servlet request.setParameters 方法 自创 修改
来源:互联网 发布:复杂网络 周涛 编辑:程序博客网 时间:2024/06/06 04:37
/** * 设置Parameters 的值 * @param key * @param val */ public void setParameters(String key,String val){ Map m = getRequest().getParameterMap();//java.lang.reflect.Field lockedField;try {//lockedField = m.getClass().getDeclaredField("locked");//lockedField.setAccessible(true);//System.out.println(lockedField.get(m));//lockedField.set(m, false);//System.out.println(lockedField.get(m));m.put(key, val);} catch (Exception e) {log.error(e.getMessage(), e);} }
package com.dep.aop;import java.util.HashMap;import java.util.Iterator;import java.util.Map;import java.util.Set;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletRequestWrapper;import org.slf4j.Logger;import org.slf4j.LoggerFactory;/** * 拦截防止sql注入 * @author wb_zypt * */public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {HttpServletRequest orgRequest = null;Map newParams = null;private static Logger log = LoggerFactory.getLogger(XssHttpServletRequestWrapper.class);public XssHttpServletRequestWrapper(HttpServletRequest request) {super(request);orgRequest = request;}/*** 覆盖getParameter方法,将参数名和参数值都做xss过滤。<br/>* 如果需要获得原始的值,则通过super.getParameterValues(name)来获取<br/>* getParameterNames,getParameterValues和getParameterMap也可能需要覆盖*/@Overridepublic String getParameter(String name) {String value = super.getParameter(xssEncode(name));if (value != null) {value = xssEncode(value);}if(value == null){value = (String)getParameterMap().get(name);}return value;}@Override@SuppressWarnings("unchecked")public Map getParameterMap() {if(newParams !=null){return newParams;}else{newParams = new HashMap();}//Map newParams = new HashMap();Map params = super.getParameterMap();Set<String> keySet = params.keySet(); for (Iterator iterator = keySet.iterator(); iterator.hasNext();) { String key = (String) iterator.next(); Object obj = params.get(key); if(obj instanceof String){ String str = (String) params.get(key); newParams.put(key, xssEncode((String)str)); }else if(obj.getClass() == String[].class){ String[] str = (String[]) params.get(key); newParams.put(key, xssEncode((String[])str)); }else{ newParams.put(key, obj); } }/*java.lang.reflect.Field lockedField = null;try {lockedField = params.getClass().getDeclaredField("locked");lockedField.setAccessible(true);lockedField.set(params, false);} catch (Exception e) {log.error(e.getMessage(), e);}Set<String> keySet = params.keySet(); for (Iterator iterator = keySet.iterator(); iterator.hasNext();) { String key = (String) iterator.next(); Object obj = params.get(key); if(obj instanceof String){ String str = (String) params.get(key); params.put(key, xssEncode((String)str)); }else{ String[] str = (String[]) params.get(key); params.put(key, xssEncode((String[])str)); } } if(lockedField!=null){ try {lockedField.set(params, true);} catch (Exception e) {log.error(e.getMessage(), e);} }*/return newParams;}public String[] getParameterValues(String parameter) { String[] values = super.getParameterValues(parameter); if (values==null) { return null; } int count = values.length; String[] encodedValues = new String[count]; for (int i = 0; i < count; i++) { encodedValues[i] = xssEncode(values[i]); } return encodedValues; }/*** 覆盖getHeader方法,将参数名和参数值都做xss过滤。<br/>* 如果需要获得原始的值,则通过super.getHeaders(name)来获取<br/>* getHeaderNames 也可能需要覆盖*/@Overridepublic String getHeader(String name) {String value = super.getHeader(xssEncode(name));if (value != null) {value = xssEncode(value);}return value;}private static String[] xssEncode(String[] s) {String[] newStr = new String[s.length];for(int i=0;i<s.length;i++){newStr[i]= xssEncode(s[i]);}return newStr;}/*** 将容易引起xss漏洞的半角字符直接替换成全角字符** @param s* @return*/private static String xssEncode(String s) {if (s == null || "".equals(s)) {return s;}StringBuilder sb = new StringBuilder(s.length() + 16);for (int i = 0; i < s.length(); i++) {char c = s.charAt(i);switch (c) {case '>':sb.append('>');//全角大于号break;case '<':sb.append('<');//全角小于号break;case '\'':sb.append('‘');//全角单引号break;case '\"':sb.append('“');//全角双引号break;case '&':sb.append('&');//全角break;case '\\':sb.append('\');//全角斜线break;case '#':sb.append('#');//全角井号break;case '-':sb.append('-');//全角井号break;case ';':sb.append(';');//全角井号break;default:sb.append(c);break;}}return sb.toString();}/*** 获取最原始的request** @return*/public HttpServletRequest getOrgRequest() {return orgRequest;}/*** 获取最原始的request的静态方法** @return*/public static HttpServletRequest getOrgRequest(HttpServletRequest req) {if (req instanceof XssHttpServletRequestWrapper) {return ((XssHttpServletRequestWrapper) req).getOrgRequest();}return req;}}
0 0
- servlet request.setParameters 方法 自创 修改
- servlet request.setParameters 方法 自创
- sqlserver 批量修改表前缀. 自创方法.
- javaweb-servlet-request方法
- 自创字符串查找方法
- surfaceCreated方法报setParameters failed错解决办法
- struts2 源码分析 request ---设置setParameters 的值
- struts2 源码分析 request ---设置setParameters 的值 二
- servlet request请求对象常用方法总结
- servlet 的request 属性常用方法
- servlet request请求对象常用方法总结
- J2EE:servlet request常用方法总结
- 相机camera.setParameters(parameters)方法出现java.lang.RuntimeException: setParameters failed
- servlet request
- Servlet--Request
- 10005---servlet request请求对象常用方法总结
- Servlet开发(三)Request对象常用方法、常见应用
- Servlet-request之与请求行相关方法
- servlet request.setParameters 方法 自创
- listview 局部刷新
- xss filter
- Android属性动画
- button type,input name 修改
- servlet request.setParameters 方法 自创 修改
- Vim - Go
- jsf项目总结3
- DML、DDL、DCL区别
- SAP修改已经释放的请求
- Lambda表达式详解
- FZU 2210 攻占计划(思维题)
- oracle 工具语句
- 天生创想OA短信接口修改