你的位置:首页 > Java教程

[Java教程]内容替换Filter

      有时候需要对网站进行控制,防止输出非法内容或者敏感信息。这时我们可以使用filter来进行内容替换,其工作原理为,在Servlet将内容输出到response时,response将内容缓存起来,在Filter中进行替换,然后再输出到客户浏览器。由于默认的response并不能严格的缓存输出内容,因此需要自定义一个具备缓存功能的response。

      可以通过扩展javax.servlet.http.HttpServletResponseWrapper类来实现自定义response。该类实现了javax.servlet.http.HttpServletResponse接口的所有方法,根据需要覆盖其中相应的方法即可,代码如下:HttpServletResponseWrapper.java

 1 package com.yzj.response; 2  3 import java.io.CharArrayWriter; 4 import java.io.PrintWriter; 5  6 import javax.servlet.http.HttpServletResponse; 7 import javax.servlet.http.HttpServletResponseWrapper; 8  9 public class HttpCharacterResponseWrapper extends 10 HttpServletResponseWrapper {11   private CharArrayWriter charArrayWriter = new CharArrayWriter();12   //字符数组Writer13 14   public HttpCharacterResponseWrapper(HttpServletResponse response) {15     super(response);16     // TODO Auto-generated constructor stub17   }18   19   public PrintWriter getWriter(){//覆盖父类方法20     return new PrintWriter(charArrayWriter);21   }//返回字符数组Writer,缓存内容22   23   public CharArrayWriter getCharArrayWriter() {24     return charArrayWriter;//getter方法25   }26 }

View Code

      该类覆盖了getWriter()方法,当servlet中使用该response对象调用getWriter()方法来输出内容时,内容将会被输出到CharArrayWriter对象中,达到缓存效果。

      Filter中需要自定义的response传进servlet中,代码如下:OutputReplaceFilter.java

 1 package com.yzj.filter; 2  3 import java.io.FileInputStream; 4 import java.io.FileNotFoundException; 5 import java.io.IOException; 6 import java.io.PrintWriter; 7 import java.util.Properties; 8  9 import javax.servlet.Filter;10 import javax.servlet.FilterChain;11 import javax.servlet.FilterConfig;12 import javax.servlet.ServletException;13 import javax.servlet.ServletRequest;14 import javax.servlet.ServletResponse;15 import javax.servlet.http.HttpServletResponse;16 import com.yzj.response.HttpCharacterResponseWrapper;17 18 public class OutputReplaceFilter implements Filter {19   20   private Properties pp = new Properties();21   //非法词、敏感词,配置在初始化参数中22 23   @Override24   public void destroy() {25     // TODO Auto-generated method stub26     27   }28 29   @Override30   public void doFilter(ServletRequest request, ServletResponse response,31       FilterChain chain) throws IOException, ServletException {32     HttpCharacterResponseWrapper responseWrapper = new HttpCharacterResponseWrapper((HttpServletResponse) response);33     34     chain.doFilter(request, responseWrapper); //doFilter,使用自定义response35     36     String output = responseWrapper.getCharArrayWriter().toString();37     //得到responseWrapper输出内容38     39     for(Object obj:pp.keySet()){40       //遍历所有敏感词41       String key = (String) obj;42       output = output.replace(key, pp.getProperty(key));//替换敏感词43     }44     PrintWriter out = response.getWriter();45     //通过原来的response的getWriter()方法输出46     out.write(output);47     out.println("<!--Generated at"+new java.util.Date()+"-->");48     49   }50 51   @Override52   public void init(FilterConfig filterConfig) throws ServletException {53     //初始化时54     String file = filterConfig.getInitParameter("file"); //配置文件的位置55     String realPath = filterConfig.getServletContext().getRealPath(file);56     //文件得实际位置57     58     try {59       pp.load(new FileInputStream(realPath));60     } catch (FileNotFoundException e) {61       // TODO Auto-generated catch block62       e.printStackTrace();63     } catch (IOException e) {64       // TODO Auto-generated catch block65       e.printStackTrace();66     }67     68   }69 70 }

View Code

    本例中,自定义的response只是一个“伪装”的response。Servlet会通过它输出内容到客户端,但是它的内容只是将内容缓存起来了,并没有真正输出到客户端。最终输出到客户端还是通过原来的response完成。

    非法词库配置在properties文件中,通过Filter初始化参数传给内容替换Filter。该properties文件内容如下:sensitive.properties

1 #amend2 Chna = China3 www.baidu.com.cn = ww.baidu.com4 5 #replace 6 色情 = **7 情色 = **8 赌博 = **

View Code

    内容替换Filter的配置文件。web.

 1  <filter> 2     <filter-name>OutputReplaceFilter</filter-name> 3     <filter-class> 4       com.yzj.filter.OutputReplaceFilter 5     </filter-class> 6     <init-param> 7       <param-name>file</param-name> 8       <param-value>/WEB-INF/sensitive.properties</param-value> 9     </init-param>10   </filter>11   12   <filter-mapping>13     <filter-name>OutputReplaceFilter</filter-name>14     <url-pattern>*.jsp</url-pattern>15   </filter-mapping>

View Code

    jsp文件代码如下:replace.jsp

 1 <%@ page language="java" contentType="text/html; charset=UTF-8" %> 2 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 3 <html> 4 <head> 5 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> 6 <title>Insert title here</title> 7 </head> 8 <body> 9 10 Chna <br/>11 <br/>12 色情 <br/>13 赌博 <br/>14 情色 <br/>15 <br/>16 www.baidu.com.cn <br/>17 18 </body>19 </html>

View Code