HttpServletRequestWrapper在Spring 4下无法运行

时间:2015-12-15 03:15:44

标签: java spring servlet-filters servlet-3.0

我的要求是解密由我自己的算法加密的请求体 。

我尝试扩展HttpServletRequestWrapper并将新请求传递给doFilter。但是getInputStreamgetReader都没有被调用,因此无法将请求体解密为plainText。

EncryptFilter的顺序首先在web.xml中设置。

我使用的网址是POST / user / add

这是我的代码

HttpServletRequestWrapper的子类:

class ResettableStreamHttpServletRequest extends
        HttpServletRequestWrapper {

    private byte[] rawData;
    private HttpServletRequest request;
    private ResettableServletInputStream servletStream;

    public ResettableStreamHttpServletRequest(HttpServletRequest request) {
        super(request);
        this.request = request;
        this.servletStream = new ResettableServletInputStream();
    }


    public void resetInputStream(byte[] data) {
        servletStream.stream = new ByteArrayInputStream(data);
    }

    @Override
    public ServletInputStream getInputStream() throws IOException {
        if (rawData == null) {
            rawData = IOUtils.toByteArray(this.request.getReader());
            servletStream.stream = new ByteArrayInputStream(rawData);
        }
        return servletStream;
    }

    @Override
    public BufferedReader getReader() throws IOException {
        if (rawData == null) {
            rawData = IOUtils.toByteArray(this.request.getReader());
            servletStream.stream = new ByteArrayInputStream(rawData);
        }
        return new BufferedReader(new InputStreamReader(servletStream));
    }


    private class ResettableServletInputStream extends ServletInputStream {

        private InputStream stream;

        @Override
        public int read() throws IOException {
            return stream.read();
        }
    }
}

doFilter相关代码:

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        ServletRequest newRequest = new ResettableStreamHttpServletRequest((HttpServletRequest) request);
        ServletResponse newResponse = new EncryptedResponseWrapper((HttpServletResponse) response);

        String body = IOUtils.toString(newRequest.getInputStream());
        String plainText = crypt.decrypt(body);
        LOGGER.debug(plainText);
        ((ResettableStreamHttpServletRequest) newRequest).resetInputStream(plainText.getBytes("UTF-8"));

        chain.doFilter(newRequest, newResponse);

        if (((EncryptedResponseWrapper) newResponse).getStatus() != HttpStatus.OK.value()) {
            response.getWriter().write(newResponse.toString());
            return;
        }

        String text = newResponse.toString();
        if (text != null) {
            String respPlainText = newResponse.toString();
            LOGGER.debug(respPlainText);
            String encrypted = crypt.encrypt(respPlainText);
            response.getWriter().write(encrypted);
        }
    }

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         version="3.1">
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:spring.xml</param-value>
    </context-param>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <absolute-ordering>
        <name>EncryptFilter</name>
        <name>encodingFilter</name>
    </absolute-ordering>

    <filter>
        <filter-name>EncryptFilter</filter-name>
        <filter-class>com.yuexunit.micro.filter.EncryptFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>EncryptFilter</filter-name>
        <url-pattern>/user/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>encodingFilter</filter-name>
        <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
        <init-param>
            <param-name>encoding</param-name>
            <param-value>UTF-8</param-value>
        </init-param>
        <init-param>
            <param-name>forceEncoding</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>encodingFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <servlet>
        <servlet-name>dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>dispatcher</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
</web-app>

1 个答案:

答案 0 :(得分:0)

我使用这种方法来转储请求以解决错误,但是由于使用getReader()将请求保存为字节数组时,我遇到了错误,您正在使用默认的机器编码,并且因此,你并不尊重请求的字符集。

在我的情况下,客户端执行了一个POST,其有效负载使用UTF-8编码,但我的后端恰好是在Windows机器上,其编码是CP-1252。您的过滤器有效地接受UTF-8请求,将其转换为CP-1252,所有后续过滤器都会看到。在我的情况下,我有一个REST控制器期望接收该字符串(JSON),因此我收到了“400 Bad Request”错误。

固定的解决方案绕过这些线(没试过!):

class ResettableStreamHttpServletRequest extends HttpServletRequestWrapper {
    private byte[] rawData;
    private HttpServletRequest request;
    private ResettableServletInputStream servletStream;

    ResettableStreamHttpServletRequest(HttpServletRequest request) {
        super(request);
        this.request = request;
        this.servletStream = new ResettableServletInputStream();
    }

    void resetInputStream() {
        servletStream.stream = new ByteArrayInputStream(rawData);
    }

    @Override
    public ServletInputStream getInputStream() throws IOException {
        if (rawData == null) {
            rawData = IOUtils.toByteArray(this.request.getInputStream());
            servletStream.stream = new ByteArrayInputStream(rawData);
        }
        return servletStream;
    }

    @Override
    public BufferedReader getReader() throws IOException {
        if (rawData == null) {
            rawData = IOUtils.toByteArray(this.request.getInputStream());
            servletStream.stream = new ByteArrayInputStream(rawData);
        }
        String encoding = getCharacterEncoding();
        if (encoding != null) {
            return new BufferedReader(new InputStreamReader(servletStream, encoding));
        } else {
            return new BufferedReader(new InputStreamReader(servletStream));
        }
    }

    private class ResettableServletInputStream extends ServletInputStream {
        private InputStream stream;

        @Override
        public int read() throws IOException {
            return stream.read();
        }
    }
}