参数可以直接通过request.getParameter获取。
产生不能过直接从request.getInputStream() 读取,必须要进行重新写。(request.getInputStream()只能够读取一次)
方式:
通过重写 HttpServletRequestWrapper 类 获取getInputStream中的流数据,然后在将body数据进行重新写入传递下去。
package com.xy.boot.cmiap.filter;
import com.alibaba.fastjson.JSONObject;
import com.xy.boot.common.util.StringUtils;
import org.apache.catalina.servlet4preview.http.HttpServletRequestWrapper;
import org.apache.commons.codec.Charsets;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import java.io.*;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
/**
* Created by fuwenshen
* Date:2018/10/26
* Time:12:21
*/
public class XyRequestWrapper extends HttpServletRequestWrapper {
private String body;
public XyRequestWrapper(HttpServletRequest request) throws IOException {
super(request);
StringBuilder stringBuilder = new StringBuilder();
BufferedReader bufferedReader = null;
try {
InputStream inputStream = request.getInputStream();
if (inputStream != null) {
bufferedReader = new BufferedReader(new InputStreamReader(inputStream,"UTF-8"));
char[] charBuffer = new char[128];
int bytesRead = -1;
while ((bytesRead = bufferedReader.read(charBuffer)) > 0) {
stringBuilder.append(charBuffer, 0, bytesRead);
}
} else {
stringBuilder.append("");
}
} catch (IOException ex) {
throw ex;
} finally {
if (bufferedReader != null) {
try {
bufferedReader.close();
} catch (IOException ex) {
throw ex;
}
}
}
body = stringBuilder.toString();
}
@Override
public ServletInputStream getInputStream() throws IOException {
final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(body.getBytes("UTF-8"));
ServletInputStream servletInputStream = new ServletInputStream() {
@Override
public boolean isFinished() {
return false;
}
@Override
public boolean isReady() {
return false;
}
@Override
public void setReadListener(ReadListener readListener) {
}
@Override
public int read() throws IOException {
return byteArrayInputStream.read();
}
};
return servletInputStream;
}
@Override
public BufferedReader getReader() throws IOException {
return new BufferedReader(new InputStreamReader(this.getInputStream(), Charsets.UTF_8));
}
public String getBody() {
return this.body;
}
@Override
public String getParameter(String name) {
return super.getParameter(name);
}
@Override
public Map<String, String[]> getParameterMap() {
return super.getParameterMap();
}
@Override
public Enumeration<String> getParameterNames() {
return super.getParameterNames();
}
@Override
public String[] getParameterValues(String name) {
return super.getParameterValues(name);
}
/**
* 设置自定义post参数 //
*
* @param paramMaps
* @return
*/
public void setParamsMaps(Map paramMaps) {
Map paramBodyMap = new HashMap();
if (!StringUtils.isEmpty(body)) {
paramBodyMap = JSONObject.parseObject(body, Map.class);
}
paramBodyMap.putAll(paramMaps);
body = JSONObject.toJSONString(paramBodyMap);
}
}
package com.xy.boot.cmiap.filter;
import com.alibaba.fastjson.JSONObject;
import com.xy.boot.cmiap.bo.VerifyTokenResultBO;
import com.xy.boot.cmiap.constant.HttpConstant;
import com.xy.boot.cmiap.entity.enums.XyHttpCodeEnum;
import com.xy.boot.cmiap.service.IXySecurityService;
import com.xy.boot.cmiap.service.helper.XyHttpSecurityHelper;
import com.xy.boot.common.util.StringUtils;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.*;
/**
* Created by fuwenshen
* Date:2018/10/29
* Time:15:36
*/
@Component
@Slf4j
@WebFilter(filterName = "xySecurityFilter", urlPatterns = {"/api/adv/*"})
public class XySecurityFilter implements Filter {
@Value("${verify_token_switch}")
private boolean tokenSwitch;
@Value("${zy.app_secret}")
private String zyAppSecret;
@Value("${zy.token}")
private String zyToken;
//验证 token bo
private VerifyTokenResultBO tokenBO=null;
@Autowired
private IXySecurityService iXySecurityService;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
log.debug("进入XySecurityFilter!");
// 参数集合 初始化
TreeMap paramsMaps = new TreeMap();
String token = null, v = null, timestamp = null, sign = null;
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
resp.setCharacterEncoding("UTF-8");
resp.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
/**
* 验证通用请求头是否完整
*/
token = req.getHeader(HttpConstant.TOKEN);
v = req.getHeader(HttpConstant.V);
timestamp = req.getHeader(HttpConstant.TIMESTAMP);
sign = req.getHeader(HttpConstant.SIGN);
if (StringUtils.isEmpty(token) || StringUtils.isEmpty(v) || StringUtils.isEmpty(timestamp) || StringUtils.isEmpty(sign)) {
resp.sendError(XyHttpCodeEnum.ILLEGAL_REQUEST.getCode(), XyHttpCodeEnum.ILLEGAL_REQUEST.getMessage());
return;
}
// 防止流读取一次后就没有了, 所以需要将流继续写出去
XyRequestWrapper requestWrapper = new XyRequestWrapper(req);
/**
* 校验token
*/
/*********************************************************/
/**
* 获取请求参数
*/
if ("POST".equals(req.getMethod().toUpperCase())) {
String body = requestWrapper.getBody();
paramsMaps = JSONObject.parseObject(body, TreeMap.class);
log.debug("parameterMap:" + paramsMaps.toString());
} else {
Map<String, String[]> parameterMap = requestWrapper.getParameterMap();
Set<Map.Entry<String, String[]>> entries = parameterMap.entrySet();
Iterator<Map.Entry<String, String[]>> iterator = entries.iterator();
while (iterator.hasNext()) {
Map.Entry<String, String[]> next = iterator.next();
paramsMaps.put(next.getKey(), next.getValue()[0]);
}
log.debug("parameterMap:" + paramsMaps.toString());
}
/**
* 验证签名是否合法
*/
/***************************************/
//设置企业信息(自定义参数)
if(tokenBO!=null){
Map paramsPlus = new HashMap();
paramsPlus.put(HttpConstant.TOKEN, tokenBO.getTokenCode());
paramsPlus.put(HttpConstant.APPID, tokenBO.getAppid());
requestWrapper.setParamsMaps(paramsPlus);
}
chain.doFilter(requestWrapper, response);
}
@Override
public void destroy() {
}
}
以上为个人经验,希望能给大家一个参考,也希望大家多多支持。
