1 xml中的配置文件如下 2 代码如下 其中设置了敏感词过滤,只需要在项目中创建这个敏感词文件即可
package com.filter; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.UnsupportedEncodingException; import java.util.ArrayList; import java.util.List; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; import javax.servlet.http.HttpServletResponse; /** * @Description: 这个过滤器是用来解决中文乱码,转义内容中的html标签,过滤内容中的敏感字符的 */ public class CharacterEncodingFilter implements Filter { private FilterConfig filterConfig = null;//charset=utf-8;path=/WEB-INF/dirtyWord.txt //设置默认的字符编码 private String defaultCharset = "UTF-8"; @Override public void init(FilterConfig filterConfig) throws ServletException { //得到过滤器的初始化配置信息 this.filterConfig = filterConfig; } @Override public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) resp; //得到在web.xml中配置的字符编码 String charset = filterConfig.getInitParameter("charset"); if(charset==null){ charset = defaultCharset; } //post进行编码处理 request.setCharacterEncoding(charset); //服务器向浏览器写数据时使用的编码 response.setCharacterEncoding(charset); //服务器让浏览器用这个编码格式打开html文件 response.setContentType("text/html;charset="+charset); //将修改后的request加强类(包装设计模式--用于我们无法得到class的情况下要做原类的方法修改) //增强了乱码处理方法,html转义方法,敏感词汇过滤 AdvancedRequest requestWrapper = new AdvancedRequest(request,charset); //对目标资源起作用 /J2EE之后的-->/**** chain.doFilter(requestWrapper, response); } @Override public void destroy() { } //request的包装类--内部类 //AdvancedRequest 实际上就是httpservlet的子类 class AdvancedRequest extends HttpServletRequestWrapper{ //敏感词汇集合 private List<String> dirtyWords = getDirtyWords(); //定义一个变量记住被增强对象(request对象是需要被增强的对象) private HttpServletRequest request; //定义编码 private String charset; //定义一个构造函数,接收被增强对象 public AdvancedRequest(HttpServletRequest request,String charset) { super(request); this.request = request; this.charset = charset; } /* 覆盖需要增强的getParameter方法 * @see javax.servlet.ServletRequestWrapper#getParameter(java.lang.String) */ @Override public String getParameter(String name) { try{ //获取参数的值 String value= this.request.getParameter(name); if(value==null){ return null; } //如果不是以get方式提交数据的,就直接返回获取到的值 if(!this.request.getMethod().equalsIgnoreCase("get")) { //调用filter转义value中的html标签 value= filter(value); }else{ //如果是以get方式提交数据的,就对获取到的值进行转码处理 value = new String(value.getBytes(this.charset),this.request.getCharacterEncoding()); //TODO //调用filter转义value中的html标签 value= filter(value); } //过滤敏感词汇 for(String dirtyWord : dirtyWords){ if(value.contains(dirtyWord)){ //读取脏字的长度 int length=dirtyWord.length(); StringBuffer sb=new StringBuffer(); for(int i=0;i<length;i++) { sb.append("*"); } value=value.replaceAll(dirtyWord,sb.toString()); } } return value; }catch (Exception e) { throw new RuntimeException(e); } } } /** * @Description: 过滤内容中的html标签 */ public String filter(String value) { if (value == null){ return null; } char content[] = new char[value.length()]; value.getChars(0, value.length(), content, 0); StringBuffer result = new StringBuffer(content.length + 50); for (int i = 0; i < content.length; i++) { switch (content[i]) { case '<': result.append("<"); break; case '>': result.append(">"); break; case '&': result.append("&"); break; case '"': result.append("""); break; default: result.append(content[i]); } } return (result.toString()); } /** * @Method: getDirtyWords * @Description: 获取敏感字符 */ private List<String> getDirtyWords(){ //准备词汇集合 List<String> dirtyWords = new ArrayList<String>(); //文件地址 String dirtyWordPath = filterConfig.getInitParameter("dirtyWord"); //读取流 InputStream inputStream = filterConfig.getServletContext().getResourceAsStream(dirtyWordPath); InputStreamReader is = null; try { is = new InputStreamReader(inputStream,defaultCharset); } catch (UnsupportedEncodingException e2) { e2.printStackTrace(); } BufferedReader reader = new BufferedReader(is); String line; try { while ((line = reader.readLine())!= null) {//如果 line为空说明读完了 dirtyWords.add(line); } } catch (IOException e) { e.printStackTrace(); } return dirtyWords; } }