HttpServletRequestWrapper

HttpServletRequestWrapper

我的要求是解密通过我自己的算法加密的请求主体


我尝试扩展HttpServletRequestWrapper并将新请求传递给doFilter。但是getInputStreamgetReader均未调用,因此无法将请求主体解密为plainText。

首先在web.xml中设置EncryptFilter的顺序。

我使用的URL是POST / user / add

这是我的代码

HttpServletRequestWrapper的子类:

class ResettableStreamHttpServletRequest extends
        HttpServletRequestWrapper {

    private byte[] rawData;
    private HttpServletRequest request;
    private ResettableServletInputStream servletStream;

    public ResettableStreamHttpServletRequest(HttpServletRequest request) {
        super(request);
        this.request = request;
        this.servletStream = new ResettableServletInputStream();
    }


    public void resetInputStream(byte[] data) {
        servletStream.stream = new ByteArrayInputStream(data);
    }

    @Override
    public ServletInputStream getInputStream() throws IOException {
        if (rawData == null) {
            rawData = IOUtils.toByteArray(this.request.getReader());
            servletStream.stream = new ByteArrayInputStream(rawData);
        }
        return servletStream;
    }

    @Override
    public BufferedReader getReader() throws IOException {
        if (rawData == null) {
            rawData = IOUtils.toByteArray(this.request.getReader());
            servletStream.stream = new ByteArrayInputStream(rawData);
        }
        return new BufferedReader(new InputStreamReader(servletStream));
    }


    private class ResettableServletInputStream extends ServletInputStream {

        private InputStream stream;

        @Override
        public int read() throws IOException {
            return stream.read();
        }
    }
}


doFilter相关代码:

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        ServletRequest newRequest = new ResettableStreamHttpServletRequest((HttpServletRequest) request);
        ServletResponse newResponse = new EncryptedResponseWrapper((HttpServletResponse) response);

        String body = IOUtils.toString(newRequest.getInputStream());
        String plainText = crypt.decrypt(body);
        LOGGER.debug(plainText);
        ((ResettableStreamHttpServletRequest) newRequest).resetInputStream(plainText.getBytes("UTF-8"));

        chain.doFilter(newRequest, newResponse);

        if (((EncryptedResponseWrapper) newResponse).getStatus() != HttpStatus.OK.value()) {
            response.getWriter().write(newResponse.toString());
            return;
        }

        String text = newResponse.toString();
        if (text != null) {
            String respPlainText = newResponse.toString();
            LOGGER.debug(respPlainText);
            String encrypted = crypt.encrypt(respPlainText);
            response.getWriter().write(encrypted);
        }
    }


web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         version="3.1">
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:spring.xml</param-value>
    </context-param>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <absolute-ordering>
        <name>EncryptFilter</name>
        <name>encodingFilter</name>
    </absolute-ordering>

    <filter>
        <filter-name>EncryptFilter</filter-name>
        <filter-class>com.yuexunit.micro.filter.EncryptFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>EncryptFilter</filter-name>
        <url-pattern>/user/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>encodingFilter</filter-name>
        <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
        <init-param>
            <param-name>encoding</param-name>
            <param-value>UTF-8</param-value>
        </init-param>
        <init-param>
            <param-name>forceEncoding</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>encodingFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <servlet>
        <servlet-name>dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>dispatcher</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
</web-app>

最佳答案

我使用这种方法来转储请求以解决错误,但是由于您使用getReader()将请求另存为字节数组时,使用的是默认的机器编码,因此我陷入了错误。不遵守请求的字符集。

在我的情况下,客户端执行了POST,其有效负载使用UTF-8编码,但是我的后端恰好在Windows机器上,其编码为CP-1252。您的过滤器有效地接收UTF-8请求,将其转换为CP-1252,随后的所有过滤器都会看到该请求。就我而言,我有一个REST控制器,期望接收该字符串(JSON),因此出现“ 400 Bad Request”错误。

固定解决方案围绕以下几行(尚未尝试过!):

class ResettableStreamHttpServletRequest extends HttpServletRequestWrapper {
    private byte[] rawData;
    private HttpServletRequest request;
    private ResettableServletInputStream servletStream;

    ResettableStreamHttpServletRequest(HttpServletRequest request) {
        super(request);
        this.request = request;
        this.servletStream = new ResettableServletInputStream();
    }

    void resetInputStream() {
        servletStream.stream = new ByteArrayInputStream(rawData);
    }

    @Override
    public ServletInputStream getInputStream() throws IOException {
        if (rawData == null) {
            rawData = IOUtils.toByteArray(this.request.getInputStream());
            servletStream.stream = new ByteArrayInputStream(rawData);
        }
        return servletStream;
    }

    @Override
    public BufferedReader getReader() throws IOException {
        if (rawData == null) {
            rawData = IOUtils.toByteArray(this.request.getInputStream());
            servletStream.stream = new ByteArrayInputStream(rawData);
        }
        String encoding = getCharacterEncoding();
        if (encoding != null) {
            return new BufferedReader(new InputStreamReader(servletStream, encoding));
        } else {
            return new BufferedReader(new InputStreamReader(servletStream));
        }
    }

    private class ResettableServletInputStream extends ServletInputStream {
        private InputStream stream;

        @Override
        public int read() throws IOException {
            return stream.read();
        }
    }
}

09-28 07:49