亲宝软件园·资讯

展开

使用filter对request body参数进行校验

Jordan csdn 人气:4

使用filter对request body参数进行校验

@Slf4j
public class ParameterCheckServletRequestWrapper extends HttpServletRequestWrapper {
    private byte[] requestBody;
    private Charset charSet;
    public ParameterCheckServletRequestWrapper(HttpServletRequest request) {
        super(request);
        //缓存请求body
        try {
            String requestBodyStr = getRequestPostStr(request);
            if (StringUtils.isNotBlank(requestBodyStr)) {
                JSONObject resultJson = JSONObject.fromObject(requestBodyStr.replace("\"", "'"));
                Object[] obj = resultJson.keySet().toArray();
                for (Object o : obj) {
                    resultJson.put(o, StringUtils.trimToNull(resultJson.get(o).toString()));
                }
                requestBody = resultJson.toString().getBytes(charSet);
            } else {
                requestBody = new byte[0];
            }
        } catch (IOException e) {
            log.error("", e);
        }
    }
    public String getRequestPostStr(HttpServletRequest request)
            throws IOException {
        String charSetStr = request.getCharacterEncoding();
        if (charSetStr == null) {
            charSetStr = "UTF-8";
        }
        charSet = Charset.forName(charSetStr);
        return StreamUtils.copyToString(request.getInputStream(), charSet);
    }
    /**
     * 重写 getInputStream()
     */
    @Override
    public ServletInputStream getInputStream() {
        if (requestBody == null) {
            requestBody = new byte[0];
        }
        final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(requestBody);
        return new ServletInputStream() {
            @Override
            public boolean isFinished() {
                return false;
            }
            @Override
            public boolean isReady() {
                return false;
            }
            @Override
            public void setReadListener(ReadListener readListener) {
            }
            @Override
            public int read() {
                return byteArrayInputStream.read();
            }
        };
    }
    /**
     * 重写 getReader()
     */
    @Override
    public BufferedReader getReader() {
        return new BufferedReader(new InputStreamReader(getInputStream()));
    }
}
public class ParameterCheckFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        ParameterCheckServletRequestWrapper myWrapper = new ParameterCheckServletRequestWrapper((HttpServletRequest) servletRequest);
        filterChain.doFilter(myWrapper, servletResponse);
    }
    @Override
    public void destroy() {
    }
}
@Configuration
public class FilterConfig {
    @Bean
    public FilterRegistrationBean authFilterRegistrationBean() {
        FilterRegistrationBean<Filter> registrationBean = new FilterRegistrationBean<>();
        registrationBean.setName("parameterCheckFilter");
        registrationBean.setFilter(new ParameterCheckFilter());
        registrationBean.setOrder(1);
        registrationBean.addUrlPatterns("/*");
        return registrationBean;
    }
}

通过filter修改body参数的思路

知识点

1、HttpServletRequestWrapper

2、filter

步骤

1、新建MyHttpServletRequestWrapper继承HttpServletRequestWrapper

2、讲传入的body赋值给自己的body(如下)

package com.orisdom.modules.common.filter;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.orisdom.modules.monitor.dto.input.MonitorPointQueryPara;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
/**
 * @author xiaokang
 * @description
 * @date 2021/6/11 10:56
 */
public class MyHttpServletRequestWrapper extends HttpServletRequestWrapper {
    private String tempBody;
    public MyHttpServletRequestWrapper(HttpServletRequest request) {
        super(request);
        this.tempBody = getBody(request);
        System.out.println(tempBody);
    }
    /**
     * 获取请求体
     * @param request 请求
     * @return 请求体
     */
    private String getBody(HttpServletRequest request) {
        try {
            ServletInputStream stream = request.getInputStream();
            String read = "";
            StringBuilder stringBuilder = new StringBuilder();
            byte[] b = new byte[1024];
            int lens = -1;
            while ((lens = stream.read(b)) > 0) {
                stringBuilder.append(new String(b, 0, lens));
            }
            return stringBuilder.toString();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
    /**
     * 获取请求体
     * @return 请求体
     */
    public String getBody() {
        MonitorPointQueryPara para = JSON.parseObject(tempBody, MonitorPointQueryPara.class);
        para.setName("1232321321");
        tempBody = JSONObject.toJSONString(para);
        return tempBody;
    }
    /**
     * 需要重写这个方法
     * @return
     * @throws IOException
     */
    @Override
    public BufferedReader getReader() throws IOException {
        return new BufferedReader(new InputStreamReader(getInputStream()));
    }
    /**
     * 需要重写这个方法
     * @return
     * @throws IOException
     */
    @Override
    public ServletInputStream getInputStream() throws IOException {
        // 创建字节数组输入流
        final ByteArrayInputStream bais = new ByteArrayInputStream(tempBody.getBytes(Charset.defaultCharset()));
        return new ServletInputStream() {
            @Override
            public boolean isFinished() {
                return false;
            }
            @Override
            public boolean isReady() {
                return false;
            }
            @Override
            public void setReadListener(ReadListener readListener) {
            }
            @Override
            public int read() throws IOException {
                return bais.read();
            }
        };
    }
}

1.新建MyFilter 继承 Filter

2.添加@WebFilter注解

3.启动类添加@ServletComponentScan(如下)

package com.orisdom.modules.common.filter;
import org.springframework.core.annotation.Order;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
/**
 * @author xiaokang
 * @description
 * @date 2021/6/11 9:47
 */
@WebFilter
public class MyFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    
        MyHttpServletRequestWrapper myHttpServletRequestWrapper = new MyHttpServletRequestWrapper((HttpServletRequest) servletRequest);
     // 相当于赋值
        myHttpServletRequestWrapper.getBody();
     // 自己定义的MyHttpServletRequestWrapper
        filterChain.doFilter(myHttpServletRequestWrapper, servletResponse);
        System.out.println(11111111);
    }
    @Override
    public void destroy() {
    }
}

没加之前

加了之后

以上为个人经验,希望能给大家一个参考,也希望大家多多支持。

加载全部内容

相关教程
猜你喜欢
用户评论