关于javaweb项目的乱码问题
各位大神好,小弟在做javaweb项目开发的时候,通过在web.xml文件中通过添加以下代码:<filter><filter-name>encodingFilter</f...
各位大神好,小弟在做javaweb项目开发的时候,通过在web.xml文件中通过添加以下代码:
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>com.asiainfo.biframe.servlet.SetCharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
<init-param>
<param-name>ignore</param-name>
<param-value>true</param-value>
</init-param>
</filter>
实现了中中文乱码的问题,但是现在问题来了,在接下来的工作中我要防止CSRF等一些攻击,故在web.xml文件中又添加了这些配置文件:
<!-- 信息安全审核 -->
<!--
<filter>
<filter-name>XSSFilter</filter-name>
<filter-class>com.asiainfo.biapp.vgop.security.XSSSecurityFilter</filter-class>
<init-param>
<param-name>securityconfig</param-name>
<param-value>/WEB-INF/classes/config/aibi_ctp/xss_security_config.xml</param-value>
</init-param>
</filter>
<filter>
<filter-name>cookieFilter</filter-name>
<filter-class>com.asiainfo.biapp.vgop.security.CookieFilter</filter-class>
</filter>
<filter>
<filter-name>CSRFSecurityFilter</filter-name>
<filter-class>com.asiainfo.biapp.vgop.security.CSRFSecurityFilter</filter-class>
<init-param>
<param-name>securityconfig</param-name>
<param-value>/WEB-INF/classes/config/aibi_ctp/csrf-security-config.xml</param-value>
</init-param>
</filter>
-->
<!-- 拦截请求类型 -->
<!--
<filter-mapping>
<filter-name>XSSFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>XSSFilter</filter-name>
<url-pattern>*.ai2do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>cookieFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CSRFSecurityFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CSRFSecurityFilter</filter-name>
<url-pattern>*.ai2do</url-pattern>
</filter-mapping>
-->
然后就出现了乱码,把这些过滤器去掉,又不乱码了,实在是没想明白是怎么回事,还请大神们给予指导,谢谢! 展开
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>com.asiainfo.biframe.servlet.SetCharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
<init-param>
<param-name>ignore</param-name>
<param-value>true</param-value>
</init-param>
</filter>
实现了中中文乱码的问题,但是现在问题来了,在接下来的工作中我要防止CSRF等一些攻击,故在web.xml文件中又添加了这些配置文件:
<!-- 信息安全审核 -->
<!--
<filter>
<filter-name>XSSFilter</filter-name>
<filter-class>com.asiainfo.biapp.vgop.security.XSSSecurityFilter</filter-class>
<init-param>
<param-name>securityconfig</param-name>
<param-value>/WEB-INF/classes/config/aibi_ctp/xss_security_config.xml</param-value>
</init-param>
</filter>
<filter>
<filter-name>cookieFilter</filter-name>
<filter-class>com.asiainfo.biapp.vgop.security.CookieFilter</filter-class>
</filter>
<filter>
<filter-name>CSRFSecurityFilter</filter-name>
<filter-class>com.asiainfo.biapp.vgop.security.CSRFSecurityFilter</filter-class>
<init-param>
<param-name>securityconfig</param-name>
<param-value>/WEB-INF/classes/config/aibi_ctp/csrf-security-config.xml</param-value>
</init-param>
</filter>
-->
<!-- 拦截请求类型 -->
<!--
<filter-mapping>
<filter-name>XSSFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>XSSFilter</filter-name>
<url-pattern>*.ai2do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>cookieFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CSRFSecurityFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CSRFSecurityFilter</filter-name>
<url-pattern>*.ai2do</url-pattern>
</filter-mapping>
-->
然后就出现了乱码,把这些过滤器去掉,又不乱码了,实在是没想明白是怎么回事,还请大神们给予指导,谢谢! 展开
1个回答
展开全部
把你的乱码过滤器的filter配置在安全审核filter的前面 filter的执行顺序会按照web.xml里配置的顺序进行 如果先进行安全审核的filter, 安全审核的filter从request里获得了数据 那么之后在乱码过滤的filter里在设置正确的编码仍然是乱码
追问
在实际的web.xml文件中我的确是把乱码的过滤器放在了最前面的呀
追答
能把你出现乱码时的web.xml配置发出来看下吗 是这样的 filter执行的先后顺序是按照url-pattern标签的顺序来的, 而不是定义这个filter的标签的数序 , 所以如果是这样嵌套的结构:
filter-name1
/filter-name1
filter-name2
/filter-name2
url-pattern2
/url-pattern2
url-pattern1
/url-pattern1
其实是2先执行 然后执行1
本回答由提问者推荐
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询
