消息关闭
    暂无新消息!
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
  id="WebApp_ID"
  version="2.5">
  <listener>
    <listener-class>com.dhcc.framework.extcomponent.ui.formconfig.listener.LoadXmlConfigListener</listener-class>
  </listener>
  <listener>
    <listener-class>com.business.login.OnlineCounterListener</listener-class>
  </listener>
   <listener>
    <listener-class>com.dhcc.framework.util.LoginServlet</listener-class>
  </listener>
  
  <filter>
    <filter-name>StringFilter</filter-name>
    <filter-class>com.business.filter.StringFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>StringFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  
  <filter>
    <filter-name>ssotokenfilter</filter-name>
    <filter-class>com.business.filter.LoginFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>ssotokenfilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <servlet>
    <servlet-name>MCCServlet</servlet-name>
    <servlet-class>com.dhcc.framework.core.MCCServlet</servlet-class>
    <load-on-startup>3</load-on-startup>
  </servlet>
  <servlet>
    <display-name>loadStartUpServlet</display-name>
    <servlet-name>loadStartUpServlet</servlet-name>
    <servlet-class>com.dhcc.framework.core.LoadStartUpServlet</servlet-class>
    <load-on-startup>100</load-on-startup>
  </servlet>
  <servlet>
    <servlet-name>loadEngineServlet</servlet-name>
    <servlet-class>com.dhcc.workflow.loadEngineServlet</servlet-class>
    <load-on-startup>200</load-on-startup>
  </servlet>
  <servlet>
    <display-name>Quartz Initializer Servlet</display-name>
    <servlet-name>QuartzInitializer</servlet-name>
    <servlet-class>org.quartz.ee.servlet.QuartzInitializerServlet</servlet-class>
    <init-param>
      <param-name>config-file</param-name>
      <param-value>/quartz.properties</param-value>
    </init-param>
    <init-param>
      <param-name>shutdown-on-unload</param-name>
      <param-value>true</param-value>
    </init-param>
    <init-param>
      <param-name>start-scheduler-on-load</param-name>
      <param-value>true</param-value>
    </init-param>
    <load-on-startup>5</load-on-startup>
  </servlet>
  <servlet>
    <servlet-name>TreeServlet</servlet-name>
    <servlet-class>com.dhcc.framework.tree.TreeServlet</servlet-class>
    <load-on-startup>3</load-on-startup>
  </servlet>
  <servlet>
    <servlet-name>ClientTreeServlet</servlet-name>
    <servlet-class>com.dhcc.workflow.client.tree.TreeServlet</servlet-class>
    <load-on-startup>3</load-on-startup>
  </servlet>
  <servlet>
    <servlet-name>OrganizationServlet</servlet-name>
    <servlet-class>com.dhcc.framework.organization.action.OrganizationServlet</servlet-class>
    <load-on-startup>3</load-on-startup>
  </servlet>
  <servlet>
    <servlet-name>DocumentIDCodeServlet</servlet-name>
    <servlet-class>com.dhcc.framework.util.DocumentIDCodeServlet</servlet-class>
    <load-on-startup>3</load-on-startup>
  </servlet>
  <servlet>
    <servlet-name>YozoUploadServlet</servlet-name>
    <servlet-class>com.dhcc.framework.upload.servlet.YozoUploadServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>WpsUploadServlet</servlet-name>
    <servlet-class>com.dhcc.framework.upload.servlet.WpsUploadServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>FoxitDownloadServlet</servlet-name>
    <servlet-class>com.dhcc.framework.upload.servlet.FoxitDownloadServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>FoxitUploadServlet</servlet-name>
    <servlet-class>com.dhcc.framework.upload.servlet.FoxitUploadServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>SuwellUploadServlet</servlet-name>
    <servlet-class>com.dhcc.framework.upload.servlet.SuwellUploadServlet</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>dbpoolAdmin</servlet-name>
    <servlet-class>org.logicalcobwebs.proxool.admin.servlet.AdminServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>MCCServlet</servlet-name>
    <url-pattern>/mcc</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>TreeServlet</servlet-name>
    <url-pattern>/treeServlet</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>ClientTreeServlet</servlet-name>
    <url-pattern>/clientTreeServlet</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>YozoUploadServlet</servlet-name>
    <url-pattern>/yozoUpload</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>WpsUploadServlet</servlet-name>
    <url-pattern>/wpsUpload</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>FoxitDownloadServlet</servlet-name>
    <url-pattern>/foxitDownload</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>FoxitUploadServlet</servlet-name>
    <url-pattern>/foxitUpload</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>SuwellUploadServlet</servlet-name>
    <url-pattern>/suwellUpload</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>OrganizationServlet</servlet-name>
    <url-pattern>/organizationServlet</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>DocumentIDCodeServlet</servlet-name>
    <url-pattern>/documentIDCodeServlet</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>dbpoolAdmin</servlet-name>
    <url-pattern>/dbpoolAdmin</url-pattern>
  </servlet-mapping>
  <servlet>
    <servlet-name>XFireServlet</servlet-name>
    <servlet-class>org.codehaus.xfire.transport.http.XFireConfigurableServlet</servlet-class>
    <load-on-startup>0</load-on-startup>
  </servlet>
  <servlet>
    
