我的要求是解密由我自己的算法加密的请求体 。
我尝试扩展HttpServletRequestWrapper
并将新请求传递给doFilter
。但是getInputStream
和getReader
都没有被调用,因此无法将请求体解密为plainText。
EncryptFilter的顺序首先在web.xml
中设置。
我使用的网址是POST / user / add
这是我的代码
HttpServletRequestWrapper的子类:
class ResettableStreamHttpServletRequest extends
HttpServletRequestWrapper {
private byte[] rawData;
private HttpServletRequest request;
private ResettableServletInputStream servletStream;
public ResettableStreamHttpServletRequest(HttpServletRequest request) {
super(request);
this.request = request;
this.servletStream = new ResettableServletInputStream();
}
public void resetInputStream(byte[] data) {
servletStream.stream = new ByteArrayInputStream(data);
}
@Override
public ServletInputStream getInputStream() throws IOException {
if (rawData == null) {
rawData = IOUtils.toByteArray(this.request.getReader());
servletStream.stream = new ByteArrayInputStream(rawData);
}
return servletStream;
}
@Override
public BufferedReader getReader() throws IOException {
if (rawData == null) {
rawData = IOUtils.toByteArray(this.request.getReader());
servletStream.stream = new ByteArrayInputStream(rawData);
}
return new BufferedReader(new InputStreamReader(servletStream));
}
private class ResettableServletInputStream extends ServletInputStream {
private InputStream stream;
@Override
public int read() throws IOException {
return stream.read();
}
}
}
doFilter
相关代码:
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
ServletRequest newRequest = new ResettableStreamHttpServletRequest((HttpServletRequest) request);
ServletResponse newResponse = new EncryptedResponseWrapper((HttpServletResponse) response);
String body = IOUtils.toString(newRequest.getInputStream());
String plainText = crypt.decrypt(body);
LOGGER.debug(plainText);
((ResettableStreamHttpServletRequest) newRequest).resetInputStream(plainText.getBytes("UTF-8"));
chain.doFilter(newRequest, newResponse);
if (((EncryptedResponseWrapper) newResponse).getStatus() != HttpStatus.OK.value()) {
response.getWriter().write(newResponse.toString());
return;
}
String text = newResponse.toString();
if (text != null) {
String respPlainText = newResponse.toString();
LOGGER.debug(respPlainText);
String encrypted = crypt.encrypt(respPlainText);
response.getWriter().write(encrypted);
}
}
web.xml
:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<absolute-ordering>
<name>EncryptFilter</name>
<name>encodingFilter</name>
</absolute-ordering>
<filter>
<filter-name>EncryptFilter</filter-name>
<filter-class>com.yuexunit.micro.filter.EncryptFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>EncryptFilter</filter-name>
<url-pattern>/user/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
答案 0 :(得分:0)
我使用这种方法来转储请求以解决错误,但是由于使用getReader()将请求保存为字节数组时,我遇到了错误,您正在使用默认的机器编码,并且因此,你并不尊重请求的字符集。
在我的情况下,客户端执行了一个POST,其有效负载使用UTF-8编码,但我的后端恰好是在Windows机器上,其编码是CP-1252。您的过滤器有效地接受UTF-8请求,将其转换为CP-1252,所有后续过滤器都会看到。在我的情况下,我有一个REST控制器期望接收该字符串(JSON),因此我收到了“400 Bad Request”错误。
固定的解决方案绕过这些线(没试过!):
class ResettableStreamHttpServletRequest extends HttpServletRequestWrapper {
private byte[] rawData;
private HttpServletRequest request;
private ResettableServletInputStream servletStream;
ResettableStreamHttpServletRequest(HttpServletRequest request) {
super(request);
this.request = request;
this.servletStream = new ResettableServletInputStream();
}
void resetInputStream() {
servletStream.stream = new ByteArrayInputStream(rawData);
}
@Override
public ServletInputStream getInputStream() throws IOException {
if (rawData == null) {
rawData = IOUtils.toByteArray(this.request.getInputStream());
servletStream.stream = new ByteArrayInputStream(rawData);
}
return servletStream;
}
@Override
public BufferedReader getReader() throws IOException {
if (rawData == null) {
rawData = IOUtils.toByteArray(this.request.getInputStream());
servletStream.stream = new ByteArrayInputStream(rawData);
}
String encoding = getCharacterEncoding();
if (encoding != null) {
return new BufferedReader(new InputStreamReader(servletStream, encoding));
} else {
return new BufferedReader(new InputStreamReader(servletStream));
}
}
private class ResettableServletInputStream extends ServletInputStream {
private InputStream stream;
@Override
public int read() throws IOException {
return stream.read();
}
}
}