HttpServletRequestWrapper 类&过滤指定文字

HttpServletWrapper 和 HttpServletResponseWrapper

1). Servlet API 中提供了一个 HttpServletRequestWrapper 类来包装原始的 request 对象,

      HttpServletRequestWrapper 类实现了 HttpServletRequest 接口中的所有方法,

      这些方法的内部实现都是仅仅调用了一下所包装的的 request 对象的对应方法

//包装类实现 ServletRequest 接口. 
public class ServletRequestWrapper implements ServletRequest {

//被包装的那个 ServletRequest 对象
private ServletRequest request;

//构造器传入 ServletRequest 实现类对象
public ServletRequestWrapper(ServletRequest request) {
if (request == null) {
throw new IllegalArgumentException("Request cannot be null"); 
}
this.request = request;
}

//具体实现 ServletRequest 的方法: 调用被包装的那个成员变量的方法实现。 
public Object getAttribute(String name) {
return this.request.getAttribute(name);
}

public Enumeration getAttributeNames() {
return this.request.getAttributeNames();
} 

//...    
}

     相类似 Servlet API 也提供了一个 HttpServletResponseWrapper 类来包装原始的 response 对象

2). 作用: 用于对 HttpServletRequest 或 HttpServletResponse 的某一个方法进行修改或增强.

3). 使用: 在 Filter 中, 利用 MyHttpServletRequest 替换传入的 HttpServletRequest

      HttpServletRequest req = new MyHttpServletRequest(request);
      chain.doFilter(req, response);

      此时到达目标 Servlet 或 JSP 的 HttpServletRequest 实际上是 MyHttpServletRequest

 

应用5:过滤不雅文字

content.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
    <form action="bbs.jsp" method="post">  
        content: <textarea rows="5" cols="21" name="content"></textarea>
        <input type="submit" value="Submit"/>
        
    </form>
</body>
</html>

 

bbs.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
    content: ${param.content }
    <br><br>
    method: <%= request.getMethod() %>
    <br><br>
    <%= request %>
</body>
</html>

 

ContentFilter.java

package com.aff.javaweb;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebFilter("/bbs.jsp")
public class ContentFilter extends HttpFilter {

    @Override
    public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        //1. 获取请求参数的值
        String content = request.getParameter("content");
        HttpServletRequest req = new MyHttpServletRequest(request);
        //2. 把其中fuck shit等字符串替换为***
        if (content.contains(" fuck ")) {

      //  装饰目前的 HttpServletRequest 对象: 装饰其 getParameter 方法,而其他方法还和其实现相同.
      //  创建一个类, 该类实现 HttpServletRequest 接口, 把当前 doFilter 中的 request 传入到该类中,
      //  作为其成员变量, 使用该成员变量去实现接口的全部方法.
        }
        // 3.转到目标页面
        chain.doFilter(req, response);

    }
}

 

MyHttpServletRequest.java

package com.aff.javaweb;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
//用于对 HttpServletRequest 或 HttpServletResponse 的某一个方法进行修改或增强.
public class MyHttpServletRequest extends HttpServletRequestWrapper{ public MyHttpServletRequest(HttpServletRequest request) { super(request); } @Override public String getParameter(String name) { String val = super.getParameter(name); if(val != null && val.contains(" fuck ")){ val = val.replace("fuck", "****"); } return val; } }

 

posted @ 2020-05-01 00:49  林淼零  阅读(913)  评论(0编辑  收藏  举报