\"\"");


        value = value. replaceAll ("script", "");


        returnvalue;


    }


}


2添加一个过滤器 XssFilter


import java.io. IOException;


import javax. servlet. Filter;


import javax. servlet. FilterChain;


import javax. servlet. FilterConfig;


import javax. servlet. ServletException;


import javax. servlet. ServletRequest;


import javax. servlet. ServletResponse;


import javax. servlet. http. HttpServletRequest;


 


publicclass XSSFilter implements Filter {


    FilterConfig filterConfig = null;


    publicvoid init (FilterConfig filterConfig) throws ServletException {


        this. filterConfig = filterConfig;


    }


    publicvoid destroys () {


        this. filterConfig = null;


    }


    publicvoid doFilter (ServletRequest request, ServletResponse response, FilterChain chain)


             throws IOException, ServletException {


        chain. doFilter (new XssHttpServletRequestWrapper((HttpServletRequest) request), response);


    }


}


3web中配置


<filter>


    <filter-name>XssSqlFilter</filter-name>


    <filter-class>com. Controller.XSSFilter</filter-class>


</filter>


<filter-mapping>


    <filter-name>XssSqlFilter</filter-name>


    <url-pattern>/*</url-pattern>


    <dispatcher>REQUEST</dispatcher>


</filter-mapping>


 


 


4基于springMVC的配置使用


编写SqlInjectInterceptor


import org.springframework.web. servlet. HandlerInterceptor;


import org.springframework.web. servlet. ModelAndView;


import javax. servlet. http. HttpServletRequest;


import javax. servlet. http. HttpServletResponse;


import java. util. Enumeration;


 


/** * 防止SQL注入的拦截器  */


publicclass SqlInjectInterceptor implements HandlerInterceptor {


    publicboolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {


        Enumeration names = request. getParameterNames ();


        while (names. hasMoreElements ()) {


             String name = (String) names.nextElement();


             String[] values = request.getParameterValues(name);


             for (String value: values) {


                 value = clearXss(value);


             }


        }


        returntrue;


    }


    publicvoid postHandle(HttpServletRequest request, HttpServletResponse response, Object o,


             ModelAndView modelAndView) throws Exception {


    }


    publicvoid afterCompletion(HttpServletRequest request, HttpServletResponse response, Object o, Exception e)


             throws Exception {


    }


    /** * 处理字符转义 * * @param value * @return */


    private String clearXss (String value) {


        if (value == null || "".equals(value)) {


             returnvalue;


        }


        System.err.println("=========>:处理字符转义");


        value = value. replaceAll ("<", "<"). replaceAll (">", ">");


        value = value.replaceAll("\\(", "(").replace("\\)", ")");


        value = value. replaceAll ("'", "'");


        value = value.replaceAll("eval\\((.*)\\)", "");


        value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");


        value = value.replace("script", "");


        returnvalue;


    }


}


springMVC.xml文件中配置SqlInjectInterceptor


<! -- 拦截器:SQL注入拦截 -->


    <mvc: interceptors>


        <mvc: interceptor>


             <mvc: mapping path="/**" />


             <bean class="com. Controller.SqlInjectInterceptor"></bean>


        </mvc: interceptor>


    </mvc: interceptors>


 


二、对含有敏感的脚本,直接处理掉。


1编写SX_Filter


import java.io. IOException;


import java. util. Enumeration;


import javax. servlet. Filter;


import javax. servlet. FilterChain;


import javax. servlet. FilterConfig;


import javax. servlet. ServletException;


import javax. servlet. ServletRequest;


import javax. servlet. ServletResponse;


import javax. servlet. http. HttpServletRequest;


import javax. servlet. http. HttpServletResponse;


 


publicclass SX_Filter implements Filter {


 


    private FilterConfig config;


    privatestatic String errorPath;// 出错跳转的目的地


    privatestatic String[] excludePaths;// 不进行拦截的url


    privatestatic String [] safeless = { // 需要拦截的字符关键字、url编码


             "<script", 


             "</script", 


             "<iframe",


             "</iframe",


             "<frame",


             "</frame",


             "set-cookie",


             "%3cscript",


             "%3c/script",


             "%3ciframe",


             "%3c/iframe",


             "%3cframe",


             "%3c/frame",


             "src=\"javascript:",


             "<body", "</body",


             "%3cbody",


             "%3c/body",


             "<", ">","</","/>","%3c","%3e","%3c/","/%3e"};


publicvoid doFilter(ServletRequest req, ServletResponse resp, FilterChain filterChain)


             throws IOException, ServletException {


        Enumeration params = req. getParameterNames ();