    <servlet-name>LoginServlet</servlet-name>
    <servlet-class>com.dhcc.framework.util.LoginServlet</servlet-class>
  </servlet>
  <servlet>
    <description>This is the description of my J2EE component</description>
    <display-name>This is the display name of my J2EE component</display-name>
    <servlet-name>getStenByName</servlet-name>
    <servlet-class>com.dhcc.performance.stencil.util.getStenByName</servlet-class>
  </servlet>
  <servlet>
    <servlet-name>test</servlet-name>
    <servlet-class>com.dhcc.performance.stencil.util.test</servlet-class>
  </servlet>



  <servlet-mapping>
    <servlet-name>XFireServlet</servlet-name>
    <url-pattern>/services/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>LoginServlet</servlet-name>
    <url-pattern>/login.do</url-pattern>
  </servlet-mapping>
    <servlet-mapping>
    <servlet-name>LoginServlet</servlet-name>
    <url-pattern>/reLogin.do</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>LoginServlet</servlet-name>
    <url-pattern>/getUserMsg.do</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>getStenByName</servlet-name>
    <url-pattern>/getStenByName</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>test</servlet-name>
    <url-pattern>/servlet/test</url-pattern>
  </servlet-mapping>
  
  
  
  
  <welcome-file-list>
    <welcome-file>login.html</welcome-file>
    <welcome-file>/index.html</welcome-file>
    <welcome-file>/index.htm</welcome-file>
  </welcome-file-list>
  <jsp-config>
    <taglib>
      <taglib-uri>http://www.dhcc.com.cn/dhccTag</taglib-uri>
      <taglib-location>/WEB-INF/dhccTag.tld</taglib-location>
    </taglib>
  </jsp-config>
</web-app>




9个回答

︿ 2
有没有大神知道是怎么回事啊?我要实现全局过滤特殊字符,但是现在的问题是他没有过滤,我在StringFilter里打断点,也没有进,不知道咋回事。求大神解答!谢谢!
︿ 0
嘿呦喂,解决啦,哈哈,是tongweb中间件没有重新部署,我在myeclipse里重新部署不好使。谢谢各位
︿ 0
package com.business.filter;
    import java.io.IOException;  
    import java.util.Enumeration;  
    import java.util.Iterator;  
      
    import javax.servlet.Filter;  
    import javax.servlet.FilterChain;  
    import javax.servlet.FilterConfig;  
    import javax.servlet.ServletException;  
    import javax.servlet.ServletRequest;  
    import javax.servlet.ServletResponse;  
    import javax.servlet.http.HttpServletRequest;  
    import javax.servlet.http.HttpServletResponse;  
      
    import org.apache.log4j.Logger;  
      
    /** 
     * 防sql注入过滤器,使用时需要注意可能会过滤掉正常访问 
     * @version 1.0 
     */  
    public class StringFilter implements Filter {  
        public static final Logger logger = Logger.getLogger(sun.reflect.Reflection.getCallerClass(1));  
          
