使用Filter过滤非法内容

1、首先,需要编写一个响应的封装器ResponseReplaceWrapper,用它来缓存response中的内容,代码如下:

ResponseReplaceWrapper.java

package com.comp.common;

import java.io.CharArrayWriter;
import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;

public class ResponseReplaceWrapper extends HttpServletResponseWrapper {
    
    private CharArrayWriter charWriter = new CharArrayWriter();

    public ResponseReplaceWrapper(HttpServletResponse response) {
        super(response);
    }

    @Override
    public PrintWriter getWriter() throws IOException {
//return super.getWriter();
return new PrintWriter(charWriter); } public CharArrayWriter getCharWriter() { return charWriter; } }

2、编写内容过滤器ReplaceFilter,代码如下:

package com.html.common;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletResponse;

@WebFilter("/*")
public class ReplaceFilter implements Filter {

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        
        HttpServletResponse res = (HttpServletResponse)response;
        ResponseReplaceWrapper resp = new ResponseReplaceWrapper(res);
        chain.doFilter(request, resp);
        
        String outString = resp.getCharWriter().toString();
        outString = outString.replace("过滤内容", "***");
        PrintWriter out = res.getWriter();
        out.write(outString);
    }
    
    @Override
    public void init(FilterConfig arg0) throws ServletException {
        
    }

    @Override
    public void destroy() {
        
    }

}

通过以上步骤,就可以实现过滤非法字符了

 

ResponseReplaceWrapper.java类里面声明的变量charWriter,一直不得其解,到底是在哪里赋的值。经过调试,发现是在ReplaceFilter类里面chain.doFilter(request, resp);调用完后,charWriter就有值了,我猜大概是这个方法里面有什么操作,把response里的内容赋给了charWriter。

 

ResponseReplaceWrapper.java类里面复写getWriter()方法,如果返回super.getWriter(),在执行chain.doFilter(request, resp);方法后,页面就有内容输出,但是会导致charWriter没有值;如果返回new PrintWriter(charWriter),在执行chain.doFilter(request, resp);方法后,页面没有内容输出,但是charWriter就有值了,然后拿到charWriter的值,就可以修改这个值,并把修改后的值手工输出到页面上。

 

我的理解就是,把要输出的内容临时保存起来,进行修改,然后把修改后的内容手工输出。

 

没有看这个源代码,感觉理解的还是有点一知半解,等我看完源代码,有了更深入的理解,再做补充吧。

posted @ 2018-12-16 23:01  魔豆  阅读(306)  评论(0编辑  收藏  举报