        HttpServletRequest request = (HttpServletRequest) req;


        HttpServletResponse response = (HttpServletResponse) resp;


        booleanisSafe = true;


        String requestUrl = request. getRequestURI ();


        if (isSafe(requestUrl)) {


             requestUrl = requestUrl.substring(requestUrl.indexOf("/"));


             if (! excludeUrl(requestUrl)) {


                 while (params. hasMoreElements ()) {


                 String cache = req.getParameter((String) params.nextElement());


                     if (null != cache && cache.length() > 0) {


                         if (!isSafe(cache)) {


                             isSafe = false;


                             break;


                         }


                     }


                 }


             }


        } else {


             isSafe = false;


        }


        if (! isSafe) {


             request.setAttribute("error", "您输入的参数有非法字符!");


             response. sendRedirect ("http://... ");


             return;


        }


        filterChain.doFilter(req, resp);


    }


    privatestaticboolean isSafe (String str) {


        if (null! = str && str. length () > 0) {


             for (String s: safeless) {


                 if (str. toLowerCase (). contains(s)) {


                     returnfalse;


                 }


             }


        }


        returntrue;


    }


    privateboolean excludeUrl (String url) {


        if (excludePaths != null && excludePaths.length > 0) {


             for (String path : excludePaths) {


                 if (url. toLowerCase (). equals(path)) {


                     returntrue;


                 }


             }


        }


        returnfalse;


    }


    publicvoid destroy() {


    }


    publicvoid init(FilterConfig config) throws ServletException {


        this.config = config;


        errorPath = config. getInitParameter("errorPath");


        String excludePath = config.getInitParameter("excludePaths");


        if (null != excludePath && excludePath.length() > 0) {


             excludePaths = excludePath.split(",");


        }


    }


}


2web中配置


<filter>


    <filter-name>XssSqlFilter</filter-name>


    <filter-class>com. Controller. SX_Filter </filter-class>


</filter>


<filter-mapping>


    <filter-name>XssSqlFilter</filter-name>


    <url-pattern>/*</url-pattern>


    <dispatcher>REQUEST</dispatcher>


</filter-mapping>


 


 


转载于:https://www.cnblogs.com/xxt19970908/p/5587748.html

                

        




    

    
  



    



                



	

		

			

				
					
spring mysql注入攻击_Spring MVC 如何防止XSS、SQL注入攻击

				
			

			

				

					weixin_34570507的博客
				

				

					02-04
					
					250
					
				

			

		

		

			
				
在Web项目中,通常需要处理XSS,SQL注入攻击,解决这个问题有两个思路:在数据进入数据库之前对非法字符进行转义,在更新和显示的时候将非法字符还原在显示的时候对非法字符进行转义如果项目还处在起步阶段,建议使用第二种,直接使用jstl的标签即可解决非法字符的问题。当然,对于Javascript还需要自己处理一下,写一个方法,在解析从服务器端获取的数据时执行以下escapeHTML()即可。附:Ja...

			
		

	



                

            
              



	

		

			

				
					
JAVA如何防御XSS和SQL 注入攻击

				
			

			

				

					p13993233504的博客
				

				

					04-06
					
					1074
					
				

			

		

		

			
				
4. **设置HTTP标头**:通过设置合适的HTTP标头,如`Content-Security-Policy`(CSP),可以限制浏览器加载和执行外部资源,从而减少XSS攻击的风险。对于不符合规则的输入,应予以拒绝或进行适当的处理。11. **使用安全的API**:在开发过程中,使用提供内置防护的API,例如使用DOM方法而不是直接操作字符串来处理HTML内容。10. **实施内容安全策略**:定义并实施内容安全策略(CSP),这是一种指定有效来源的技术,可以防止加载来自不可信源的资源。

			
		

	



              


  
              

                


	

		

			

				
					
Spring-MVC处理XSS、SQL注入攻击的方法总结

				
			

			

				

					11-14
				

			

		

		

			
				
Spring-MVC处理XSS、SQL注入攻击的方法总结

			
		

	





	

		

			

				
					
spirngmvc解决SQL注入

				
			

			

				

					qq_34840285的博客
				

				

					12-03
					
					1455
					
				

			

		

		

			
				
