写了一个filter,原始request用HttpServletRequestWrapper包装了一下,但是发现HttpServletRequestWrapper的getInputStream和getReader都没有被调用,导致数据到了controller依旧是加密状态,请问大神这个是什么原因!
在网上找到类似代码,望大神解答! https://segmentfault.com/q/1010000004149031
HttpServletRequestWrapper中方法未调用 @Controller获取仍为原数据
- 写回答
- 好问题 0 提建议
- 追加酬金
- 关注问题
分享- 邀请回答
-
1条回答 默认 最新
devmiao 2016-08-08 00:12关注一般我们会在InterceptorAdapter拦截器中对请求的token进行验证
如果是content-type 是 application/x-www-form-urlencoded 则没有什么问题如果我们的接口是用@RequestBody来接受数据,那么我们在拦截器中验证token时
需要读取request的输入流 ,因为 ServletRequest中getReader()和getInputStream()只能调用一次
这样就会导致controller 无法拿到数据。
解决方法 :
自定义一个类 BodyReaderHttpServletRequestWrapper.java
[java] view plain copy 在CODE上查看代码片派生到我的代码片
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.StringTokenizer;import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;import com.microdata.core.util.Encodes;
public class BodyReaderHttpServletRequestWrapper extends HttpServletRequestWrapper {
private Map paramsMap;@Override public Map getParameterMap() { return paramsMap; } @Override public String getParameter(String name) {// 重写getParameter,代表参数从当前类中的map获取 String[] values = paramsMap.get(name); if (values == null || values.length == 0) { return null; } return values[0]; } @Override public String[] getParameterValues(String name) {// 同上 return paramsMap.get(name); } @Override public Enumeration getParameterNames() { return Collections.enumeration(paramsMap.keySet()); } private String getRequestBody(InputStream stream) { String line = ""; StringBuilder body = new StringBuilder(); int counter = 0; // 读取POST提交的数据内容 BufferedReader reader = new BufferedReader(new InputStreamReader(stream)); try { while ((line = reader.readLine()) != null) { if (counter > 0) { body.append("rn"); } body.append(line); counter++; } } catch (IOException e) { e.printStackTrace(); } return body.toString(); } private HashMap<String, String[]> getParamMapFromPost(HttpServletRequest request) { String body = ""; try { body = getRequestBody(request.getInputStream()); } catch (IOException e) { e.printStackTrace(); } HashMap<String, String[]> result = new HashMap<String, String[]>(); if (null == body || 0 == body.length()) { return result; } return parseQueryString(body); } // 自定义解码函数 private String decodeValue(String value) { if (value.contains("%u")) { return Encodes.urlDecode(value); } else { try { return URLDecoder.decode(value, "UTF-8"); } catch (UnsupportedEncodingException e) { return "";// 非UTF-8编码 } } } public HashMap<String, String[]> parseQueryString(String s) { String valArray[] = null; if (s == null) { throw new IllegalArgumentException(); } HashMap<String, String[]> ht = new HashMap<String, String[]>(); StringTokenizer st = new StringTokenizer(s, "&"); while (st.hasMoreTokens()) { String pair = (String) st.nextToken(); int pos = pair.indexOf('='); if (pos == -1) { continue; } String key = pair.substring(0, pos); String val = pair.substring(pos + 1, pair.length()); if (ht.containsKey(key)) { String oldVals[] = (String[]) ht.get(key); valArray = new String[oldVals.length + 1]; for (int i = 0; i < oldVals.length; i++) { valArray[i] = oldVals[i]; } valArray[oldVals.length] = decodeValue(val); } else { valArray = new String[1]; valArray[0] = decodeValue(val); } ht.put(key, valArray); } return ht; } private Map<String, String[]> getParamMapFromGet(HttpServletRequest request) { return parseQueryString(request.getQueryString()); } private final byte[] body; // 报文 public BodyReaderHttpServletRequestWrapper(HttpServletRequest request) throws IOException { super(request); body = readBytes(request.getInputStream()); // 首先从POST中获取数据 if ("POST".equals(request.getMethod().toUpperCase())) { paramsMap = getParamMapFromPost(this); } else { paramsMap = getParamMapFromGet(this); } } @Override public BufferedReader getReader() throws IOException { return new BufferedReader(new InputStreamReader(getInputStream())); } @Override public ServletInputStream getInputStream() throws IOException { final ByteArrayInputStream bais = new ByteArrayInputStream(body); return new ServletInputStream() { @Override public int read() throws IOException { return bais.read(); } @Override public boolean isFinished() { return false; } @Override public boolean isReady() { return false; } @Override public void setReadListener(ReadListener arg0) { } }; } private static byte[] readBytes(InputStream in) throws IOException { BufferedInputStream bufin = new BufferedInputStream(in); int buffSize = 1024; ByteArrayOutputStream out = new ByteArrayOutputStream(buffSize); byte[] temp = new byte[buffSize]; int size = 0; while ((size = bufin.read(temp)) != -1) { out.write(temp, 0, size); } bufin.close(); byte[] content = out.toByteArray(); return content; }}
