I'm wondering if there is a way to push tomcat requests through a custom class easily (e.g without having to heavily modify the codebase) to do things like running a regex to check for XSS and SQL Injection attacks and deny them/sanitize them based on this knowledge.
Thanks
Of course - use a Filter:
http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=java+xss+filter http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=java+servlet+filter