:
Xssfilter.java
public void dofilter (servletRequest servletRequest, servletResponse servletResponse, filterchain filterChain) lève ioexception, servlexception {// draph = true 只做 url 验证; Flag = false 做所有字段的验证; booléen drapeau = true; if (drap httpservletRequest.getRequeSTUrl (). toString (); requeturi = urldecoder.decode (requeturi, "utf-8"); if (requeturi! = null && requeluri.indexof ("Alipay_Hotel_Book_Filter. servletResponse); return;} if (requeturi! = null && requeturi.indexof ("account_bank_return.html")! = - 1) {filterchain.dofilter (servletRequest, ServletResponse); return;} if (requestUri! = null && requeturi.indexof ("/ alipay / activité.html")! = - 1) {filterchain.dofilter (servletRequest, servletResponse); return; ;} if (requestUri! = null && requeturi.indexof ("/ alipaylogin.html")! = - 1) {filterchain.dofilter (servletRequest, servletResponse); return;} requestwrapper rw = new requestwrapper (httpservetrequest); string param = httpServletRequest.getQueryString (); if (! "". égal (param) && param! = null) {param = urldecoder.decode (param, "utf-8"); string originalurl = requestUri + param; String sqlparam = param; // 添加 sql 注入的判断 if (demandeuri.endsswith ("/ askQuestion.hTm") requestUri.endswith ("/ membre / réponse.html")) {sqlparam = rw.cleansqlinject (param);} chaîne xsssparam = rw.cleanxss (sqlparam); requeturi + = "?" + XSSParam; if (! xsssparam.equals (param)) {System.out.println ("requestUri :::::" + requestUri); httpsservletResponse.sendRedirect (requesturi); System.out.println ("non entré."); // FilterChain.Dofilter (new Requestwrapper ((httpServLetRequest) servletRequest), servletResponse); return;}} filterchain.dofilter (servletRequest, servletResponse);} else {// 对请求中的所有东西都做校验 , 包括表单。此功能校验比较严格容易屏蔽表单正常输入 , 使用此功能请注意。 使用此功能请注意。filterchain.dofilter (newwrapper ((httpersertrequequest) serpletrequest), ServletResponse);}} requestmapping: public requestwrapper () {super (null);} public requestwrapper (httpservletRequest httpservletRequest) {super (httpservletRequest);} public string [] getParameTervalues (string s) {String Str [] = super.getParameTervalued null;} int i = str.length; String AS1 [] = new String [i]; for (int j = 0; j <i; j ++) {as1 [j] = cleanxss (cleansqlinject (str [j]));} return as1;} public string getParameter (String s) {String s1 = super.getParamet (s); {return CleanXss (CleanSQLinject (S1));}} public String Getheader (String S) {String S1 = super.GetHeader (s); if (s1 == null) {return null;} else {return CleanXss (CleanSQLlinject (string tempory = src; System.out.println ("xss --- temp ->" + src); src = src.replaceALL ("<", "<"). RempaceALL (">", ">"); // if (src.Indexof ("Address") == - 1) // {src = src.replaceALL ("// (", "(") .replaceAll ("//)", ")"); //} src = src.replaceAll ("'" ""); Pattern Pattern = Pattern.Compile ("(ev //((.*)///) | script)", pattern.case_insensitive); Matcher Matcher = Pattern.matcher (SRC); src = Matcher.ReplaceALL (""); Pattern = Pattern.Compile ("[///" // '] [// S] * JavaScript: (. *) [/// "//']", pattern.case_insensitive); Matcher = Pattern.matcher (SRC); src = Matcher.ReplaceALL ("/" / ""); // 增加脚本 src = src.replaceAll ("script", "") .replaceAll (";;", "") .replaceAll ("/" "," ") .replaceAll (" @ "," ") .replaceAll (" 0x0d ","). ""); if (! temp.equals (src)) {System.out.println ("输入信息存在 XSS 攻击!"); System.out.println ("原始输入信息 ->" + temp); System.out.println ("处理后信息 ->" + src);} return src;} // 需要增加通配 , 过滤大小写组合 cleansQInd de chaîne publique; src = src.replaceALL ("insérer", "Forbidi") .ReplaceALL ("SELECT", "Forbids") .replaceALL ("Update", "Forbid") .replaceALL ("Delete", "Forbid"). if (! temp.equals (src)) {System.out.println ("输入信息存在 sql 攻击!"); System.out.println ("原始输入信息 ->" + temp); System.out.println ("处理后信息 ->" + src);} return src;}XML : :
<filter> <filter-name> xssfilter </filter-name> <filter-class> cn.com.jsoft.xss.xssfilter </filter-class> <Init-Param> <param-name> Encoding </ param-name> <par-par-parlers AM-VALUE> UTF-8 </ PARAM-VALUE> </ Init-Param> </filter> <Imlter-Mapping> <Filter-Name> XSSFilter </ Filter-Name> <Url-Pattern> / * </url-Pattern> </filter-Mapping>
以上代码仅仅将特殊的 SQL 字符 , 特殊 Script 脚本字符处理掉 , 具体的页面处理还需要后台处理!!
关于这篇 Java 过滤器 Filtre 防 SQL 注入的实现代码就是小编分享给大家的全部内容了 , 希望能给大家一个参考 , 也希望大家多多支持武林网。