public void init(FilterConfig arg0) throws ServletException { super.init(arg0); this.config = arg0; this.RequestEncoding = config.getInitParameter("RequestEncoding"); this.ResponseEncoding = config.getInitParameter("ResponseEncoding"); String refererDefender_ = config.getInitParameter("refererDefender"); boolean refererDefender = StringUtil.getBoolean(refererDefender_, false); referHelper = new ReferHelper(); referHelper.setRefererDefender(refererDefender); String wallfilterrules_ = config.getInitParameter("wallfilterrules"); String wallwhilelist_ = config.getInitParameter("wallwhilelist"); String refererwallwhilelist_ = config.getInitParameter("refererwallwhilelist"); String defaultwall = config.getInitParameter("defaultwall"); if (StringUtil.isNotEmpty(wallwhilelist_)) { String[] wallwhilelist = wallwhilelist_.split(","); referHelper.setWallwhilelist(wallwhilelist); } if (StringUtil.isNotEmpty(wallfilterrules_)) { String[] wallfilterrules = wallfilterrules_.split(","); referHelper.setWallfilterrules(wallfilterrules); } else if (defaultwall != null && defaultwall.equals("true")) { String[] wallfilterrules = ReferHelper.wallfilterrules_default; referHelper.setWallfilterrules(wallfilterrules); } if (StringUtil.isNotEmpty(refererwallwhilelist_)) { String[] refererwallwhilelist = refererwallwhilelist_.split(","); referHelper.setRefererwallwhilelist(refererwallwhilelist); } String _checkiemodeldialog = config.getInitParameter("checkiemodeldialog"); if (_checkiemodeldialog != null && _checkiemodeldialog.equals("true")) this.checkiemodeldialog = true; mode = config.getInitParameter("mode"); if (mode == null) mode = "0"; }
/* (non-Javadoc) * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain) */ public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException { if (this.config == null) { return; } HttpServletRequest request = (HttpServletRequest) req; // 是否允许过滤器, String filterEnabled = request.getParameter("filterEnabled"); HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Cache-Control", "no-cache"); response.setHeader("Pragma", "no-cache"); response.setDateHeader("Expires", -1); response.setDateHeader("max-age", 0); /** 向所有会话cookie 添加“HttpOnly”属性, 解决方案,过滤器中 */ // response.setHeader( "Set-Cookie", "name=value; HttpOnly"); // response.setHeader( "Set-Cookie", "name=value;HttpOnly"); if (referHelper.dorefer(request, response)) { return; } // response.set if (filterEnabled != null && !filterEnabled.trim().equalsIgnoreCase("true")) { // fc.doFilter(request, response); super.doFilter(request, response, fc); return; } // System.out.println("old request:" + request.getClass()); // 模式0:对请求参数编码,对响应编码 // 服务器对url不进行编码 if (mode.equals("0")) { CharacterEncodingHttpServletRequestWrapper mrequestw = new CharacterEncodingHttpServletRequestWrapper( request, RequestEncoding, checkiemodeldialog, referHelper); CharacterEncodingHttpServletResponseWrapper wresponsew = new CharacterEncodingHttpServletResponseWrapper(response, ResponseEncoding); // fc.doFilter(mrequestw, wresponsew); super.doFilter(mrequestw, wresponsew, fc); } // 模式1:对请求参数编码,对响应不编码 // 服务器对url进行编码 else if (mode.equals("1")) { CharacterEncodingHttpServletRequestWrapper mrequestw = new CharacterEncodingHttpServletRequestWrapper( request, RequestEncoding, checkiemodeldialog, referHelper); request.setCharacterEncoding(RequestEncoding); // fc.doFilter(request,response); super.doFilter(request, response, fc); } // 其他模式 else { CharacterEncodingHttpServletRequestWrapper mrequestw = new CharacterEncodingHttpServletRequestWrapper( request, this.RequestEncoding, checkiemodeldialog, referHelper); CharacterEncodingHttpServletResponseWrapper wresponsew = new CharacterEncodingHttpServletResponseWrapper(response, ResponseEncoding); // fc.doFilter(mrequestw, wresponsew); super.doFilter(mrequestw, wresponsew, fc); } }