Java web的URL地址參數傳遞中文亂碼的解決方案

2024-04-27 15:11:01

字體：大中小

來源：轉載

供稿：網友

系統很多Url地址都暴露給用戶，存在安全隱患，用戶可以去隨意修改Url地址和參數值，為了解決這個問題提供以下解決方案，具體步驟如下：第一步：編碼URL地址，調用CommonMethod.js的rewriteUrl方法，對Url地址進行Base64編碼。例如： var url = basePath + "/testAction.do?ExeMethod=query&a=中國&b=2&c=3"; url = rewriteUrl(url); //Base64轉碼轉碼前： http://localhost:9080/demo/testAction.do?ExeMethod=query&a=中國&b=2&c=3 轉碼后： http://localhost:9080/demo/dGVzdEFjdGlvbg==_ZG8=_RXhlTWV0aG9kPXF1ZXJ5JmE95Lit5Zu9JmI9MiZjPTM=.shtml

rewriteUrl方法JS代碼：

/** * 重寫Url地址 * @param url */function rewriteUrl(url){var urlStr = "";if(typeof(enableUrlEncrypt) != "undefined" && enableUrlEncrypt && enableUrlEncrypt != null && enableUrlEncrypt === "1"){var queryStr = "";var index = url.indexOf("?");if(index != -1){urlStr = url.substring(0, index);queryStr = url.substring(index + 1);}else{urlStr = url;}$.base64.utf8encode = true;index = urlStr.indexOf(".");var suffix = urlStr.substring(index + 1);if(index != -1 && suffix.toLowerCase() != "html"){var idx = urlStr.lastIndexOf("/");var PRefix = "";if(idx != -1 && idx < index){prefix = urlStr.substring(idx + 1, index);urlStr = urlStr.substring(0, idx);}else{urlStr = urlStr.substring(0, index);}if(prefix != ""){urlStr += "/" + $.base64.btoa(prefix).replace(////g, ':');}if(queryStr != ""){queryStr = encodeURI(queryStr);queryStr = $.base64.btoa(suffix) + "_" + $.base64.btoa(queryStr);queryStr = queryStr.replace(////g, ':');}else{queryStr = $.base64.btoa(suffix);queryStr = queryStr.replace(////g, ':');}urlStr = urlStr + "_" + queryStr + ".shtml";}queryStr = null;}else{urlStr = url;}return urlStr;}

第二步：解碼URL地址并跳轉，創建一個過濾器XssFilter，具體如下：web.xml文件中增加過濾器配置：<filter><filter-name>XssFilter</filter-name><filter-class>com.spsoft.eintmgr.servlet.XssFilter</filter-class></filter><filter-mapping><filter-name>XssFilter</filter-name><url-pattern>/*</url-pattern></filter-mapping>過濾器代碼：public class XssFilter implements Filter{private static String[] openUrls = null; //跳過xss過濾的uri地址public void destroy() {}public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {HttpServletRequest req = (HttpServletRequest)request;String uri = req.getRequestURI();int stIndex = uri.lastIndexOf("/");int edIndex = uri.indexOf(".shtml");String url = uri;if(stIndex != -1 && edIndex != -1 && stIndex < edIndex){String temp = uri.substring(stIndex + 1, edIndex);String tempArr[] = temp.split("_");String prefix = new String(Base64.decodeBase64(tempArr[0].getBytes()));if(tempArr.length == 2){temp = new String(Base64.decodeBase64(tempArr[1].getBytes()));}else if(tempArr.length > 2){temp = new String(Base64.decodeBase64(tempArr[1].getBytes()));temp += "?" + new String(Base64.decodeBase64(tempArr[2].getBytes("GBK")), "UTF8");}else{temp = "";}url = uri.substring(0, stIndex) + "/" + prefix + "." + temp;int index = uri.indexOf("?");if(index != -1){uri = url.substring(0, index);}else{uri = url;}}int index = url.lastIndexOf("/");if(index != -1 && index < url.length()){url = url.substring(index + 1);}if(null != openUrls && openUrls.length > 0){for(int i = 0; i < openUrls.length; i++){if(uri.indexOf(openUrls[i]) != -1){ //包含跳過xss過濾的url地址，就不過濾req.getRequestDispatcher(url).forward(req, response);return;}}}req.getRequestDispatcher(url).forward(new RequestWrapper(req), response);}public void init(FilterConfig filterConfig) throws ServletException {}}第三步：跳轉后可以獲取各參數的值，例如：@Controller@RequestMapping("/testAction.do")public class TestAction extends BasicAction {@RequestMapping(params = "ExeMethod=query")public String query(Model model, HttpServletRequest request, HttpServletResponse response) {System.out.println("-->a:"+ request.getParameter("a"));System.out.println("-->b:"+ request.getParameter("b"));System.out.println("-->c:"+ request.getParameter("c"));return "index";}}打印結果：16:13:17,415 INFO [STDOUT] -->a:中國16:13:17,416 INFO [STDOUT] -->b:216:13:17,416 INFO [STDOUT] -->c:3

上一篇：一起學WEB（七）打扮你的網頁（二）——通過CSS控制網站整體風格

下一篇：svg -&gt; text文本水平、垂直居中