Springboot怎么使用filter对request body参数进行校验

发布时间：2022-03-15 12:47:26 阅读：548 作者：小新栏目：开发技术

开发者测试专用服务器限时活动，0元免费领，库存有限，领完即止！点击查看>>

这篇文章主要为大家展示了“Springboot怎么使用filter对request body参数进行校验”，内容简而易懂，条理清晰，希望能够帮助大家解决疑惑，下面让小编带领大家一起研究并学习一下“Springboot怎么使用filter对request body参数进行校验”这篇文章吧。

使用filter对request body参数进行校验

@Slf4j
public class ParameterCheckServletRequestWrapper extends HttpServletRequestWrapper {
    private byte[] requestBody;
    private Charset charSet;
    public ParameterCheckServletRequestWrapper(HttpServletRequest request) {
        super(request);
        //缓存请求body
        try {
            String requestBodyStr = getRequestPostStr(request);
            if (StringUtils.isNotBlank(requestBodyStr)) {
                JSONObject resultJson = JSONObject.fromObject(requestBodyStr.replace("\"", "'"));
                Object[] obj = resultJson.keySet().toArray();
                for (Object o : obj) {
                    resultJson.put(o, StringUtils.trimToNull(resultJson.get(o).toString()));
                }
                requestBody = resultJson.toString().getBytes(charSet);
            } else {
                requestBody = new byte[0];
            }
        } catch (IOException e) {
            log.error("", e);
        }
    }
    public String getRequestPostStr(HttpServletRequest request)
            throws IOException {
        String charSetStr = request.getCharacterEncoding();
        if (charSetStr == null) {
            charSetStr = "UTF-8";
        }
        charSet = Charset.forName(charSetStr);
        return StreamUtils.copyToString(request.getInputStream(), charSet);
    }
    /**
     * 重写 getInputStream()
     */
    @Override
    public ServletInputStream getInputStream() {
        if (requestBody == null) {
            requestBody = new byte[0];
        }
        final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(requestBody);
        return new ServletInputStream() {
            @Override
            public boolean isFinished() {
                return false;
            }
            @Override
            public boolean isReady() {
                return false;
            }
            @Override
            public void setReadListener(ReadListener readListener) {
            }
            @Override
            public int read() {
                return byteArrayInputStream.read();
            }
        };
    }
    /**
     * 重写 getReader()
     */
    @Override
    public BufferedReader getReader() {
        return new BufferedReader(new InputStreamReader(getInputStream()));
    }
}

public class ParameterCheckFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        ParameterCheckServletRequestWrapper myWrapper = new ParameterCheckServletRequestWrapper((HttpServletRequest) servletRequest);
        filterChain.doFilter(myWrapper, servletResponse);
    }
    @Override
    public void destroy() {
    }
}

@Configuration
public class FilterConfig {
    @Bean
    public FilterRegistrationBean authFilterRegistrationBean() {
        FilterRegistrationBean<Filter> registrationBean = new FilterRegistrationBean<>();
        registrationBean.setName("parameterCheckFilter");
        registrationBean.setFilter(new ParameterCheckFilter());
        registrationBean.setOrder(1);
        registrationBean.addUrlPatterns("/*");
        return registrationBean;
    }
}

通过filter修改body参数的思路

知识点

1、HttpServletRequestWrapper

2、filter

步骤

1、新建MyHttpServletRequestWrapper继承HttpServletRequestWrapper

2、讲传入的body赋值给自己的body（如下）

package com.orisdom.modules.common.filter;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.orisdom.modules.monitor.dto.input.MonitorPointQueryPara;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
/**
 * @author xiaokang
 * @description
 * @date 2021/6/11 10:56
 */
public class MyHttpServletRequestWrapper extends HttpServletRequestWrapper {
    private String tempBody;
    public MyHttpServletRequestWrapper(HttpServletRequest request) {
        super(request);
        this.tempBody = getBody(request);
        System.out.println(tempBody);
    }
    /**
     * 获取请求体
     * @param request 请求
     * @return 请求体
     */
    private String getBody(HttpServletRequest request) {
        try {
            ServletInputStream stream = request.getInputStream();
            String read = "";
            StringBuilder stringBuilder = new StringBuilder();
            byte[] b = new byte[1024];
            int lens = -1;
            while ((lens = stream.read(b)) > 0) {
                stringBuilder.append(new String(b, 0, lens));
            }
            return stringBuilder.toString();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
    /**
     * 获取请求体
     * @return 请求体
     */
    public String getBody() {
        MonitorPointQueryPara para = JSON.parseObject(tempBody, MonitorPointQueryPara.class);
        para.setName("1232321321");
        tempBody = JSONObject.toJSONString(para);
        return tempBody;
    }
    /**
     * 需要重写这个方法
     * @return
     * @throws IOException
     */
    @Override
    public BufferedReader getReader() throws IOException {
        return new BufferedReader(new InputStreamReader(getInputStream()));
    }
    /**
     * 需要重写这个方法
     * @return
     * @throws IOException
     */
    @Override
    public ServletInputStream getInputStream() throws IOException {
        // 创建字节数组输入流
        final ByteArrayInputStream bais = new ByteArrayInputStream(tempBody.getBytes(Charset.defaultCharset()));
        return new ServletInputStream() {
            @Override
            public boolean isFinished() {
                return false;
            }
            @Override
            public boolean isReady() {
                return false;
            }
            @Override
            public void setReadListener(ReadListener readListener) {
            }
            @Override
            public int read() throws IOException {
                return bais.read();
            }
        };
    }
}

1.新建MyFilter 继承 Filter

2.添加@WebFilter注解

3.启动类添加@ServletComponentScan(如下)

package com.orisdom.modules.common.filter;
import org.springframework.core.annotation.Order;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
/**
 * @author xiaokang
 * @description
 * @date 2021/6/11 9:47
 */
@WebFilter
public class MyFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
　　　　
        MyHttpServletRequestWrapper myHttpServletRequestWrapper = new MyHttpServletRequestWrapper((HttpServletRequest) servletRequest);
　　　　　// 相当于赋值
        myHttpServletRequestWrapper.getBody();
　　　　　// 自己定义的MyHttpServletRequestWrapper
        filterChain.doFilter(myHttpServletRequestWrapper, servletResponse);
        System.out.println(11111111);
    }
    @Override
    public void destroy() {
    }
}