<interceptors><!--設(shè)置超時攔截器 --><interceptor name="sessionOut" class="com.util.SessionOutCheckInterceptor"></interceptor><!-- 設(shè)置攔截去棧 --><interceptor-stack name="session"><interceptor-ref name="sessionOut"></interceptor-ref><!-- 引用struts2的默認攔截器棧 --><interceptor-ref name="defaultStack"></interceptor-ref></interceptor-stack>
</interceptors>

?

public class SessionOutCheckInterceptor implements Interceptor {public String intercept(ActionInvocation arg0) throws Exception {UserSession userSession = AuthorityUtil.getSysUserSession();if(userSession != null){ActionContext actionContext=arg0.getInvocationContext();HttpServletRequest request= (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST);request.setCharacterEncoding("utf-8");Map<String, Object> Parameters= actionContext.getParameters();String CHECKSQL = "[`~!@#$%^&*()+=|{}':;',\\[\\].<>/?~！@#￥%……&*（）——+|{}【】‘；：”“’。，、？]";Pattern p = Pattern.compile(CHECKSQL);boolean CHECKSQLCODE=false;for (Entry<String, Object> entity : Parameters.entrySet()) {String []value=(String[])entity.getValue();if(value!=null&&value.length>0&&StringUtils.isNotBlank(value[0])) {String decodeValue=URLDecoder.decode(URLDecoder.decode(value[0],"utf-8"),"utf-8");Matcher m = p.matcher(decodeValue);if(m.find()) {CHECKSQLCODE=true;break;}}}if(!CHECKSQLCODE) {return arg0.invoke();}else {return null; }}else{return "login";}}public void destroy() {}public void init() {}}

?

public class SessionOutCheckInterceptor implements Interceptor {
private static final long serialVersionUID = 1L;
public String intercept(ActionInvocation arg0) throws Exception {UserSession userSession = AuthorityUtil.getSysUserSession();if(userSession != null){ActionContext actionContext=arg0.getInvocationContext();HttpServletRequest request= (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST);? ? ? ? request.setCharacterEncoding("utf-8");? ? ? ??Map<String, Object> Parameters= actionContext.getParameters();String CHECKSQL = "[`~!@#$%^&*()+=|{}':;',\\[\\].<>/?~！@#￥%……&*（）——+|{}【】‘；：”“’。，、？]";Pattern p = Pattern.compile(CHECKSQL);boolean CHECKSQLCODE=false;for (Entry<String, Object> entity : Parameters.entrySet()) {String []value=(String[])entity.getValue();if(value!=null&&value.length>0&&StringUtils.isNotBlank(value[0])) {String decodeValue=URLDecoder.decode(URLDecoder.decode(value[0],"utf-8"),"utf-8");? ? Matcher m = p.matcher(decodeValue);if(m.find()) {CHECKSQLCODE=true;break;}}}if(!CHECKSQLCODE) {return arg0.invoke();}else {return null;?}}else{return "login";}}
public void destroy() {}
public void init() {}
}

轉(zhuǎn)載于:https://www.cnblogs.com/zhanchaohan/p/10278404.html

總結(jié)

以上是生活随笔為你收集整理的Struts2拦截SQL注入的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。