自定义Filter HttpServletRequestReplacedFilter.java
[java] view plain copy 在CODE上查看代码片派生到我的代码片
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;import com.microdata.core.request.BodyReaderHttpServletRequestWrapper;
public class HttpServletRequestReplacedFilter implements Filter {
@Override
public void destroy() {} @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { ServletRequest requestWrapper = null; if (request instanceof HttpServletRequest) { HttpServletRequest httpServletRequest = (HttpServletRequest) request; if ("POST".equals(httpServletRequest.getMethod().toUpperCase()) && httpServletRequest.getContentType().equalsIgnoreCase( "application/json; charset=utf-8")) { requestWrapper = new BodyReaderHttpServletRequestWrapper( (HttpServletRequest) request); } } if (requestWrapper == null) { chain.doFilter(request, response); } else { chain.doFilter(requestWrapper, response); } } @Override public void init(FilterConfig arg0) throws ServletException { }}
在web.xml 配置
[html] view plain copy 在CODE上查看代码片派生到我的代码片
HttpServletRequestReplacedFilter
com.microdata.core.filter.HttpServletRequestReplacedFilter
encoding
utf-8
HttpServletRequestReplacedFilter
/*Encodes 类
[html] view plain copy 在CODE上查看代码片派生到我的代码片
package com.microdata.core.util;import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.StringEscapeUtils;/**
- 封装各种格式的编码解码工具类.
- 1.Commons-Codec的 hex/base64 编码
- 2.自制的base62 编码
- 3.Commons-Lang的xml/html escape
- 4.JDK提供的URLEncoder
-
*/
public class Encodes {private static final String DEFAULT_URL_ENCODING = "UTF-8";
private static final char[] BASE62 = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz".toCharArray();/**
- Hex编码.
*/
public static String encodeHex(byte[] input) {
return Hex.encodeHexString(input);
}
/**
- Hex解码.
*/
public static byte[] decodeHex(String input) {
try {
return Hex.decodeHex(input.toCharArray());
} catch (DecoderException e) {
throw Exceptions.unchecked(e);
}
}
/**
- Base64编码.
*/
public static String encodeBase64(byte[] input) {
return Base64.encodeBase64String(input);
}
/**
- Base64编码, URL安全(将Base64中的URL非法字符'+'和'/'转为'-'和'_', 见RFC3548).
*/
public static String encodeUrlSafeBase64(byte[] input) {
return Base64.encodeBase64URLSafeString(input);
}
/**
- Base64解码.
*/
public static byte[] decodeBase64(String input) {
return Base64.decodeBase64(input);
}
/**
- Base62编码。
*/
public static String encodeBase62(byte[] input) {
char[] chars = new char[input.length];
for (int i = 0; i < input.length; i++) {
chars[i] = BASE62[(input[i] & 0xFF) % BASE62.length];
}
return new String(chars);
}
/**
- Html 转码.
*/
public static String escapeHtml(String html) {
return StringEscapeUtils.escapeHtml4(html);
}
/**
- Html 解码.
*/
public static String unescapeHtml(String htmlEscaped) {
return StringEscapeUtils.unescapeHtml4(htmlEscaped);
}
/**
- Xml 转码.
*/
public static String escapeXml(String xml) {
return StringEscapeUtils.escapeXml(xml);
}
/**
- Xml 解码.
*/
public static String unescapeXml(String xmlEscaped) {
return StringEscapeUtils.unescapeXml(xmlEscaped);
}
/**
- URL 编码, Encode默认为UTF-8.
*/
public static String urlEncode(String part) {
try {
return URLEncoder.encode(part, DEFAULT_URL_ENCODING);
} catch (UnsupportedEncodingException e) {
throw Exceptions.unchecked(e);
}
}
/**
- URL 解码, Encode默认为UTF-8.
*/
public static String urlDecode(String part) {
try {
return URLDecoder.decode(part, DEFAULT_URL_ENCODING);
} catch (UnsupportedEncodingException e) {
throw Exceptions.unchecked(e);
}
}
}
- Hex编码.
解决 无用评论 打赏举报 分享- 封装各种格式的编码解码工具类.
