Struts2拦截SQL注入

复制代码
<interceptors>
            <!--设置超时拦截器 -->
            <interceptor name="sessionOut" class="com.util.SessionOutCheckInterceptor"></interceptor>
            <!-- 设置拦截去栈 -->
            <interceptor-stack name="session">
                <interceptor-ref name="sessionOut"></interceptor-ref>
                <!-- 引用struts2的默认拦截器栈 -->
                <interceptor-ref name="defaultStack"></interceptor-ref>
            </interceptor-stack>
</interceptors>
复制代码

 

复制代码
public class SessionOutCheckInterceptor implements Interceptor {
    public String intercept(ActionInvocation arg0) throws Exception {
        UserSession userSession = AuthorityUtil.getSysUserSession();
        if(userSession != null){
            ActionContext actionContext=arg0.getInvocationContext();
            HttpServletRequest request= (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST);
            request.setCharacterEncoding("utf-8");
            
            Map<String, Object> Parameters= actionContext.getParameters();
            String CHECKSQL = "[`~!@#$%^&*()+=|{}':;',\\[\\].<>/?~!@#¥%……&*()——+|{}【】‘;:”“’。,、?]";
            Pattern p = Pattern.compile(CHECKSQL);
            boolean CHECKSQLCODE=false;
            for (Entry<String, Object> entity : Parameters.entrySet()) {
                String []value=(String[])entity.getValue();
                if(value!=null&&value.length>0&&StringUtils.isNotBlank(value[0])) {
                    String decodeValue=URLDecoder.decode(URLDecoder.decode(value[0],"utf-8"),"utf-8");
                    Matcher m = p.matcher(decodeValue);
                    if(m.find()) {
                        CHECKSQLCODE=true;
                        break;
                    }
                }
            }
            if(!CHECKSQLCODE) {
                return arg0.invoke();
            }else {
                return null; 
            }
        }else{
            return "login";
        }
    }

    public void destroy() {
        
    }

    public void init() {
    }

}
复制代码

 

public class SessionOutCheckInterceptor implements Interceptor {
private static final long serialVersionUID = 1L;
public String intercept(ActionInvocation arg0) throws Exception {UserSession userSession = AuthorityUtil.getSysUserSession();if(userSession != null){ActionContext actionContext=arg0.getInvocationContext();HttpServletRequest request= (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST);        request.setCharacterEncoding("utf-8");        Map<String, Object> Parameters= actionContext.getParameters();String CHECKSQL = "[`~!@#$%^&*()+=|{}':;',\\[\\].<>/?~!@#¥%……&*()——+|{}【】‘;:”“’。,、?]";Pattern p = Pattern.compile(CHECKSQL);boolean CHECKSQLCODE=false;for (Entry<String, Object> entity : Parameters.entrySet()) {String []value=(String[])entity.getValue();if(value!=null&&value.length>0&&StringUtils.isNotBlank(value[0])) {String decodeValue=URLDecoder.decode(URLDecoder.decode(value[0],"utf-8"),"utf-8");    Matcher m = p.matcher(decodeValue);if(m.find()) {CHECKSQLCODE=true;break;}}}if(!CHECKSQLCODE) {return arg0.invoke();}else {return null; }}else{return "login";}}
public void destroy() {}
public void init() {}
}

posted @   Jachs  阅读(1361)  评论(0编辑  收藏  举报
编辑推荐:
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· 没有源码,如何修改代码逻辑?
阅读排行:
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· 记一次.NET内存居高不下排查解决与启示
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· .NET10 - 预览版1新功能体验(一)
点击右上角即可分享
微信分享提示
人生而自由,却无往不在枷锁中。