Struts2拦截SQL注入
<interceptors> <!--设置超时拦截器 --> <interceptor name="sessionOut" class="com.util.SessionOutCheckInterceptor"></interceptor> <!-- 设置拦截去栈 --> <interceptor-stack name="session"> <interceptor-ref name="sessionOut"></interceptor-ref> <!-- 引用struts2的默认拦截器栈 --> <interceptor-ref name="defaultStack"></interceptor-ref> </interceptor-stack>
</interceptors>
public class SessionOutCheckInterceptor implements Interceptor { public String intercept(ActionInvocation arg0) throws Exception { UserSession userSession = AuthorityUtil.getSysUserSession(); if(userSession != null){ ActionContext actionContext=arg0.getInvocationContext(); HttpServletRequest request= (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST); request.setCharacterEncoding("utf-8"); Map<String, Object> Parameters= actionContext.getParameters(); String CHECKSQL = "[`~!@#$%^&*()+=|{}':;',\\[\\].<>/?~!@#¥%……&*()——+|{}【】‘;:”“’。,、?]"; Pattern p = Pattern.compile(CHECKSQL); boolean CHECKSQLCODE=false; for (Entry<String, Object> entity : Parameters.entrySet()) { String []value=(String[])entity.getValue(); if(value!=null&&value.length>0&&StringUtils.isNotBlank(value[0])) { String decodeValue=URLDecoder.decode(URLDecoder.decode(value[0],"utf-8"),"utf-8"); Matcher m = p.matcher(decodeValue); if(m.find()) { CHECKSQLCODE=true; break; } } } if(!CHECKSQLCODE) { return arg0.invoke(); }else { return null; } }else{ return "login"; } } public void destroy() { } public void init() { } }
public class SessionOutCheckInterceptor implements Interceptor {
private static final long serialVersionUID = 1L;
public String intercept(ActionInvocation arg0) throws Exception {UserSession userSession = AuthorityUtil.getSysUserSession();if(userSession != null){ActionContext actionContext=arg0.getInvocationContext();HttpServletRequest request= (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST); request.setCharacterEncoding("utf-8"); Map<String, Object> Parameters= actionContext.getParameters();String CHECKSQL = "[`~!@#$%^&*()+=|{}':;',\\[\\].<>/?~!@#¥%……&*()——+|{}【】‘;:”“’。,、?]";Pattern p = Pattern.compile(CHECKSQL);boolean CHECKSQLCODE=false;for (Entry<String, Object> entity : Parameters.entrySet()) {String []value=(String[])entity.getValue();if(value!=null&&value.length>0&&StringUtils.isNotBlank(value[0])) {String decodeValue=URLDecoder.decode(URLDecoder.decode(value[0],"utf-8"),"utf-8"); Matcher m = p.matcher(decodeValue);if(m.find()) {CHECKSQLCODE=true;break;}}}if(!CHECKSQLCODE) {return arg0.invoke();}else {return null; }}else{return "login";}}
public void destroy() {}
public void init() {}
}