- 2022-05-09 11:32
springboot项目,重写了HttpServletRequestWrapper,controller能读取不到x-www-form-urlencoded格式的数据
java
spring boot
回答 2 已采纳 如果只有你说的这点东西,不会出现这个问题 - 2010-05-17 23:22回答 5 已采纳 [color=blue][b]不是吧,至少一个少一个isRequestedSessionIdFromUrl() 的错误啊。应为在自己的实现中,没有调用覆盖的方法啊。[/b][/color]
- 2023-03-25 18:20回答 1 已采纳 参考GPT和自己的思路:你的代码是实现一个自定义的HttpServletRequestWrapper,用于在setAttrubute()方法中对传入的参数进行XSS处理。具体来说,stripXSS()
- 2022-12-14 15:26LuckyTHP的博客 于是,有必要将拦截器中的流数据保存下来,以便controller获取到数据。 1 自定义 RequestWrapper子类 继承 HttpServletRequestWrapper类,封装HttpServletRequest请求 登录后复制 import javax.servlet.ReadListener...
- 2008-09-09 16:08回答 1 已采纳 应该这样写: [code="java"] public ActionForward login(ActionMapping mapping, ActionForm form,
- 2023-01-28 17:51回答 3 已采纳 包冲突了。看看这个文章:https://blog.csdn.net/qq_14861089/article/details/122129722
- 2021-11-03 20:54回答 1 已采纳 HttpServletRequest获取参数(重要)1 HttpServletRequest获取参数方法可以使用HttpServletRequest获取客户端的请求参数,相关方法如下: String
- 2022-04-29 17:41分享心得的博客 } } controller的方法中使用 /** * 根据ID查询单条记录 * * @param id id * @return */ @PostMapping("/findById") public RetResult<RewardInfo> findById(@RequestSingleBody @NotNull(message="id不能为空") ...
- 2020-03-04 11:59回答 1 已采纳 jar依赖是否有加,是否有冲突?调整依赖顺序,是否在classpath下? ``` org.elasticsearch elasticsearch 7.0.
- 2019-06-26 11:50回答 3 已采纳 此问题已经解决了,版本冲突的问题,boot2.1.3对应的autoconfigure包是2.1.6
- 2013-08-02 17:20回答 4 已采纳 There was some page exception been thrown in loginbody.jsp; the request is been forwarded to error.j
- 2022-03-06 20:13philpy_used的博客 核心:javax.servlet.http.HttpServletRequestWrapper WebMvcConfig: @Configuration public class WebMvcConfig implements WebMvcConfigurer { @Override public void addInterceptors(InterceptorRegistry ...
- 2012-02-05 13:19回答 1 已采纳 循环啊。。 do{}while(boolean); 和while(){}基本一样,只不过先执行一遍在判断
- 2021-03-16 09:48AlbenXie的博客 0 背景 拦截器被用来获取用户的请求日志,好处...但是,当在项目中使用拦截器获取到请求参数后,发现controller中@RequestBody注解获取不到参数了。多番查阅发现,Spring中的request.getInputStream()和request....
- 2019-04-20 16:20浮生夢的博客 原因:那是因为流对应的是数据,数据放在内存中,有的是部分放在内存中。read 一次标记一次当前位置(mark position),第二次read就从标记位置继续读(从内存中copy)数据。 所以这就是为什么读了一次第二次是空了...
- 2019-06-14 10:40lockie_zou的博客 SpringBoot项目,有个需求就是要加一个拦截器和过滤器,在拦截器中我需要获取到前端传过来的json数据进行签名校验,按照常理来说,获取请求body中的参数就可以,方法写好后,在拦截器中也读取到了body请求参数。...
- 2021-03-15 14:55面试北楚的博客 SpringBoot 拦截器获取http请求参数—— 所有骚操作基础目录SpringBoot 拦截器获取http...ServletInputStream(CoyoteInputStream) 输入流无法重复调用自定义 HttpServletRequestWrapper总结一下 展望一下获取http请...
- 2017-02-06 15:18NPPPNHHH的博客 一般我们会在InterceptorAdapter拦截器中对请求的token进行验证 ...如果我们的接口是用@RequestBody来接受数据,那么我们在拦截器中验证token时 需要读取request的输入流 ,因为 ServletRequest中getReader()
- 2021-03-06 14:13IT蓝月的博客 只需要在控制器的方法参数定义HttpServletRequest和HttpServletResponse对象即可 package com.lanyue.Controller; import org.springframework.stereotype.Controller; import org.springframework.web.bind....
- 2019-11-29 16:37不两立的博客 上一篇:SSM拦截器校验JSON数据(2) -- 从Request中获取json格式数据 创建AccountWrapper继承HttpServletRequestWrapper HttpServletRequestWrapper介绍 package sinosoft.project.sso.utils.wrapper; ...
- 没有解决我的问题, 去提问
悬赏问题
- ¥15 ETLCloud 处理json多层级问题
- ¥15 matlab中使用gurobi时报错
- ¥15 这个主板怎么能扩出一两个sata口
- ¥15 不是,这到底错哪儿了😭
- ¥15 2020长安杯与连接网探
- ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
- ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
- ¥16 mybatis的代理对象无法通过@Autowired装填
- ¥15 可见光定位matlab仿真
- ¥15 arduino 四自由度机械臂