Struts 2如何从请求中读取参数 [英] How does Struts 2 read parameters from request

问题描述

我已经实现了如下所示的XSS过滤器，

I have implemented an XSS filter as given below,

@Override
public String getParameter(String parameter) {
    String value = super.getParameter(parameter);

    return stripXSS(value);
}

@Override
public String getHeader(String name) {
    String value = super.getHeader(name);
    return stripXSS(value);
}

private String stripXSS(String value) 
{
    System.err.println("Initial Value "+value);

    if (value != null) 
    {
        // NOTE: It's highly recommended to use the ESAPI library and uncomment the following line to
        // avoid encoded attacks.
        value = ESAPI.encoder().canonicalize(value);
        
        System.err.println("Encoded Value "+value);
        
        // Avoid null characters
        value = value.replaceAll("\0", "");

        // Remove all sections that match a pattern
        for (Pattern scriptPattern : patterns){
            value = scriptPattern.matcher(value).replaceAll("");
        }
        
        System.err.println("Pattern Value "+value);
    }
    System.err.println("Final  Value "+value);
    return value;
}

几乎所有请求都通过这些方法之一传递，但是当我使用Struts 2 ModelDriven 方法时，不会调用这些方法.

Almost all request pass through one of these methods, but when I use a Struts 2 ModelDriven approach these methods are not invoked.

Struts如何检索参数，在哪里可以剥离参数?

How does Struts retrieve the parameters, where I can strip the parameters?

推荐答案

Struts2使用 request.getParameterMap()并将这些参数放入 ActionContext .

Struts2 creates a Map of parameters from the request using request.getParameterMap() and put these parameters to the ActionContext.

因此，您可以创建一个拦截器，该拦截器从上下文中获取这些参数并执行所需的操作.使用自定义堆栈或覆盖的操作配置向所有操作添加新的拦截器.

So, you can create an interceptor which is getting these parameters from the context and do what you want. Add a new interceptor to all actions either using custom stack or overridden action config.

这篇关于Struts 2如何从请求中读取参数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！