struts2 拦截器 拦截了jqgrid表格的url
项目中使用了 JQgrid用作表格展现。 其中的jquery 提交ajax方式
jQuery(document).ready(function() {
jQuery("#menulist").jqGrid( {
url :"menuAction_viewMenu.action",// 这里的url 断点不走方法
datatype : "json",
mtype : "post",
<package name="basePackage" extends="json-default">
<interceptors>
<interceptor name="keywordInterceptor" class="zyzy.common.interceptor.KeywordInterceptor"/>
<!-- 异常处理拦截器 -->
<interceptor name="exceptionInteceptor"
class="ExceptionInteceptor">
<param name="exceptionDisplay">exceptionDisplay</param>
</interceptor>
<!-- 定义异常拦截器栈 -->
<interceptor-stack name="exceptionStack">
<interceptor-ref name="defaultStack"></interceptor-ref>
<!-- <interceptor-ref name="exceptionInteceptor"></interceptor-ref> -->
<interceptor-ref name="keywordInterceptor">
</interceptor-ref>
</interceptor-stack>
</interceptors>
<!-- 定义默认拦截器 -->
<default-interceptor-ref name="exceptionStack" />
<!--定义全局输出结果 type="redirect" -->
<global-results>
<result name="info">/common/info.jsp</result>
<result name="timeOut">
/common/exception.jsp
</result>
<result name="exceptionDisplay">
/common/exception.jsp
</result>
</global-results>
<!-- 异常处理 -->
<global-exception-mappings>
<exception-mapping result="exceptionDisplay"
exception="zyzy.common.exception.BaseException">
</exception-mapping>
</global-exception-mappings>
public class KeywordInterceptor extends AbstractInterceptor{
private final static String [] KEYWORD_MYSQL = {"|",";","$","%","@","'"," ","<>","()","","//+","CR","LF",",",".","document","eval","or","and","exec ","call ","insert ","select ","delete ",
"exe","update ","master","truncate ","declare ","#","java",
"drop ","create ","<script","/script>","iframe"};
@SuppressWarnings({ "rawtypes", "unchecked" })
public String intercept(ActionInvocation actionInvocation) throws Exception {
Map params = actionInvocation.getInvocationContext().getParameters();
if(params.size() > 0){
Iterator iterator = params.entrySet().iterator();
String temp_str;
Map.Entry temp;
int zCount = 0;
boolean test = false;
Map tempMap = new HashMap();
while(iterator.hasNext()){
temp = (Map.Entry)iterator.next();
if(temp.getValue() instanceof String)
temp_str = temp.getValue().toString();
else
temp_str = ((Object [])temp.getValue())[0].toString();
if(temp_str != null && !"".equals(temp_str)){
for(String str : KEYWORD_MYSQL){
zCount = temp_str.indexOf(str);
if(zCount != -1){
//temp_str = temp_str.toLowerCase().replaceAll(str, "**");
temp_str = temp_str.toLowerCase().replaceAll(str, "");
test = true;
//System.out.println(temp_str+"aa");
}
}
}
if(test){
tempMap.put(temp.getKey(), temp_str);
test = false;
}else{
tempMap.put(temp.getKey(), temp.getValue());
}
//System.out.println(temp_str+"aa");
}
actionInvocation.getInvocationContext().setParameters(null);
actionInvocation.getInvocationContext().setParameters(tempMap);
}
return actionInvocation.invoke();
}
}
<!-- 定义全局配置文件 -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/classes/applicationContext.xml
</param-value>
</context-param>
<!-- 以过监听的得形式整合配置spring -->
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener
</listener-class>
</listener>
<!-- 防止内存泄露 -->
<listener>
<listener-class>
org.springframework.web.util.IntrospectorCleanupListener
</listener-class>
</listener>
<!-- 整合配置Struts过滤器 使用strut2默认的过滤器-->
<filter>
<filter-name>struts2</filter-name>
<filter-class>
org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
</filter-class>
</filter>
<!-- FilterDispatcher用来初始化Struts2并且处理所有的Web请求 -->
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>jsessionid</filter-name>
<filter-class>
zyzy.common.util.DisableUrlSessionFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>jsessionid</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>