diff --git a/sample-bootstrap/src/main/java/com/usthe/sureness/sample/bootstrap/SurenessFilterExample.java b/sample-bootstrap/src/main/java/com/usthe/sureness/sample/bootstrap/SurenessFilterExample.java
index ffc2ca9692d6551a3cf9be23b6161081622b7d9d..103d8d563a9971b39ce9ebe41ed3d154774052d3 100644
--- a/sample-bootstrap/src/main/java/com/usthe/sureness/sample/bootstrap/SurenessFilterExample.java
+++ b/sample-bootstrap/src/main/java/com/usthe/sureness/sample/bootstrap/SurenessFilterExample.java
@@ -3,6 +3,7 @@ package com.usthe.sureness.sample.bootstrap;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.usthe.sureness.mgt.SurenessSecurityManager;
 import com.usthe.sureness.processor.exception.*;
+import com.usthe.sureness.security.XssSqlServletRequestWrapper;
 import com.usthe.sureness.subject.SubjectSum;
 import com.usthe.sureness.util.SurenessContextHolder;
 import org.slf4j.Logger;
@@ -18,6 +19,7 @@ import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.PrintWriter;
@@ -52,8 +54,10 @@ public class SurenessFilterExample implements Filter {
     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
             throws IOException, ServletException {
 
+        XssSqlServletRequestWrapper requestWrapper = new XssSqlServletRequestWrapper((HttpServletRequest) servletRequest);
+
         try {
-            SubjectSum subject = SurenessSecurityManager.getInstance().checkIn(servletRequest);
+            SubjectSum subject = SurenessSecurityManager.getInstance().checkIn(requestWrapper);
             // You can consider using SurenessContextHolder to bind subject in threadLocal
             // if bind, please remove it when end
             if (subject != null) {
@@ -93,7 +97,7 @@ public class SurenessFilterExample implements Filter {
         }
         try {
             // if ok, doFilter and add subject in request
-            filterChain.doFilter(servletRequest, servletResponse);
+            filterChain.doFilter(requestWrapper, servletResponse);
         } finally {
             int statusCode = ((HttpServletResponse) servletResponse).getStatus();
             String upgrade = ((HttpServletResponse) servletResponse).getHeader(UPGRADE);