首頁 > 開發者 > Java

內容替換Filter,替換filter

來源:互聯網
上載者:User
創建阿里雲帳戶,並獲得超過 40 款產品的免費試用版;而企業帳戶則可以享有總值 $1200 的免費試用版。立即註冊!

內容替換Filter,替換filter

      有時候需要對網站進行控制,防止輸出非法內容或者敏感資訊。這時我們可以使用filter來進行內容替換,其工作原理為,在Servlet將內容輸出到response時,response將內容緩衝起來,在Filter中進行替換,然後再輸出到客戶瀏覽器。由於預設的response並不能嚴格的緩衝輸出內容,因此需要自訂一個具備緩衝功能的response。

      可以通過擴充javax.servlet.http.HttpServletResponseWrapper類來實現自訂response。該類實現了javax.servlet.http.HttpServletResponse介面的所有方法,根據需要覆蓋其中相應的方法即可,代碼如下:HttpServletResponseWrapper.java

 1 package com.yzj.response; 2  3 import java.io.CharArrayWriter; 4 import java.io.PrintWriter; 5  6 import javax.servlet.http.HttpServletResponse; 7 import javax.servlet.http.HttpServletResponseWrapper; 8  9 public class HttpCharacterResponseWrapper extends 10 HttpServletResponseWrapper {11     private CharArrayWriter charArrayWriter = new CharArrayWriter();12     //字元數組Writer13 14     public HttpCharacterResponseWrapper(HttpServletResponse response) {15         super(response);16         // TODO Auto-generated constructor stub17     }18     19     public PrintWriter getWriter(){//覆蓋父類方法20         return new PrintWriter(charArrayWriter);21     }//返回字元數組Writer,緩衝內容22     23     public CharArrayWriter getCharArrayWriter() {24         return charArrayWriter;//getter方法25     }26 }
View Code

      該類覆蓋了getWriter()方法,當servlet中使用該response對象調用getWriter()方法來輸出內容時,內容將會被輸出到CharArrayWriter對象中,達到緩衝效果。

      Filter中需要自訂的response傳進servlet中,代碼如下:OutputReplaceFilter.java

 1 package com.yzj.filter; 2  3 import java.io.FileInputStream; 4 import java.io.FileNotFoundException; 5 import java.io.IOException; 6 import java.io.PrintWriter; 7 import java.util.Properties; 8  9 import javax.servlet.Filter;10 import javax.servlet.FilterChain;11 import javax.servlet.FilterConfig;12 import javax.servlet.ServletException;13 import javax.servlet.ServletRequest;14 import javax.servlet.ServletResponse;15 import javax.servlet.http.HttpServletResponse;16 import com.yzj.response.HttpCharacterResponseWrapper;17 18 public class OutputReplaceFilter implements Filter {19     20     private Properties pp = new Properties();21     //非法詞、敏感詞,配置在初始化參數中22 23     @Override24     public void destroy() {25         // TODO Auto-generated method stub26         27     }28 29     @Override30     public void doFilter(ServletRequest request, ServletResponse response,31             FilterChain chain) throws IOException, ServletException {32         HttpCharacterResponseWrapper responseWrapper = new HttpCharacterResponseWrapper((HttpServletResponse) response);33         34         chain.doFilter(request, responseWrapper); //doFilter,使用自訂response35         36         String output = responseWrapper.getCharArrayWriter().toString();37         //得到responseWrapper輸出內容38         39         for(Object obj:pp.keySet()){40             //遍曆所有敏感詞41             String key = (String) obj;42             output = output.replace(key, pp.getProperty(key));//替換敏感詞43         }44         PrintWriter out = response.getWriter();45         //通過原來的response的getWriter()方法輸出46         out.write(output);47         out.println("<!--Generated at"+new java.util.Date()+"-->");48         49     }50 51     @Override52     public void init(FilterConfig filterConfig) throws ServletException {53         //初始化時54         String file = filterConfig.getInitParameter("file"); //設定檔的位置55         String realPath = filterConfig.getServletContext().getRealPath(file);56         //檔案得實際位置57         58         try {59             pp.load(new FileInputStream(realPath));60         } catch (FileNotFoundException e) {61             // TODO Auto-generated catch block62             e.printStackTrace();63         } catch (IOException e) {64             // TODO Auto-generated catch block65             e.printStackTrace();66         }67         68     }69 70 }
View Code

    本例中,自訂的response只是一個“偽裝”的response。Servlet會通過它輸出內容到用戶端,但是它的內容只是將內容緩衝起來了,並沒有真正輸出到用戶端。最終輸出到用戶端還是通過原來的response完成。

    非法詞庫配置在properties檔案中,通過Filter初始化參數傳給內容替換Filter。該properties檔案內容如下:sensitive.properties

1 #amend2 Chna = China3 www.baidu.com.cn = ww.baidu.com4 5 #replace 6 色情 = **7 情色 = **8 賭博 = **
View Code

    內容替換Filter的設定檔。web.xml

 1    <filter> 2         <filter-name>OutputReplaceFilter</filter-name> 3         <filter-class> 4             com.yzj.filter.OutputReplaceFilter 5         </filter-class> 6         <init-param> 7             <param-name>file</param-name> 8             <param-value>/WEB-INF/sensitive.properties</param-value> 9         </init-param>10     </filter>11     12     <filter-mapping>13         <filter-name>OutputReplaceFilter</filter-name>14         <url-pattern>*.jsp</url-pattern>15     </filter-mapping>
View Code

    jsp檔案代碼如下:replace.jsp

 1 <%@ page language="java" contentType="text/html; charset=UTF-8" %> 2 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 3 <html> 4 <head> 5 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> 6 <title>Insert title here</title> 7 </head> 8 <body> 9 10 Chna <br/>11 <br/>12 色情 <br/>13 賭博 <br/>14 情色 <br/>15 <br/>16 www.baidu.com.cn <br/>17 18 </body>19 </html>
View Code

 

本文章原先以中文撰寫並發佈於 aliyun.com,亦設英文版本,僅作資訊用途。本網站不對文章的準確性,完整性或可靠性或其任何翻譯作出任何明示或暗示的陳述或保證。如對該文章有任何疑慮或投訴,請傳送電郵至 info-contact@alibabacloud.com 並提供相關疑慮或投訴的詳細說明。職員會於 5 個工作天內與您聯絡,一經驗證之後,即會刪除該侵權內容。

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More