Skip to content
Create a gist now

Instantly share code, notes, and snippets.

Embed URL


Subversion checkout URL

You can clone with
Download ZIP
Improved workaround for struts exploit
public class ParamFilter implements Filter {
private Pattern pattern;
public void init(FilterConfig filterConfig) throws ServletException {
pattern = Pattern.compile(filterConfig.getInitParameter("excludeParams"));
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
chain.doFilter(new ParamFilteredRequest(request, pattern), response);
public void destroy() {
/** */
private static class ParamFilteredRequest extends HttpServletRequestWrapper {
private final Pattern pattern;
public ParamFilteredRequest(ServletRequest request, Pattern pattern) {
this.pattern = pattern;
public Enumeration<String> getParameterNames() {
List<String> requestParameterNames = Collections.list(super.getParameterNames());
List<String> finalParameterNames = new ArrayList<>();
for (String parameterName: requestParameterNames) {
if (!pattern.matcher(parameterName).matches()) {
return Collections.enumeration(finalParameterNames);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.