房产网站管理系统,开通公众号的流程,制作网站要多少费用,重庆编程培训机构拦截器的配置#xff0c;导致只能返回boolean类型的数据#xff0c;那么要让前端知道在哪里被拦截了#xff0c;拦截了什么#xff0c;这就要用到json数据#xff0c;返回相应的数据,package com.sysh.web.interceptor;/** * Created by sjy Cotter on 2018/7/24. */impor…拦截器的配置导致只能返回boolean类型的数据那么要让前端知道在哪里被拦截了拦截了什么这就要用到json数据返回相应的数据,package com.sysh.web.interceptor;/** * Created by sjy Cotter on 2018/7/24. */import net.sf.json.JSONObject;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.web.servlet.HandlerInterceptor;import org.springframework.web.servlet.ModelAndView;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import java.io.PrintWriter;import java.util.Arrays;import java.util.Enumeration;public class SqlInjectInterceptor implements HandlerInterceptor{private final static Logger log LoggerFactory.getLogger(SqlInjectInterceptor.class);Override public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)throws Exception {// TODO Auto-generated method stub }Override public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)throws Exception {// TODO Auto-generated method stub }Override public boolean preHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2) throws Exception { EnumerationString names arg0.getParameterNames();while(names.hasMoreElements()){ String name names.nextElement(); String[] values arg0.getParameterValues(name);for(String value: values){//sql注入直接拦截 if(judgeSQLInject(value.toLowerCase())){/*arg1.setContentType(text/html;charsetUTF-8); arg1.getWriter().print(参数含有非法攻击字符,已禁止继续访问); //return false; return super.preHandle(arg0, arg1, arg2);*/ arg1.setCharacterEncoding(UTF-8); arg1.setContentType(application/json; charsetutf-8); PrintWriter out null ;try{ JSONObject res new JSONObject(); res.put(code,1004); res.put(message,false); res.put(data,参数含有非法字符请注意是否含有空格,/,#等特殊字符); out arg1.getWriter(); out.append(res.toString());return false; }catch (Exception e){ e.printStackTrace(); arg1.sendError(500);return false; } }//跨站xss清理 clearXss(value); } }return true; }/** * 判断参数是否含有攻击串 * param value * return */ public boolean judgeSQLInject(String value){if(value null || .equals(value)){return false; } String xssStr select|update|delete|truncate|%20|--|#|\\|!|; String[] xssArr xssStr.split(\\|);for(int i0;ixssArr.length;i){if(value.indexOf(xssArr[i])-1){return true; } }return false; }/** * 处理跨站xss字符转义 * * param value * return */ private String clearXss(String value) {if (value null || .equals(value)) {return value; } value value.replaceAll(, ).replaceAll(, ); value value.replaceAll(\\(, ().replace(\\), )); value value.replaceAll(, ); value value.replaceAll(eval\\((.*)\\), ); value value.replaceAll([\\\\\\][\\s]*javascript:(.*)[\\\\\\],\\); value value.replace(script, );return value; }}这是一种直接返回类似于正常访问返回的数据格式这样就能使前端试别出来进而进行展示 转载于:https://www.cnblogs.com/xuanyuer/p/9886207.html
