Specifying a validation filter for all input in your web.xml
allows you to scrub all your HTTP parameters in one central place. To do
so, you'll need to define a validator, and a filtering class that uses it, then set up the filter's use in web.xml
.
public class ValidatingHttpRequest extends HttpServletRequestWrapper { // ... } public class ValidationFilter implements javax.servlet.Filter { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) { chain.doFilter(new ValidatingHttpRequest( (HttpServletRequest)request ), response); } }
and
<filter> <filter-name>ValidationFilter</filter-name> <filter-class>com.myco.servlet.ValidationFilter</filter-class> </filter> <filter-mapping> <filter-name>ValidationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>