過濾的訪問順序是 webxml中的順序
web.xml的配置
<filter>
<filter-name>defaultFilter</filter-name>
<filter-class>com.buaa.nstri.common.filter.DefaultFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>defaultFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 攔截不讓.jsp的url請求通過 -->
<filter>
<filter-name>JspFilter</filter-name>
<filter-class>com.buaa.nstri.common.filter.JspFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>JspFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<!-- 設置request的編碼格式utf-8 -->
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- XssSqlFilter:xss攻擊校驗過濾器 -->
<filter>
<filter-name>XssSqlFilter</filter-name>
<filter-class>com.buaa.nstri.common.filter.XssFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>XssSqlFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
輸出爲
default
XSS
jsp不顯示是因爲 url-pattern的不匹配