SpringMVC解决SQL注入

参考自 [spring解决SQL注入问题:自定义拦截器][https://blog.youkuaiyun.com/lj1548259095/article/details/53405088]

一、简介
一个开发好的系统,如果没有增加防SQL注入,那么别人可能会通过SQL注入去对数据库进行非法操作。所以增加防SQL注入就显的比较关键。
二、解决思路
在配置类中设置SQL注入拦截器,通过判断用户输入的参数中是否包含非法攻击性字符来拦截请求。
三、具体实现
1、创建一个拦截器
packa

			
		

	



		

			
		



	

		

			

				
					
SpringMVC利用拦截器防止SQL注入

				
			

			

				

					weixin_34029949的博客
				

				

					01-11
					
					852
					
				

			

		

		

			
				
http://www.imooc.com/article/6137

			
		

	





	

		

			

				
					
Spring MVC 如何防止XSS、SQL注入攻击

				
			

			

				

					海浪博客|技术|游戏|生活|随心
				

				

					05-08
					
					2332
					
				

			

		

		

			
				
在Web项目中,通常需要处理XSS,SQL注入攻击,解决这个问题有两个思路:
 
在数据进入数据库之前对非法字符进行转义,在更新和显示的时候将非法字符还原
在显示的时候对非法字符进行转义
如果项目还处在起步阶段,建议使用第二种,直接使用jstl的标签即可解决非法字符的问题。当然,对于Javascript还需要自己处理一下,写一个方法,在解析从服务器端获取的数据时执行以下escapeHTML

			
		

	





	

		

			

				
					
Spring MVC里面的预防 SQL 注入

				
			

			

				

					Nio96的专栏
				

				

					03-18
					
					6873
					
				

			

		

		

			
				
xss

关于xss的介绍可以看这个和这个网页,具体我就讲讲Spring
 MVC里面的预防:

web.xml加上:

context-param>
   param-name>defaultHtmlEscapeparam-name>
   param-value>trueparam-value>
context-param>


Forms加上:







			
		

	





	

		

			

				
					
sql注入和xss攻击, springmv拦截器

				
			

			

				

					07-24
				

			

		

		

			
				
sql注入和xss攻击, springmv拦截器,可自由调整需要拦截的字符

			
		

	





	

		

			

				
					
SpringMVC+Mybatis+SQLServer整合源码 含数据库文件

				
			

			

				

					03-28
				

			

		

		

			
				
数据库文件可能是SQL脚本或.bak备份文件,用于恢复SQLServer数据库的初始状态。  总之,SpringMVC、Mybatis和SQLServer的整合为开发者提供了高效、灵活的Web应用开发环境。通过理解这三个组件的核心功能和整合过程,...

			
		

	





	

		

			

				
					
基于SpringMVC实验室管理系统SSM(PC端+server端源码+数据库SQL

					
最新发布

				
			

			

				

					06-20
				

			

		

		

			
				
压缩包内的“shiyanshi.sql”是数据库脚本,包含了所有必要的表结构和初始数据,通过导入即可搭建数据库。"shiyanshi"文件夹则包含了项目的源代码,包括控制器、模型、视图、服务等组件,开发者可以在此基础上进行二...

			
		

	





	

		

			

				
					
Spring MVC + 注解 +SqlServer 框架

				
			

			

				

					12-30
				

			

		

		

			
				
运行成功的springMVC框架,可以在此基础上直接进行项目开发。里面写好的有登陆功能。

			
		

	





	

		

			

				
					
spring3.0 MVC初步5-利用拦截器防止SQL注入

					
热门推荐

				
			

			

				

					concen的专栏
				

				

					11-23
					
					1万+
					
				

			

		

		

			
				
一、定义拦截器类实现HandlerInterceptor接口
public class SqlInjectIntercepter implements HandlerInterceptor {
 @Override
 public void afterCompletion(HttpServletRequest arg0,
   HttpServletResponse arg1, Objec

			
		

	





	

		

			

				
					
Spring MVC防御CSRF、XSS和SQL注入攻击

				
			

			

				

					CHIKA2333的博客
				

				

					07-30
					
					957
					
				

			

		

		

			
				
本文说一下SpringMVC如何防御(Cross-site request forgery跨站请求伪造)和(Cross site script跨站脚本攻击)。

			
		

	





	

		

			

				
					
spring mysql注入攻击_springmvcsql注入 最简单最直接的方式

				
			

			

				

					weixin_29419979的博客
				

				

					01-27
					
					716
					
				

			

		

		

			
				
一直以来服务器没有被攻击过,前一段时间忽然发现数据库中多了很多垃圾数据,很明显是被sql注入的行为,看来是时候要认真起来了。首先,什么是sql注入,度娘一下一大堆,官方语言我就不多说了,说说我自己的理解吧。sql注入就是通过url或者post提交数据时候,字符串类型的参数会被别人利用传入sql语句,最终破坏数据库或者达到一些见不得人的目的。有时候因为业务需要url中会带一些参数,比如 ?type...

