packagecom.loaderman.demo.b_filter_data;
importjava.io.IOException;
importjava.lang.reflect.InvocationHandler;
importjava.lang.reflect.Method;
importjava.lang.reflect.Proxy;
importjava.util.ArrayList;
importjava.util.List;
importjavax.servlet.Filter;
importjavax.servlet.FilterChain;
importjavax.servlet.FilterConfig;
importjavax.servlet.ServletException;
importjavax.servlet.ServletRequest;
importjavax.servlet.ServletResponse;
importjavax.servlet.http.HttpServletRequest;
importjavax.servlet.http.HttpServletResponse;
/**
* 无效数据过滤
*
*/
public class DateFilter implementsFilter {
//初始化无效数据
private List<String>dirtyData;
@Override
public void init(FilterConfig filterConfig) throwsServletException {
//模拟几个数据
dirtyData = new ArrayList<String>();
dirtyData.add("NND");
dirtyData.add("炸使馆");
}
@Override
public voiddoFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throwsIOException, ServletException {
//转型
final HttpServletRequest request =(HttpServletRequest) req;
HttpServletResponse response =(HttpServletResponse) res;
//一、处理公用业务
request.setCharacterEncoding("UTF-8"); //POST提交有效
response.setContentType("text/html;charset=UTF-8");
HttpServletRequest proxy =(HttpServletRequest) Proxy.newProxyInstance(
request.getClass().getClassLoader(), //指定当前使用的累加载器
new Class[]{HttpServletRequest.class}, //对目标对象实现的接口类型
new InvocationHandler() { //事件处理器
@Override
publicObject invoke(Object proxy, Method method, Object[] args)
throwsThrowable {
//定义方法返回值
Object returnValue = null;
//获取方法名
String methodName =method.getName();
//判断:对getParameter方法进行GET提交中文处理
if ("getParameter".equals(methodName)) {
//获取请求数据值【 <input type="text" name="userName">】
String value = request.getParameter(args[0].toString()); //调用目标对象的方法
//获取提交方式
String methodSubmit = request.getMethod(); //直接调用目标对象的方法
//判断如果是GET提交,需要对数据进行处理 (POST提交已经处理过了)
if ("GET".equals(methodSubmit)) {
if (value != null && !"".equals(value.trim())){
//处理GET中文
value = new String(value.getBytes("ISO8859-1"),"UTF-8");
}
}
//中文数据已经处理完: 下面进行无效数据过滤
//【如何value中出现dirtyData中数据,用****替换】
for(String data : dirtyData) {
//判断当前输入数据(value), 是否包含无效数据
if(value.contains(data)){
value = value.replace(data, "*****");
}
}
//处理完编码、无效数据后的正确数据
returnvalue;
}
else{
//执行request对象的其他方法
returnValue =method.invoke(request, args);
}
returnreturnValue;
}
});
//二、放行 (执行下一个过滤器或者servlet)
chain.doFilter(proxy, response); //传入代理对象
}
@Override
public voiddestroy() {
}
}
packagecom.loaderman.demo.b_filter_data;
importjava.io.IOException;
importjava.io.PrintWriter;
importjavax.servlet.ServletException;
importjavax.servlet.http.HttpServlet;
importjavax.servlet.http.HttpServletRequest;
importjavax.servlet.http.HttpServletResponse;
public class DisServlet extendsHttpServlet {
public voiddoGet(HttpServletRequest request, HttpServletResponse response)
throwsServletException, IOException {
//获取请求数据
String content = request.getParameter("content");
//保存到request
request.setAttribute("content", "Content:" +content);
//转发
request.getRequestDispatcher("/dis.jsp").forward(request, response);
}
public voiddoPost(HttpServletRequest request, HttpServletResponse response)
throwsServletException, IOException {
this.doGet(request, response);
}
}
<!-- 2. 无效数据过滤器配置 -->
<filter>
<filter-name>dataFilter</filter-name>
<filter-class>com.loaderman.demo.b_filter_data.DateFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>dataFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>