filter对request请求拦截，对请求参数进行修改

package com.hjzx.goldShopV2.filter; import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; import org.apache.commons.lang.StringEscapeUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.context.ApplicationContext; import org.springframework.web.context.ContextLoader; import com.hjzx.framework.mybatis.Criteria; import com.hjzx.system.model.SysSensitive; import com.hjzx.system.service.ISysSensitiveService; /** * * @author xiongyc * */ public class GetHttpServletRequestWrapper extends HttpServletRequestWrapper { @SuppressWarnings("unused") private String charset = "UTF-8"; protected final Logger log = LoggerFactory.getLogger(getClass()); public GetHttpServletRequestWrapper(HttpServletRequest request) { super(request); } /** * 获得被装饰对象的引用和采用的字符编码 * * @param request * @param charset */ public GetHttpServletRequestWrapper(HttpServletRequest request, String charset) { super(request); this.charset = charset; } /** * 重写getParameter方法获得参数，对特殊字符进行过滤 */ public String getParameter(String name) { String value = super.getParameter(name); value = value == null ? null : convert(value); return value; } /** * 重写getParameterValues方法获得参数，对特殊字符进行过滤 */ public String[] getParameterValues(String name){ String[] values = super.getParameterValues(name); if(values!=null && values.length>0){ values[0] = values[0] == null ? null : convert(values[0]); } return values; } /** * 过滤规则 * @param target * @return */ public String convert(String target) { // target = StringEscapeUtils.escapeHtml(target); // target = StringEscapeUtils.escapeJavaScript(target); // target = StringEscapeUtils.escapeSql(target); // target = target.replace("&", "&"); target = target.replace(";", "*"); target = target.replace("(", "*"); target = target.replace(")", "*"); target = target.replace("、", "*"); target = target.replace("<", "<"); target = target.replace(">", ">"); target = target.replace("'", "'"); // target = target.replace("\"", """); // target = target.replace("alert", "a lert"); // target = target.replace("script", "s cript"); // target = target.replace("document", "d ocument"); // target = target.replace("cookie", "c ookie"); ApplicationContext ac = ContextLoader.getCurrentWebApplicationContext(); ISysSensitiveService sysSensitiveService = (ISysSensitiveService)ac.getBean("sysSensitiveService"); if(target != null){ //查询敏感字库 List<Map<String, Object>> list= sysSensitiveService.queryPage(new Criteria<SysSensitive>()); for (int i = 0; i < list.size(); i++) { String sensitive = (String)list.get(i).get("sensitiveWords"); //替换敏感词汇 if(target.indexOf(sensitive)>-1){ log.info("Filter request parameters begin " + target); target = target.replace(sensitive, "***"); log.info("Filter request parameters after" + target); } } } return target; } }