Springboot如何使用filter对request body参数进行校验

Springboot如何使用filter对request body参数进行校验

目录使用filter对requestbody参数进行校验通过filter修改body参数的思路知识点步骤

使用filter对request body参数进行校验

@Slf4j

public class ParameterCheckServletRequestWrapper extends HttpServletRequestWrapper {

private byte[] requestBody;

private Charset charSet;

public ParameterCheckServletRequestWrapper(HttpServletRequest request) {

super(request);

//缓存请求body

try {

String requestBodyStr = getRequestPostStr(request);

if (StringUtils.isNotBlank(requestBodyStr)) {

jsONObject resultJson = JSONObject.fromObject(requestBodyStr.replace("\"", "'"));

Object[] obj = resultJson.keySet().toArray();

for (Object o : obj) {

resultJson.put(o, StringUtils.trimToNull(resultJson.get(o).toString()));

}

OZloevj requestBody = resultJson.toString().getBytes(charSet);

} else {

requestBody = new byte[0];

}

} catch (IOException e) {

log.error("", e);

}

}

public String getRequestPostStr(HttpServletRequest request)

throws IOException {

String charSetStr = request.getCharacterEncoding();

if (charSetStr == null) {

charSetStr = "UTF-8";

}

charSet = Charset.forName(charSetStr);

return StreamUtils.copyToString(request.getInputStream(), charSet);

}

/**

* 重写 getInputStream()

*/

@Override

public ServletInputStream getInputStream() {

if (requestBody == null) {

requestBody = new byte[0];

}

final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(requestBody);

return new ServletInputStream() {

@Override

public boolean isFinished() {

return false;

}

@Override

public boolean isReady() {

return false;

}

@Override

public void setReadListener(ReadListener readListener) {

}

@Override

public int read() {

return byteArrayInputStream.read();

}

};

}

/**

* 重写 getReader()

*/

@Override

public BufferedReader getReader() {

return new BufferedReader(new InputStreamReader(getInputStream()));

}

}

public class ParameterCheckFilter implements Filter {

@Override

public void init(FilterConfig filterConfig) throws ServletException {

}

@Override

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {

ParameterCheckServletRequestWrapper myWrapper = new ParameterCheckServletRequestWrapper((HttpServletRequest) servletRequest);

filterChain.doFilter(myWrapper, servletResponse);

}

@Override

public void destroy() {

}

}

@Configuration

public class FilterConfig {

@Bean

public FilterRegistrationBean authFilterRegistrationBean() {

FilterRegistrationBean registrationBean = new FilterRegistrationBean<>();

registrationBean.setName("parameterCheckFilter");

registrationBean.setFilter(new ParameterCheckFilter());

registrationBean.setOrder(1);

registrationBean.addUrlPatterns("/*");

return registrationBean;

}

}

通过filter修改body参数的思路

知识点

1、HttpServletRequestWrapper

2、filter

步骤

1、新建MyHttpServletRequestWrapper继承HttpServletRequestWrapper

2、讲传入的body赋值给自己的body（如下）

package com.orisdom.modules.common.filter;

import com.alibaba.fastjson.JSON;

import com.alibaba.fastjson.JSONObject;

import com.orisdom.modules.monitor.dto.input.MonitorPointQueryPara;

import javax.servlet.ReadListener;

import javax.servlet.ServletInputStream;

import javax.servlet.http.HttpServletRequest;

import javaxhttp://.servlet.http.HttpServletRequestWrapper;

import java.io.BufferedReader;

import java.io.ByteArrayInputStream;

import java.io.IOException;

import java.io.InputStreamReader;

import java.nio.charset.Charset;

/**

* @author xiaokang

* @description

* @date 2021/6/11 10:56

*/

public class MyHttpServletRequestWrapper extends HttpServletRequestWrapper {

private String tempBody;

public MyHttpServletRequestWrapper(HttpServletRequest request) {

super(request);

this.tempBody = getBody(request);

System.out.println(tempBody);

}

/**

* 获取请求体

* @param request 请求

* @return 请求体

*/

private String getBody(HttpServletRequest request) {

try {

ServletInputStream stream = request.getInputStream();

String read = "";

StringBuilder stringBuilder = new StringBuilder();

byte[] b = new byte[1024];

int lens = -1;

while ((lens = stream.read(b)) > 0) {

stringBuilder.append(new String(b, 0, lens));

}

return stringBuilder.toString();

} catch (IOException e) {

throw new RuntimeException(e);

}

}

/**

* 获取请求体

* @return 请求体

*/

public String getBody() {

MonitorPointQueryPara para = JSON.parseObject(tempBody, MonitorPointQueryPara.class);

para.setName("1232321321");

tempBody = JSONObject.toJSONString(para);

return tempBody;

}

/**

* 需要重写这个方法

* @return

* @throws IOException

*/

@Override

public BufferedReader getReader() throws IOException {

return new BufferedReader(new InputStreamReader(getInputOZloevjStream()));

}

/**

* 需要重写这个方法

* @return

* @throws IOException

*/

@Override

public ServletInputStream getInputStream() throws IOException {

// 创建字节数组输入流

final ByteArrayInputStream bais = new ByteArrayInputStream(tempBody.getBytes(Charset.defaultCharset()));

return new ServletInputStream() {

@Override

public boolean isFinished() {

return false;

}

@Override

public boolean isReady() {

return false;

}

@Override

public void setReadListener(ReadListener readListener) {

}

@Override

public int read() throws IOException {

return bais.read();

}

};

}

}

1.新建MyFilter 继承 Filter

2.添加@WebFilter注解

3.启动类添加@ServletComponentScan(如下)

package com.orisdom.modules.common.filter;

import org.springframework.core.annotation.Order;

import javax.servlet.*;

import javax.servlet.annotation.WebFilter;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletRequestWrapper;

import java.io.BufferedReader;

import java.io.IOException;

import java.util.HashMap;

import java.util.Map;

/**

* @author xiaokang

* @description

* @date 2021/6/11 9:47

*/

@WebFilter

public class MyFilter implements Filter {

@Override

public void init(FilterConfig http://filterConfig) throws ServletException {

}

@Override

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {

MyHttpServletRequestWrapper myHttpServletRequestWrapper = new MyHttpServletRequestWrapper((HttpServletRequest) servletRequest);

　　　　　// 相当于赋值

myHttpServletRequestWrapper.getBody();

　　　　　// 自己定义的MyHttpServletRequestWrapper

filterChain.doFilter(myHttpServletRequestWrapper, servletResponse);

System.out.println(11111111);

}

@Override

public void destroy() {

}

}

没加之前

加了之后

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。