1、针对用户通过浏览器传入的参数进行过滤,如果用户输入的信息中包含了用户信息表中的敏感字,全部替换为***。
注意:我们建立敏感词汇表时,一定要注意修改编码格式为GBK或UTF-8,否则读取的会是乱码。如下图红圈所示。
2、本代码是在前面登录案例的基础上实现的,所以用户测试方法如下:
(1)、启动mysql。
(2)、运行程序,然后先执行登录。
(3)、登录成功后,人工把浏览器中输入内容修改为:http://localhost/day29/testSentitiveWordsServlet?name=张山&msg=大笨蛋,超级大傻瓜
3、工程截图:
4、主要代码展示:
SensitiveWordsFilter.java
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import java.io.BufferedReader;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.util.ArrayList;
import java.util.List;
@WebFilter("/*")
public class SensitiveWordsFilter implements Filter {
private List<String> SensitiveWords = new ArrayList<>();
public void init(FilterConfig config) throws ServletException {
try {
ServletContext servletContext = config.getServletContext();
String realPath = servletContext.getRealPath("WEB-INF/classes/敏感词汇表");
BufferedReader bR = new BufferedReader(new FileReader(realPath));
String line = null;
while((line=bR.readLine()) != null){
System.out.println(line);
SensitiveWords.add(line);
}
} catch (Exception e) {
e.printStackTrace();
}
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException {
System.out.println("**************************************");
ServletRequest proxy_req = (ServletRequest)Proxy.newProxyInstance(req.getClass().getClassLoader(), req.getClass().getInterfaces(), new InvocationHandler() {
@Override
public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
System.out.println(method);
if(method.getName().equals("getParameter")){
String ret = (String)method.invoke(req, args);
if (ret != null){
for (String sensitiveWord : SensitiveWords) {
if(ret.contains(sensitiveWord)){
/**
* replaceAll() 方法使用给定的参数 replacement 替换字符串所有匹配给定的正则表达式的子字符串。
* regex -- 匹配此字符串的正则表达式。
* newChar -- 用来替换每个匹配项的字符串
* 成功则返回替换的字符串,失败则返回原始字符串。
*/
ret = ret.replaceAll(sensitiveWord, "***");
}
}
}
return ret;
}
return method.invoke(req,args);
}
});
chain.doFilter(proxy_req, resp);
}
public void destroy() {
}
}
TestSentitiveWordsServlet.java
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@WebServlet("/testSentitiveWordsServlet")
public class TestSentitiveWordsServlet extends HttpServlet {
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
this.doGet(request, response);
}
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
System.out.println("#################################");
String name = request.getParameter("name");
String msg = request.getParameter("msg");
System.out.println(name+msg);
// request.setAttribute("test","xxx");
}
}
更多推荐
09_(案例)敏感词过滤
发布评论