实例如下 :
XSSFilter.java
public void dofilter (servletRequest servletRequest, servletresponse servletresponse, filterchain filterchain) löscht ioException, servleTexception {// flag = true 只做 url 验证; flag = false 做所有字段的验证; boolean flag = true; if (flag) {// 只对 url 做 xss 校验 httpServletRequest httpServletRequest = (httpServletRequest) servletRequest; httpServletRequest.getRequesturl (). toString (); Requesturi = urdecoder.decode (Requesturi, "Utf-8"); if (Requesturi! ServletResponse); Rückgabe;} if (Requesturi! servletResponse); return;} if (Requesturi! = null && requesturi.indexof ("/alipay/acity.html")! ;} if (Requesturi! = null && requesturi.indexof ("/alipaylogin.html")! httpServletRequest.getQueryString (); if (! "". Equals (Param) && param! requesturi.endswith ("/member/beantwortet.html")) {sqlparam = rw.cleansqlinject (param);} String xsssparam = rw.cleanxss (SQLPARAM); Requesturi += "?"+xssparam; if (! xssparam.equals (param) {System.out.println ("Requesturi :::::"+Requesturi); RequestWrapper((HttpServletRequest) servletrequest), servletresponse);return ;}}filterchain.doFilter(servletrequest, servletresponse);}else{//对请求中的所有东西都做校验,包括表单。此功能校验比较严格容易屏蔽表单正常输入,使用此功能请注意。filterchain.doFilter(new RequestWrapper((HttpServletRequest) servletrequest), servletResponse);}} requestMapping: public requestWrapper () {Super (null);} public requestWrapper (httpServletRequest httpServletRequest) {Super (httpServletrequest); {return null;} int i = str.Length; String as1 [] = new String [i]; für (int j = 0; j <i; j ++) {as1 [j] = cleanxss (CleanSQLinject (str [j]));} return as1;} öffentliche String getParammeter (s) {String s1 = super.getSparameter) {String s1 = super.getSparameter) {{{{{{{string s1 = super.g. null;} else {return cleanxss (CleanSqlinject (s1));}} public String getheader (String s) {String s1 = Super.Getheader (s); if (s1 == null) {return null;} else {return Cleanxss (CleanSQLinSQuely (S1); = src; system.out.println ("xss --- temp->"+src); src = src.replaceAll ("<", "<"). ersetzen (">", ">"); // if (src.indexof ("Adresse") ==-1) // {src = src.replaceAll ("// (", "(") .replaceall ("//)", ")"); //} Src = src.replaceall ("" "," "); Muster muster = muster.comPile ("(eval //(.*)///) | Skript)", muster.case_inemsitiv); Matcher Matcher = muster.Matcher (SRC); src = matcher.replaceall (""); muster = muster.comPile ("[///" // '] [// S]*JavaScript: (.*) [/// "//']", muster.case_insensitiv); Matcher = muster.Matcher (SRC); src = matcher.replaceall ("/"/""); // 增加脚本 src = src.replaceall ("script", "") .replaceall ("; "") .ReplaceAll (",", ""); if (! temp.equals (src)) {System.out.println ("输入信息存在 xss 攻击!"); System.out.println ("原始输入信息->"+temp); CleanSqlinject (String src) {String temp = src; "Forbida") .ReplaceAll ("oder", "Forbido");xml 配置 :
<Filter> <filter-name> xssfilter </filter-name> <filter-classe> cn.com.jsoft.xss.xssfilter </filter-classe> <init-param> <Param-name> codieren </param-name> <par AM-Value> UTF-8 </param-value> </init-param> </filter> <filtermapping> <filter-name> xssfilter </filter-name> <url-pufters
以上代码仅仅将特殊的 sql 字符 , 特殊 Skript 脚本字符处理掉 , 具体的页面处理还需要后台处理!! 具体的页面处理还需要后台处理!!
关于这篇 Java 过滤器 Filter 防 sql 注入的实现代码就是小编分享给大家的全部内容了 , 希望能给大家一个参考 , 也希望大家多多支持武林网。 也希望大家多多支持武林网。