servlet request.setParameters 方法 自创 修改

 /**    * 设置Parameters 的值    * @param key    * @param val    */    public void setParameters(String key,String val){    Map m = getRequest().getParameterMap();//java.lang.reflect.Field lockedField;try {//lockedField = m.getClass().getDeclaredField("locked");//lockedField.setAccessible(true);//System.out.println(lockedField.get(m));//lockedField.set(m, false);//System.out.println(lockedField.get(m));m.put(key, val);} catch (Exception e) {log.error(e.getMessage(), e);}    }

 

 

package com.dep.aop;import java.util.HashMap;import java.util.Iterator;import java.util.Map;import java.util.Set;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletRequestWrapper;import org.slf4j.Logger;import org.slf4j.LoggerFactory;/** * 拦截防止sql注入  * @author wb_zypt * */public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {HttpServletRequest orgRequest = null;Map newParams = null;private static Logger log = LoggerFactory.getLogger(XssHttpServletRequestWrapper.class);public XssHttpServletRequestWrapper(HttpServletRequest request) {super(request);orgRequest = request;}/*** 覆盖getParameter方法，将参数名和参数值都做xss过滤。<br/>* 如果需要获得原始的值，则通过super.getParameterValues(name)来获取<br/>* getParameterNames,getParameterValues和getParameterMap也可能需要覆盖*/@Overridepublic String getParameter(String name) {String value = super.getParameter(xssEncode(name));if (value != null) {value = xssEncode(value);}if(value == null){value = (String)getParameterMap().get(name);}return value;}@Override@SuppressWarnings("unchecked")public Map getParameterMap() {if(newParams !=null){return newParams;}else{newParams = new HashMap();}//Map newParams  = new HashMap();Map params = super.getParameterMap();Set<String> keySet = params.keySet();        for (Iterator iterator = keySet.iterator(); iterator.hasNext();) {            String key = (String) iterator.next();             Object obj =  params.get(key);            if(obj instanceof String){             String str = (String) params.get(key);             newParams.put(key, xssEncode((String)str));            }else if(obj.getClass() == String[].class){             String[] str = (String[]) params.get(key);             newParams.put(key, xssEncode((String[])str));            }else{             newParams.put(key, obj);            }                                   }/*java.lang.reflect.Field lockedField = null;try {lockedField = params.getClass().getDeclaredField("locked");lockedField.setAccessible(true);lockedField.set(params, false);} catch (Exception e) {log.error(e.getMessage(), e);}Set<String> keySet = params.keySet();        for (Iterator iterator = keySet.iterator(); iterator.hasNext();) {            String key = (String) iterator.next();             Object obj =  params.get(key);            if(obj instanceof String){             String str = (String) params.get(key);             params.put(key, xssEncode((String)str));            }else{             String[] str = (String[]) params.get(key);             params.put(key, xssEncode((String[])str));            }                                   }        if(lockedField!=null){        try {lockedField.set(params, true);} catch (Exception e) {log.error(e.getMessage(), e);}        }*/return newParams;}public String[] getParameterValues(String parameter) {      String[] values = super.getParameterValues(parameter);      if (values==null)  {                  return null;          }      int count = values.length;      String[] encodedValues = new String[count];      for (int i = 0; i < count; i++) {                 encodedValues[i] = xssEncode(values[i]);       }      return encodedValues;    }/*** 覆盖getHeader方法，将参数名和参数值都做xss过滤。<br/>* 如果需要获得原始的值，则通过super.getHeaders(name)来获取<br/>* getHeaderNames 也可能需要覆盖*/@Overridepublic String getHeader(String name) {String value = super.getHeader(xssEncode(name));if (value != null) {value = xssEncode(value);}return value;}private static String[] xssEncode(String[] s) {String[] newStr = new String[s.length];for(int i=0;i<s.length;i++){newStr[i]= xssEncode(s[i]);}return newStr;}/*** 将容易引起xss漏洞的半角字符直接替换成全角字符** @param s* @return*/private static String xssEncode(String s) {if (s == null || "".equals(s)) {return s;}StringBuilder sb = new StringBuilder(s.length() + 16);for (int i = 0; i < s.length(); i++) {char c = s.charAt(i);switch (c) {case '>':sb.append('＞');//全角大于号break;case '<':sb.append('＜');//全角小于号break;case '\'':sb.append('‘');//全角单引号break;case '\"':sb.append('“');//全角双引号break;case '&':sb.append('＆');//全角break;case '\\':sb.append('＼');//全角斜线break;case '#':sb.append('＃');//全角井号break;case '-':sb.append('－');//全角井号break;case ';':sb.append('；');//全角井号break;default:sb.append(c);break;}}return sb.toString();}/*** 获取最原始的request** @return*/public HttpServletRequest getOrgRequest() {return orgRequest;}/*** 获取最原始的request的静态方法** @return*/public static HttpServletRequest getOrgRequest(HttpServletRequest req) {if (req instanceof XssHttpServletRequestWrapper) {return ((XssHttpServletRequestWrapper) req).getOrgRequest();}return req;}}