        //需要过滤的post参数值字符(不需要空格 可能会对系统访问有影响,请注意删减关键字)  
        private static String postStr="%20,script";  
        //需要过滤的post字符(可能会对系统访问有影响,请注意删减关键字)  
        //private static String sqlStr="<,>,and,exec,insert,select,%20,delete,update,count,*,%,chr,mid,master,truncate,char,like,declare,&,#,(,),/**/,=,script,\u0023,redirect:,xwork2";  
        // --and , count  
        private static String sqlStr="exec,insert,select,%20,delete,update,chr,master,truncate,char,like,declare,#,/**/,script,\u0023,redirect:,xwork2";  
        //需要过滤的url字符(可能会对系统访问有影响,请注意删减关键字)  
        private static String urlStr="%20,%22,%27,<,>,master,truncate,char,script,java.lang.ProcessBuilder,java.lang.String,/etc/,\u0023,redirect:,xwork2,\u0073\u0063\u0072\u0069\u0070\u0074";  
        public void destroy() {  
       }  
      
        public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {  
            request.setCharacterEncoding("utf-8");  
            HttpServletRequest req = (HttpServletRequest)request;  
            HttpServletResponse res = (HttpServletResponse)response;      
      
            Enumeration names = req.getParameterNames();//获取所有的表单参数  
            String gotoUrl=req.getRequestURI();  //获取访问的url  
            String queryString = req.getQueryString();  
              
            //判断所有的参数名是否有非法字符  
            while(names.hasMoreElements()){           
            String st=names.nextElement().toString();  
                   if(strInj(st,sqlStr)||strInj2(st,urlStr)){  
                       req.getSession().setAttribute("msgStr", "请不要输入非法参数:"+req.getParameter(st)+" !");  
                       res.sendRedirect(req.getContextPath()+"/jsp/common/error.jsp");  
                       return;  
                   }  
         
            }   
              
            //判断所有的参数值是否有非法字符  
            Iterator values = req.getParameterMap().values().iterator();//获取所有的表单参数  
            while(values.hasNext()){  
               String[] value = (String[])values.next();  
               for(int i = 0;i < value.length;i++){  
                   if(strInj(value[i],sqlStr)||strInj2(value[i],postStr)){  
                       request.setAttribute("msgStr", "请不要输入非法参数:"+value[i]+" !");  
                       res.sendRedirect(req.getContextPath()+"/jsp/common/error.jsp");  
                       return;  
                   }  
      
               }  
            }   
              
            //判断访问的url中是否有非法参数  
            if(queryString!=null&&strInj2(queryString,urlStr)){  
                    req.getSession().setAttribute("msgStr", "请不要输入非法参数 !");  
                    res.sendRedirect(req.getContextPath()+"/jsp/common/error.jsp");  
                    return;  
            }  
          
              
            chain.doFilter(request, response);  
        }  
          
        /** 
         * 判断字符是否包含非法字符 
         * @param str 
         * @return 
         */  
        public static boolean strInj(String str,String standStr){  
            if(str==null||str.length()==0)return false;  
            String[] inj_stra=standStr.split(",");  
            for (int i=0 ; i < inj_stra.length ; i++ ){  
                if (inj_stra[i].length()>0&&str.toLowerCase().indexOf(inj_stra[i])>=0){     
                    System.out.println(inj_stra[i]);  
                   return true;   
                }  
            }     
            return false;  
        }  
          
        /** 
         * 判断字符是否包含非法字符,没有空格 
         * @param str 
         * @return 
         */  
        public boolean strInj2(String str,String standStr){  
            if(str==null||str.length()==0)return false;  
            String[] inj_stra=standStr.split(",");  
            for (int i=0 ; i < inj_stra.length ; i++ ){  
                if (inj_stra[i].length()>0&&str.toLowerCase().indexOf(inj_stra[i])>=0){     
                   return true;   
                }  
            }     
            return false;  
        }  
      
      
        public void init(FilterConfig cfg) throws ServletException {  
              System.out.println("xml黄辣丁拉开几点啦");
        }  
          
//        public static void main(String[] args){  
 //           SqlFilter2 sf = new SqlFilter2();  
//            String st = "standardPrice";  
 //           if(strInj(st,sqlStr)){  
 //               System.out.println("=======:"+sqlStr.indexOf(st));  
 //              }  
//            if(sf.strInj2(st,urlStr)){  
//                System.out.println("=======:"+urlStr.indexOf(st));  
 //           }  
//        }  
    }