实例如下 :
xssfilter.java
public void dofilter (servletrequest servletrequest, servletresponse servletresponse, filterchain filterchain)는 ioexception, servletexception {// flag = true 只做 url 验证; flag = false bo; boolean flag = true; if (flag) {// 只对 URL 做 xss 校验 httpservletrequest httpservletRequest = (httpservletRequest) servletRequest; httpservletrequest.getRequestUrl (). toString (); requestUri = urldecoder.decode (requestUri, "utf-8"); if (requestUri! = null && requestUri.indexof servletResponse); return;} if (requestUri! = null && requestUri.indExof ( "ac servletResponse); return;} if (requestUri! = null && requestUri.indExof ( "/alipay/activity.html")! = -1) {filterchain.dofilter (servletRequest, servletResponse); return ;} if (requestUri! = null && requestUri.indexOf ( "/alipayLogin.html")! = -1) {filterChain.dofilter (servletRequest, servletResponse); return;} requestWrapper rw = new requestWrapper (httpservletRequest); String Param = httpservletrequest.getQueryString (); if (! "". ". requestUri.endSwith ( "/member/answer.html")) {sqlparam = rw.cleansqlinject (param);} string xssparam = rw.cleanxss (sqlparam); requestUri += "?"+xssparam; if (! xssparam.equals (param)) {system.out.println ( "requesturi ::::::"+requesturi); httpservletresponse.sendredirect (requesturi); System.out.out.println ( "입력 없음"; // filterchain.dofilter (New requestWrapper ((httpservletrequest) servletrequest), servletResponse); return;}} filterchain.dofilter (servletRequest, servletResponse);} else {// 对请求中的所有东西都做校验 对请求中的所有东西都做校验, 使用此功能请注意。 filterchain.dofilter (httpservletrequest), servletrequest), servletResponse);}} requestMapping : public requestWrapper () {super (null);} public requestWrapper (httpservletRequest httpservletRequest) {super (httpservletRequest);} public string [] getParametervalues (string s) {string [] strater.ge guper.getervaluge.getparamevaluge (stratevalue.gge). null;} int i = str.length; string as1 [] = new String [i]; for (int j = 0; j <i; j ++) {as1 [j] = cleanxss (cleensqlinject (str [j]);} return as1;} public string getParameter (string s) {string s1 = super.getparameter (s); {return cleanxss (cleansqlinject (s1));}} public string getheader (String s) {String s1 = super.getheader (s); if (s1 == null) {return null;} else {Return Cleanxss (cleansqlinject (s1));} public stringsss (strc) {strc) {strc) {strc). = src; system.out.println ( "xss --- temp->"+src); src = src.replaceall ( "<", "<"). replaceall ( ">", ">"); // if (src.indexof ( "address") == -1) // {src = src.replaceall ( "// (", "("( "("). Pattern Pattern = Pattern.compile ( "(Eval //(.(.*)/) | 스크립트)", Pattern.case_insensive); 매치기 매치 자 = Pattern.Matcher (SRC); src = matcher.replaceall ( ""); pattern = pattern.compile ( "[///"// '] [// s]*javaScript : (.*) [/// "//']", pattern.case_insensive); matcher = pattern.matcher (SRC); src = matcher.replaceall ( "/"/""); // 增加脚本 src = src.replaceall ( "스크립트", "") .replaceall ( ";", "," ") .replaceall ("/"", "") .replaceall ( "@", "") .replaceall ( "0x0d", "") .replaceall ( "0x0a" " ""); if (! temp.equals (src)) {system.out.println ( "输入信息存在 xss 攻击!"); system.out.println ( "原始输入信息->"+temp); system.out.println ( "+>"+src);} retrc;} {strc = src; src = src.replaceall ( "삽입", "forbidi") .replaceall ( "select", "forbids") .replaceall ( "update", "forbidu") .replaceall ( "venete", "forbidd") if (! temp.equals (src)) {system.out.println ( "输入信息存在 sql 攻击!"); system.out.println ( "原始输入信息->"+temp); system.out.println ( "处理后信息->"+src);} retrc;}XML : :
<filter> <filter-name> xssfilter </filter-name> <filter-class> cn.com.jsoft.xss.xssfilter </filter-class> <init-param> <param-name> 인코딩 </param-name> <par am-value> utf-8 </param-value> </init-param> </filter> <filter-mapping> <filter-name> xssfilter </filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
以上代码仅仅将特殊的 SQL l l, 特殊 스크립트 脚本字符处理掉 脚本字符处理掉, 具体的页面处理还需要后台处理!!
关于这篇 Java a 필터 防 SQL 注入的实现代码就是小编分享给大家的全部内容了 注入的实现代码就是小编分享给大家的全部内容了, 希望能给大家一个参考, 也希望大家多多支持武林网。