實例如下:
xssfilter.java
public void dofilter(ServletRequest ServletRequest,ServletResponse ServletResponse,FilterChain FilterChain)拋出IOException,ServletException {// flag = true llag = true只做url驗證; flag = false做所有字段的驗證; boolean flag = true; if(flag){//只對url做xss校驗httpservletrequest httpservletRequest =(httpservletrequest)servletrequest; httpservletrequest; httpservletrequest; httpservletrequest.getRequesturl()。 toString(); requesturi = ureldecoder.decode(requesturi,“ utf-8”); if(requesturi!= null && requesturi.indexof(“ alipay_hotel_hotel_hotel_hotel_hotel_hotel_book_retnurn.html”)! servletResponse); return;} if(requesturi!= null && requesturi.indexof(“ councel_bank_return.html”)!= - 1){filterChain.dofilter(servletrequest,servletRequest, servletResponse); return;} if(requesturi!= null && requesturi.indexof(“/alipay/activity.html”)!= - 1){filterChain.dofilter(servletRequest,servletResponse); recturn ;} if(requesturi!= null && requesturi.indexof(“/alipaylogin.html”)!= - 1){filterChain.dofilter(ServletRequest,servletResponse); return; return;} httpservletrequest.getquerystring(); if(!“”。等於(param)&& param!= null){param = uroldecoder.decode(param,param,“ utf-8”); strignurl = requestUrl = requestUri + param; param; param; string sqlparam = param;/param;/param;/repact;/repacts;/repactionuri | squri || requesturi.Endswith(“/n/mement/answer.html”)){sqlparam = rw.cleansqlinject(param);}字符串xssparam = rw.cleanxss(sqlparam); requesturi += = = “? ”+XSSPARAM;如果(!xssparam.equals(param)){system.out.println(“ requesturi ::::::::::+requesturi); httpservletResponse.sendredResponse.sendredirect(requesturi); system.out.out.out.ut.println(no entered entered requestWrapper(((httpservletRequest)servletRequest),servletResponse); return;}} filterChain.dofilter(servletRequest,servletResponse);} else {// {//對請求中的所有東西都做校驗servletResponse);}} requestMapping:public requestWrapper(){super(null);} public requestWrapper(httpservleqletrequest httpservletrequest){super(super(httpservletRequest);} public string st string str str str str str str str = suppeR. {return null;} int i = str.length; string as1 = new String [i]; for(int j = 0; j = 0; j <i; j ++){as1 [j] = cleanxss(cleansqlinject(cleansqlinject(str [j]);} null;} else {return {return cleanxss(cleansqlinject(s1));}}} public string getheader(string s){字符串s1 = super.getheader(s); if(s1 = = null){return null){return null;} else {else {return {return cleanxss(cleansqlinignt s s s s sr string string string tems;}}字符串{ = src; system.out.println(“ xss --- temp->”+src); src = src.ReplaceAll(“ <”,“ <”)。替換(“>”,“”>“); // if(src.indexof(“ address”)== -1)// {src = src.replaceall(“ //(“”,“,”(“).replaceall(”).replaceall(“ //)”,“,”); //} src = src = src = src.replaceall(模式模式= pattern.compile(“(“(eval //(。(”:(.*)//)|腳本)”,pattern.case_insistive); Matcher Matcher = pattern.matcher(src); src = matcher.replaceAll(“”);模式= pattern.compile(“ [///“ //”] [// s]*javascript:(。 matcher = pattern.matcher(src); src = matcher.replaceAll(“/”/“”); //增加腳本src = src.replaceAll(“腳本”,“”).replaceAll(“;”,“”).replaceAll(“/”/“”,“”).replaceAll(“@”,“”).replaceAll(“”).replaceAll(“ 0x0d”,“ 0x0d”,“”,“”).replacealllllleall(“ 0x00” 0X00A,“”,“”。 “”);如果(! =src; src = src.replaceAll("insert", "forbidI") .replaceAll("select", "forbidS") .replaceAll("update", "forbidU") .replaceAll("delete", "forbidD") .replaceAll("and", "forbidA") .replaceAll("or", “ forbido”); if(!XML配置:
<filts> <Filter-name> XSSFILTER </FILFE-NAME> <Filter-Class> cn.com.jsoft.xss.xss.xssfilter </filter-class </filter-class> <Init-param> <param-name>編碼</param-name> <par AM-VALUE> UTF-8 </param-Value> </init-Param> </filter> <濾波器> <filter-name> xssfilter </filter-name> <url-pattern>/*</url-pattern>/*</url-pattern> </url-pattern> </filter-mapping>
以上代碼僅僅將特殊的sql字符,特殊腳本腳本字符處理掉,具體的頁面處理還需要後台處理! ! ,具體的頁面處理還需要後台處理! !
關於這篇java過濾器濾波器防sql注入的實現代碼就是小編分享給大家的全部內容了,希望能給大家一個參考,也希望大家多多支持武林網。 ,也希望大家多多支持武林網。