package com.dc.most.pds.security;
import java.io.IOException;
import java.util.Enumeration;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
/**
* 参数过滤类
*/
public class ParameterFilter implements Filter {
private Pattern scriptP;
private Pattern sqlP;
private Pattern notP;
public void destroy() {
}
public void doFilter(ServletRequest arg0, ServletResponse arg1,
FilterChain arg2) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)arg0;
String url = req.getRequestURI();
if(!notP.matcher(url).find()){
Enumeration params = req.getParameterNames();
boolean isSecurity = true;
while(params.hasMoreElements()){
String para_name = (String)params.nextElement();
String[] para_value = (String[])req.getParameterValues(para_name);
for(int i=0 ; i<para_value.length ; i++){
String _para_value = para_value[i].toLowerCase();
if(scriptP.matcher(_para_value).matches()
||sqlP.matcher(_para_value).matches()){
isSecurity = false;
break;
}
}
if(!isSecurity) break;
}
if(!isSecurity){
arg1.setContentType("text/html; charset=GBK");
arg1.getWriter().write("<script language='javascript'>alert('输入有误!');history.go(-1);</script>");
return;
}
}
arg2.doFilter(arg0, arg1);
}
public void init(FilterConfig arg0) throws ServletException {
String scriptPara = arg0.getInitParameter("scriptRegx");
String sqlPara = arg0.getInitParameter("sqlRegx");
String notProtect = arg0.getInitParameter("notProtect");
// System.out.println("scriptPara = "+scriptPara);
// System.out.println("sqlPara = "+sqlPara);
scriptP = Pattern.compile(scriptPara);
sqlP = Pattern.compile(sqlPara);
notP = Pattern.compile(notProtect);
}
}
- 1
- 2
- 3
- 4
前往页