spring3.0 MVC初步5-利用拦截器防止SQL注入

一、定义拦截器类实现HandlerInterceptor接口

public class SqlInjectIntercepter implements HandlerInterceptor {

 @Override
 public void afterCompletion(HttpServletRequest arg0,
   HttpServletResponse arg1, Object arg2, Exception arg3)
   throws Exception {
 }

 @Override
 public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1,
   Object arg2, ModelAndView arg3) throws Exception {
 }

 @Override
 public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
   Object arg2) throws Exception {
  Enumeration names = request.getParameterNames();
  while (names.hasMoreElements()) {
   String name = names.nextElement();
   String[] values = request.getParameterValues(name);
   for (int i = 0; i < values.length; i++) {
    if(Utility.hasAttackStr(values[i])){
     if(!(values[i].equals("DELETE") && name.equals("_method")) ){
      response.setContentType("text/html;charset=utf-8");
      response.getWriter().print("请不要尝试注入
返回");
      return false;
     }
    }
   }
  }
  return true;
 }
}

二、配置拦截器

 
  
   
  
 
注意要写在后面，否则拦截器不起作用。