HttpServletRequestWrapper 類&過濾指定文字

HttpServletWrapper 和 HttpServletResponseWrapper

1). Servlet API 中提供了一個 HttpServletRequestWrapper 類來包裝原始的 request 對象,

      HttpServletRequestWrapper 類實現了 HttpServletRequest 接口中的所有方法,

      這些方法的內部實現都是僅僅調用了一下所包裝的的 request 對象的對應方法

//包裝類實現 ServletRequest 接口. 
public class ServletRequestWrapper implements ServletRequest { //被包裝的那個 ServletRequest 對象
private ServletRequest request; //構造器傳入 ServletRequest 實現類對象
public ServletRequestWrapper(ServletRequest request) { if (request == null) { throw new IllegalArgumentException("Request cannot be null"); } this.request = request; } //具體實現 ServletRequest 的方法: 調用被包裝的那個成員變量的方法實現。 
public Object getAttribute(String name) { return this.request.getAttribute(name); } public Enumeration getAttributeNames() { return this.request.getAttributeNames(); } //... 
}

     相類似 Servlet API 也提供了一個 HttpServletResponseWrapper 類來包裝原始的 response 對象

2). 作用: 用於對 HttpServletRequest 或 HttpServletResponse 的某一個方法進行修改或增強.

3). 使用: 在 Filter 中, 利用 MyHttpServletRequest 替換傳入的 HttpServletRequest

      HttpServletRequest req = new MyHttpServletRequest(request);
      chain.doFilter(req, response);

      此時到達目標 Servlet 或 JSP 的 HttpServletRequest 實際上是 MyHttpServletRequest

 

應用5：過濾不雅文字

content.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
  <form action="bbs.jsp" method="post">  
        content: <textarea rows="5" cols="21" name="content"></textarea>
        <input type="submit" value="Submit"/>
        
    </form>
</body>
</html>

 

bbs.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body> content: ${param.content } <br><br>
    method: <%= request.getMethod() %>
    <br><br>
    <%= request %>
</body>
</html>

 

ContentFilter.java

package com.aff.javaweb;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebFilter("/bbs.jsp")
public class ContentFilter extends HttpFilter {

    @Override
    public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        //1. 獲取請求參數的值
        String content = request.getParameter("content");
 HttpServletRequest req = new MyHttpServletRequest(request); //2. 把其中fuck shit等字符串替換為***
        if (content.contains(" fuck ")) { // 裝飾目前的 HttpServletRequest 對象: 裝飾其 getParameter 方法,而其他方法還和其實現相同. // 創建一個類, 該類實現 HttpServletRequest 接口, 把當前 doFilter 中的 request 傳入到該類中, // 作為其成員變量, 使用該成員變量去實現接口的全部方法.
        }
        // 3.轉到目標頁面  chain.doFilter(req, response);

    }
}

 

MyHttpServletRequest.java

package com.aff.javaweb;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

//用於對 HttpServletRequest 或 HttpServletResponse 的某一個方法進行修改或增強. public class MyHttpServletRequest extends HttpServletRequestWrapper{

    public MyHttpServletRequest(HttpServletRequest request) { super(request); } @Override public String getParameter(String name) { String val = super.getParameter(name); if(val != null && val.contains(" fuck ")){ val = val.replace("fuck", "****"); } return val; }
}