投稿
  1. 极客之音首页
  2. 技术随笔

解决springboot添加拦截器之后只能获取一次流,并且@requestbody注解和表单方式都可以接到参

小半 技术随笔 阅读 283

导读:本篇文章讲解 解决springboot添加拦截器之后只能获取一次流,并且@requestbody注解和表单方式都可以接到参,希望对大家有帮助,欢迎收藏,转发!站点地址:www.bmabk.com

为了防止添加拦截器之后只能获取一次流 需要自定义类重写HttpServletRequestWrapper

package com.sinochemitech.flowablehttp.Interceptor;
import org.springframework.util.StreamUtils;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.*;

/**
 * SinochemHttpServletRequestWrapper这个主要是包装HttpServletRequest,因为HttpServletRequest只能读一次流,所以需要一个包装类,否则controller类接收不到参数
 * @author jiagang
 * @summary 自定义 HttpServletRequestWrapper 来包装输入流
 */
public class SinochemHttpServletRequestWrapper extends HttpServletRequestWrapper {

    /**
     * 缓存下来的HTTP body
     */
    private byte[] body = null;

    public SinochemHttpServletRequestWrapper(HttpServletRequest request) throws IOException {
        super(request);
        try {
            body = StreamUtils.copyToByteArray(request.getInputStream());

        }catch (Exception e){
            e.printStackTrace();
        }
    }

    /**
     * 重新包装输入流
     * @return
     * @throws IOException
     */
    @Override
    public ServletInputStream getInputStream() throws IOException {
        if (body == null) {
            body = new byte[0];
        }
        final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(body);
        return new ServletInputStream() {

            @Override
            public int read() throws IOException {
                return byteArrayInputStream.read();
            }

            @Override
            public void setReadListener(ReadListener listener) {
            }

            @Override
            public boolean isReady() {
                return false;
            }

            @Override
            public boolean isFinished() {
                return false;
            }
        };

    }

    @Override
    public BufferedReader getReader() throws IOException {
        return new BufferedReader(new InputStreamReader(getInputStream()));
    }
}

拦截器代码如下:

package com.sinochemitech.flowablehttp.Interceptor;

import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.sinochemitech.exception.FlowException;
import com.sinochemitech.util.JsonUtil;
import com.sinochemitech.util.RSAUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.util.StreamUtils;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;


/**
 * 验签
 */
@Component
public class InterceptorConfig implements HandlerInterceptor {

    private static Logger logger = LoggerFactory.getLogger(InterceptorConfig.class);

    @Value("${flowable.publicKey}")
    private String publicKey;

    @Override
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {

        try {
//           AxinHttpServletRequestWrapper requestWrapper = new AxinHttpServletRequestWrapper(httpServletRequest);

            // 获取请求路径
            String requestURI = httpServletRequest.getRequestURI();
            if (!requestURI.contains("api/workFlow")) {
                return true;
            }

            //获取请求参数
            String queryString = httpServletRequest.getQueryString();
            logger.info("请求参数:{}", queryString);

            //获取请求body
            byte[] bodyBytes = StreamUtils.copyToByteArray(httpServletRequest.getInputStream());
            String body = new String(bodyBytes, httpServletRequest.getCharacterEncoding());
            logger.info("请求体:{}", body);
//        Map<String, Object> map = JSON.parseObject(body,Map.class);
            Map<String, Object> map = JsonUtil.jsonToMap(body);
            String signStr = String.valueOf(map.get("sign"));
            byte[] sign = org.apache.commons.codec.binary.Base64.decodeBase64(signStr);
            map.remove("sign");
            Set set = map.keySet();
            Iterator it = set.iterator();
            TreeMap tm = new TreeMap(new RSAUtil.MComparator());
            while (it.hasNext()) {
                String key = String.valueOf(it.next());
                tm.put(key, map.get(key));
            }

            // Map<String, Object> keyMap = RSAUtil.initKey();
            String mapSortStr = JSONObject.toJSONString(tm);
            logger.info("传过来的字符串:mapSortStr:{}", mapSortStr);
            //公钥验证
            boolean flagB = RSAUtil.verify(mapSortStr.getBytes(), sign, publicKey);
            if (flagB) {
                return true;
            } else {
                throw new FlowException("无权限");
            }
        } catch (Exception e) {
            throw new FlowException(e.getMessage());
        }
    }

    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
        logger.info("兑换服务拦截器-处理请求完成后视图渲染之前的处理操作");
    }

    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
        logger.info("兑换服务拦截器-视图渲染之后的操作");
    }
}

这个时候有人通过自定义DispatcherServlet的方式来包装成我们自定义的request

//    /**
//     * 包装成我们自定义的request
//     * @param request
//     * @param response
//     * @throws Exception
//     */
//    @Override
//    protected void doDispatch(HttpServletRequest request, HttpServletResponse response) throws Exception {
//        super.doDispatch(new AxinHttpServletRequestWrapper(request), response);
//    }
//}

也就是这种方式来创建我们上面自定义的HttpServletRequestWrapper,这种情况可以解决获取一次流的问题,但是涉及到表单接参的接口,就会接受不到值。

以下使用过滤器的方式来创建自定义的HttpServletRequestWrapper
主要通过过滤路径的方式
因为我拦截器里的逻辑是在处理关于签名验证的问题,所以这些路径下的接口需要拦截,并且需要多次获取流的body

package com.sinochemitech.flowablehttp.filter;

import com.sinochemitech.flowablehttp.Interceptor.SinochemHttpServletRequestWrapper;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;

/**
 * 过滤需要验签的接口,将request转化成自定义包装的request--为了解决request只能获取一次流
 * @author : jiagang
 * @date : Created in 2021/8/26 14:35
 */

@WebFilter(filterName = "SinochemFilter", urlPatterns = "/api/workFlow/*")
public class SinochemFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        ServletRequest requestWrapper = new SinochemHttpServletRequestWrapper(httpServletRequest);
        filterChain.doFilter(requestWrapper, servletResponse);
    }

    @Override
    public void destroy() {

    }
}

过滤器配置

    @Bean
    public FilterRegistrationBean<SinochemFilter> Filters() {
        FilterRegistrationBean<SinochemFilter> registrationBean = new FilterRegistrationBean<SinochemFilter>();
        registrationBean.setFilter(new SinochemFilter());
        registrationBean.addUrlPatterns("/api/workFlow/*");
        registrationBean.setName("koalaSignFilter");
        return registrationBean;
    }

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

文章由极客之音整理,本文链接:https://www.bmabk.com/index.php/post/99545.html

(0)
小半的头像小半
0 0

相关推荐

极客之音——专业性很强的中文编程技术网站,欢迎收藏到浏览器,订阅我们!