Replace Filter with content

Replace Filter with content

Sometimes you need to control the website to prevent the output of illegal content or sensitive information. In this case, we can use the filter to replace the content. The working principle is that when the Servlet outputs the content to the response, the response caches the content and replaces it in the Filter, and then output it to the customer's browser. Because the default response does not strictly cache the output content, you need to customize a response with the cache function.

You can implement custom response by extending the javax. servlet. http. HttpServletResponseWrapper class. This class implements all the methods of the javax. servlet. http. HttpServletResponse interface and overwrites the corresponding methods as needed. The Code is as follows: HttpServletResponseWrapper. java

1 package com. yzj. response; 2 3 import java. io. charArrayWriter; 4 import java. io. printWriter; 5 6 import javax. servlet. http. httpServletResponse; 7 import javax. servlet. http. authorization; 8 9 public class HttpCharacterResponseWrapper extends 10 authorization {11 private CharArrayWriter charArrayWriter = new CharArrayWriter (); 12 // character array Writer13 14 public HttpCharacterResponseWrapper (HttpServletResponse response) {15 super (response); 16 // TODO Auto-generated constructor stub17} 18 19 public PrintWriter getWriter () {// override the parent class method 20 return new PrintWriter (charArrayWriter ); 21} // return character array Writer, cache content 22 23 public CharArrayWriter getCharArrayWriter () {24 return charArrayWriter; // getter Method 25} 26}

View Code

This class overwrites the getWriter () method. When the servlet uses this response object to call the getWriter () method to output the content, the content will be output to the CharArrayWriter object to achieve cache effect.

The custom response in the Filter needs to be passed into the servlet. The Code is as follows: OutputReplaceFilter. java

1 package com. yzj. filter; 2 3 import java. io. fileInputStream; 4 import java. io. fileNotFoundException; 5 import java. io. IOException; 6 import java. io. printWriter; 7 import java. util. properties; 8 9 import javax. servlet. filter; 10 import javax. servlet. filterChain; 11 import javax. servlet. filterConfig; 12 import javax. servlet. servletException; 13 import javax. servlet. servletRequest; 14 import javax. servlet. ServletResponse; 15 import javax. servlet. http. httpServletResponse; 16 import com. yzj. response. httpCharacterResponseWrapper; 17 18 public class OutputReplaceFilter implements Filter {19 20 private Properties pp = new Properties (); 21 // illegal words, sensitive words, configure 22 23 @ Override24 public void destroy () {25 // TODO Auto-generated method stub26 27} 28 29 @ Override30 public void doFilter (ServletRequest request, Ser VletResponse response, 31 FilterChain chain) throws IOException, ServletException {32 HttpCharacterResponseWrapper responseWrapper = new HttpCharacterResponseWrapper (HttpServletResponse) response); 33 34 chain. doFilter (request, responseWrapper); // doFilter, use custom response35 36 String output = responseWrapper. getCharArrayWriter (). toString (); 37 // get the responseWrapper output 38 39 for (Object obj: pp. keySet () {4 0 // traverse all sensitive words 41 String key = (String) obj; 42 output = output. replace (key, pp. getProperty (key); // replace sensitive words 43} 44 PrintWriter out = response. getWriter (); 45 // use the getWriter () method of the original response to output 46 out. write (output); 47 out. println ("<! -- Generated at "+ new java. util. date () + "-->"); 48 49} 50 51 @ Override52 public void init (FilterConfig filterConfig) throws ServletException {53 // 54 String file = filterConfig at initialization. getInitParameter ("file"); // The Position of the configuration file is 55 String realPath = filterConfig. getServletContext (). getRealPath (file); 56 // actual file location 57 58 try {59 pp. load (new FileInputStream (realPath); 60} catch (FileNotFoundException e) {61 // TODO Auto-generated catch block62 e. printStackTrace (); 63} catch (IOException e) {64 // TODO Auto-generated catch block65 e. printStackTrace (); 66} 67 68} 69 70}

View Code

In this example, the custom response is only a "disguised" response. Servlet will output content to the client through it, but its content is only cached and not actually output to the client. The final output to the client is still completed through the original response.

The invalid dictionary is configured in the properties file, and the Filter is replaced by the Filter initialization parameter passed to the content. The content of this properties file is as follows: sensitive. properties

1 # amend2 Chna = China3 www.baidu.com.cn = ww. baidu. com4 5 # replace 6 porn = ** 7 porn = ** 8 gambling = **

View Code

Content to replace the configuration file of the Filter. Web. xml

 1    <filter> 2         <filter-name>OutputReplaceFilter</filter-name> 3         <filter-class> 4             com.yzj.filter.OutputReplaceFilter 5         </filter-class> 6         <init-param> 7             <param-name>file</param-name> 8             <param-value>/WEB-INF/sensitive.properties</param-value> 9         </init-param>10     </filter>11     12     <filter-mapping>13         <filter-name>OutputReplaceFilter</filter-name>14         <url-pattern>*.jsp</url-pattern>15     </filter-mapping>

View Code

The jsp file code is as follows: replace. jsp

1 <% @ page language = "java" contentType = "text/html; charset = UTF-8" %> 2 <! DOCTYPE html PUBLIC "-// W3C // dtd html 4.01 Transitional // EN" http://www.w3.org/TR/html4/loose.dtd "> 3 View Code