Specifying a validation filter for all input in your web.xml allows you to scrub all your HTTP parameters in one central place. To do so, you'll need to define a validator, and a filtering class that uses it, then set up the filter's use in web.xml.

Compliant Solution

public class ValidatingHttpRequest extends HttpServletRequestWrapper {
  // ...
}

public class ValidationFilter implements javax.servlet.Filter {
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) {
    chain.doFilter(new ValidatingHttpRequest( (HttpServletRequest)request ), response);
  }
}

and

  <filter>
     <filter-name>ValidationFilter</filter-name>
     <filter-class>com.myco.servlet.ValidationFilter</filter-class>
  </filter>

  <filter-mapping>
     <filter-name>ValidationFilter</filter-name>
     <url-pattern>/*</url-pattern>
  </filter-mapping>

See