为了转义表单提交的数据 , 编写了一个字符转义的filter , 用的是增强request的getParameter的方法。
然后在servlet中用BeanUtils的BeanUtils.populate(user, request.getParameterMap()) 方法 来封装数据。
但是不知道为什么,过滤器filter不起作用,提交的数据并没有被转义
过滤器的代码如下
package cn.web.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
public class HtmlFilter implements Filter {
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
chain.doFilter(new HtmlRequest((HttpServletRequest) request), response);
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
}
}
class HtmlRequest extends HttpServletRequestWrapper{
private HttpServletRequest request;
public HtmlRequest(HttpServletRequest request) {
super(request);
this.request=request;
}
public String getParameter(String name){
return filter(request.getParameter(name));
}
public static String filter(String message) {
if (message == null)
return (null);
char content[] = new char[message.length()];
message.getChars(0, message.length(), content, 0);
StringBuffer result = new StringBuffer(content.length + 50);
for (int i = 0; i < content.length; i++) {
switch (content[i]) {
case '<':
result.append("<");
break;
case '>':
result.append(">");
break;
case '&':
result.append("&");
break;
case '"':
result.append(""");
break;
default:
result.append(content[i]);
}
}
return (result.toString());
}
}
servlet的代码如下:
package cn.web.servlet;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.beanutils.BeanUtils;
import cn.service.UserService;
import cn.vo.User;
public class AddUserServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
User user=new User();
try {
BeanUtils.populate(user, request.getParameterMap());
} catch (IllegalAccessException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvocationTargetException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
UserService service=new UserService();
service.addUser(user);
request.getRequestDispatcher("/user_index.jsp").forward(request, response);;
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
doGet(request,response);
}
}
web.xml中的配置如下:
<filter>
<filter-name>HtmlFilter</filter-name>
<filter-class>cn.web.filter.HtmlFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>HtmlFilter</filter-name>
<servlet-name>addPrivilegeServlet</servlet-name>
<servlet-name>AddRoleServlet</servlet-name>
<servlet-name>AddUserServlet</servlet-name>
</filter-mapping>
存入数据库中的数据并没有被转义
------解决思路----------------------
