HttpServletRequestWrapper 类&过滤指定文字
HttpServletWrapper 和 HttpServletResponseWrapper
1). Servlet API 中提供了一个 HttpServletRequestWrapper 类来包装原始的 request 对象,
HttpServletRequestWrapper 类实现了 HttpServletRequest 接口中的所有方法,
这些方法的内部实现都是仅仅调用了一下所包装的的 request 对象的对应方法
//包装类实现 ServletRequest 接口.
public class ServletRequestWrapper implements ServletRequest {
//被包装的那个 ServletRequest 对象
private ServletRequest request;
//构造器传入 ServletRequest 实现类对象
public ServletRequestWrapper(ServletRequest request) {
if (request == null) {
throw new IllegalArgumentException("Request cannot be null");
}
this.request = request;
}
//具体实现 ServletRequest 的方法: 调用被包装的那个成员变量的方法实现。
public Object getAttribute(String name) {
return this.request.getAttribute(name);
}
public Enumeration getAttributeNames() {
return this.request.getAttributeNames();
}
//...
}
相类似 Servlet API 也提供了一个 HttpServletResponseWrapper 类来包装原始的 response 对象
2). 作用: 用于对 HttpServletRequest 或 HttpServletResponse 的某一个方法进行修改或增强.
3). 使用: 在 Filter 中, 利用 MyHttpServletRequest 替换传入的 HttpServletRequest
HttpServletRequest req = new MyHttpServletRequest(request);
chain.doFilter(req, response);
此时到达目标 Servlet 或 JSP 的 HttpServletRequest 实际上是 MyHttpServletRequest
应用5:过滤不雅文字
content.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <form action="bbs.jsp" method="post"> content: <textarea rows="5" cols="21" name="content"></textarea> <input type="submit" value="Submit"/> </form> </body> </html>
bbs.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> content: ${param.content } <br><br> method: <%= request.getMethod() %> <br><br> <%= request %> </body> </html>
ContentFilter.java
package com.aff.javaweb; import java.io.IOException; import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @WebFilter("/bbs.jsp") public class ContentFilter extends HttpFilter { @Override public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { //1. 获取请求参数的值 String content = request.getParameter("content"); HttpServletRequest req = new MyHttpServletRequest(request); //2. 把其中fuck shit等字符串替换为*** if (content.contains(" fuck ")) { // 装饰目前的 HttpServletRequest 对象: 装饰其 getParameter 方法,而其他方法还和其实现相同. // 创建一个类, 该类实现 HttpServletRequest 接口, 把当前 doFilter 中的 request 传入到该类中, // 作为其成员变量, 使用该成员变量去实现接口的全部方法. } // 3.转到目标页面 chain.doFilter(req, response); } }
MyHttpServletRequest.java
package com.aff.javaweb; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper;
//用于对 HttpServletRequest 或 HttpServletResponse 的某一个方法进行修改或增强. public class MyHttpServletRequest extends HttpServletRequestWrapper{ public MyHttpServletRequest(HttpServletRequest request) { super(request); } @Override public String getParameter(String name) { String val = super.getParameter(name); if(val != null && val.contains(" fuck ")){ val = val.replace("fuck", "****"); } return val; } }
All that work will definitely pay off