Struts 2如何从请求中读取参数 [英] How does Struts 2 read parameters from request
问题描述
我已经实现了如下所示的XSS过滤器,
I have implemented an XSS filter as given below,
@Override
public String getParameter(String parameter) {
String value = super.getParameter(parameter);
return stripXSS(value);
}
@Override
public String getHeader(String name) {
String value = super.getHeader(name);
return stripXSS(value);
}
private String stripXSS(String value)
{
System.err.println("Initial Value "+value);
if (value != null)
{
// NOTE: It's highly recommended to use the ESAPI library and uncomment the following line to
// avoid encoded attacks.
value = ESAPI.encoder().canonicalize(value);
System.err.println("Encoded Value "+value);
// Avoid null characters
value = value.replaceAll("\0", "");
// Remove all sections that match a pattern
for (Pattern scriptPattern : patterns){
value = scriptPattern.matcher(value).replaceAll("");
}
System.err.println("Pattern Value "+value);
}
System.err.println("Final Value "+value);
return value;
}
几乎所有请求都通过这些方法之一传递,但是当我使用Struts 2 ModelDriven
方法时,不会调用这些方法.
Almost all request pass through one of these methods, but when I use a Struts 2 ModelDriven
approach these methods are not invoked.
Struts如何检索参数,在哪里可以剥离参数?
How does Struts retrieve the parameters, where I can strip the parameters?
推荐答案
Struts2使用 request.getParameterMap()
并将这些参数放入 ActionContext
.
Struts2 creates a Map
of parameters from the request
using request.getParameterMap()
and put these parameters to the ActionContext
.
因此,您可以创建一个拦截器,该拦截器从上下文中获取这些参数并执行所需的操作.使用自定义堆栈或覆盖的操作配置向所有操作添加新的拦截器.
So, you can create an interceptor which is getting these parameters from the context and do what you want. Add a new interceptor to all actions either using custom stack or overridden action config.
这篇关于Struts 2如何从请求中读取参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!