			
		

	





	

		

			

				
					
springmvcsql注入 最简单最直接的方式

				
			

			

				

					weixin_34419321的博客
				

				

					11-11
					
					1944
					
				

			

		

		

			
				
为什么80%的码农都做不了架构师?>>> 
                                        
                ...

			
		

	





	

		

			

				
					
springmvc 拦截器_SpringMVC是如何利用拦截器防止SQL注入

				
			

			

				

					weixin_39603265的博客
				

				

					12-06
					
					636
					
				

			

		

		

			
				
SQL注入简介通俗的讲,SQL注入就是恶意黑客或者竞争对手利用现有的B/S或者C/S架构的系统,将恶意的SQL语句通过表单等传递给后台SQL数据库引擎执行。比如,一个黑客可以利用网站的漏洞,使用SQL注入的方式取得一个公司网站后台的所有数据。试想一下,如果开发人员不对用户传递过来的输入进行过滤处理,那么遇到恶意用户的时候,并且系统被发现有漏洞的时候,后果将是令人难以想象的。最糟糕的是攻击者拿到了数...

			
		

	





	

		

			

				
					
SpringBoot 之  SpringMVC 实现SQL注入过滤 完整版(支持POST请求和GET请求)

				
			

			

				

					zhouzhiwengang的专栏
				

				

					09-19
					
					4977
					
				

			

		

		

			
				
首先请参考:SpringBoot 之 SpringMVC拦截器从Request中获取参数并解决request的请求流只能读取一次的问题

参考完上面的代码,现在开始编辑SQL注入拦截器,核心功能代码如下:


package com.digipower.erms.interceptor;

import java.io.BufferedReader;
import java.io.InputStr...

			
		

	





	

		

			

				
					
SpringMvc拦截器,统一异常拦截,非法sql拦截(小白易懂版

				
			

			

				

					weixin_52293201的博客
				

				

					05-27
					
					645
					
				

			

		

		

			
				
SpringMVC中的interceptor拦截器,它主要的作用是拦截指定的用户请求,并进行相应的预处理与后处理。其拦截的时间点在“处理器映射器根据用户提交的请求映射出了所要执行的处理器类,并且也找到了要执行该处理器类的处理器适配器,在处理器适配器执行处理器之前。”当然处理器映射器映射出所要执行的处理器类时,已经将拦截器与处理器组合为了一个处理器执行链,并返回给了中央调度器。

			
		

	





	

		

			

				
					
springmvc sql注入

				
			

			

				

					07-29
				

			

		

		

			
				
- *2* *3* [SpringMVC处理脚本,SQL注入问题](https://blog.youkuaiyun.com/weixin_30709061/article/details/96236818)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_...

			
		

	



              




          




        



    





    



      

      

        
      

      





	

		评论	
	

  
	




  

    

      添加红包
      
    

    

      

        
        

          
          
        

        
请填写红包祝福语或标题

      

      

        
        

          
          
        

        
红包个数最小为10个

      

      

        
        

          
          
        

        
红包金额最低5元

      

      

        
        

          当前余额3.43前往充值 >
        

      

      

        

          需支付:10.00

        
        
      

    

  





  

    
    
  

  

    
    
  








  

    

      

        

          

            
            
成就一亿技术人!

          

          

        

        

          

          

            领取后你会自动成为博主和红包主的粉丝
            规则
          

        

      

      

        

          

            
              
            
            

              
hope_wisdom
 发出的红包
            

          

        

        

          

          

          

        

      

    

    

  



      
      

      
实付

      
使用余额支付

      

        

          

            
            点击重新获取
          

        

        
扫码支付

      

      

        
          
            
          
          
        
      

      

        
        钱包余额
          0
          

            
            

              

                
抵扣说明:

                
 1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
 2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

              

            

          

      

      余额充值