filter 필터
webApplication에서 request 전체 필터 하기
web.xml 설정
<filter>
<filter-name>RequestFilter</filter-name>
<filter-class>
egovframework.com.utl.RequestFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>RequestFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
package egovframework.com.utl;
import java.io.IOException;
import java.util.Enumeration;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log; // Logging 처리를 위한 import
import org.apache.commons.logging.LogFactory;
import org.springframework.web.filter.OncePerRequestFilter;
public class RequestFilter extends OncePerRequestFilter{
protected Log log = LogFactory.getLog(this.getClass());
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterchain)
throws ServletException, IOException {
if (request.getRequestURI()!=null){
if (request.getRequestURI().indexOf("/common")==-1 &&
request.getRequestURI().toLowerCase().indexOf("index.")==-1 &&
request.getRequestURI().toLowerCase().indexOf("main.")==-1 &&
request.getRequestURI().toLowerCase().indexOf("loginpage.")==-1 &&
request.getRequestURI().toLowerCase().indexOf("/error")==-1){
if (request.getParameter("menuId")==null || request.getParameter("menuId").equals("") ||
request.getParameter("pcode")==null || request.getParameter("pcode").equals("")){
log.debug("==========================================");
log.debug("메뉴번호 /pcode 없으면 안됨.");
log.debug("==========================================");
HttpUtil.goUrl(response, "/error/noParam.do", "메뉴번호 /pid 없으면 안됨.");
}
}
}
if (request.getRequestURI().indexOf("/admin")==-1){
Enumeration<Object> keys = request.getParameterNames();
while(keys.hasMoreElements()) {
String key = (String)keys.nextElement();
String value = (String)request.getParameter(key);
if (value.indexOf("<(S|s)(C|c)(R|r)(I|i)(P|p)(T|t)")>-1){
request.setAttribute(key, unscript(value));
}
}
}
filterchain.doFilter(request, response);
}
/**
* XSS 방지 처리
* MethodName : unscript
* @return String
* @exception
* @param data
* @return
* @desc
*/
protected String unscript(String data) {
if (data == null || data.trim().equals("")) {
return "";
}
String ret = data;
ret = ret.replaceAll("<(S|s)(C|c)(R|r)(I|i)(P|p)(T|t)", "<script");
ret = ret.replaceAll("</(S|s)(C|c)(R|r)(I|i)(P|p)(T|t)", "</script");
ret = ret.replaceAll("<(O|o)(B|b)(J|j)(E|e)(C|c)(T|t)", "<object");
ret = ret.replaceAll("</(O|o)(B|b)(J|j)(E|e)(C|c)(T|t)", "</object");
ret = ret.replaceAll("<(A|a)(P|p)(P|p)(L|l)(E|e)(T|t)", "<applet");
ret = ret.replaceAll("</(A|a)(P|p)(P|p)(L|l)(E|e)(T|t)", "</applet");
ret = ret.replaceAll("<(E|e)(M|m)(B|b)(E|e)(D|d)", "<embed");
ret = ret.replaceAll("</(E|e)(M|m)(B|b)(E|e)(D|d)", "<embed");
ret = ret.replaceAll("<(F|f)(O|o)(R|r)(M|m)", "<form");
ret = ret.replaceAll("</(F|f)(O|o)(R|r)(M|m)", "<form");
return ret;
}
}
'JAVA' 카테고리의 다른 글
| [JAVA]Filter를 이용한 request 파라미터 변경 방법 (0) | 2017.11.23 |
|---|---|
| [JAVA]Filter를 이용한 multipart/form-data 처리 및 파일 업로드 처리 (0) | 2017.11.23 |
| [JAVA]filter 파일 업로드 -egov (0) | 2017.11.23 |
| [JAVA]Filter 응용 (0) | 2017.11.21 |
| [JAVA]filter 사용자관리 (0) | 2017.11.16 |
마크제이콥스
초보 개발자의 이슈및 공부 내용 정리 블로그 입니다.