Springboot如何使用filter对request body参数进行校验

使用filter对request body参数进行校验

@Slf4j
public class ParameterCheckServletRequestWrapper extends HttpServletRequestWrapper {
   private byte[] requestBody;
   private Charset charSet;
   public ParameterCheckServletRequestWrapper(HttpServletRequest request) {
       super(request);
       //缓存请求body
       try {
           String requestBodyStr = getRequestPostStr(request);
           if (StringUtils.isNotBlank(requestBodyStr)) {
               JSONObject resultJson = JSONObject.fromObject(requestBodyStr.replace("\"", "'"));
               Object[] obj = resultJson.keySet().toArray();
               for (Object o : obj) {
                   resultJson.put(o, StringUtils.trimToNull(resultJson.get(o).toString()));
               }
               requestBody = resultJson.toString().getBytes(charSet);
           } else {
               requestBody = new byte[0];
           }
       } catch (IOException e) {
           log.error("", e);
       }
   }
   public String getRequestPostStr(HttpServletRequest request)
           throws IOException {
       String charSetStr = request.getCharacterEncoding();
       if (charSetStr == null) {
           charSetStr = "UTF-8";
       }
       charSet = Charset.forName(charSetStr);
       return StreamUtils.copyToString(request.getInputStream(), charSet);
   }
   /**
    * 重写 getInputStream()
    */
   @Override
   public ServletInputStream getInputStream() {
       if (requestBody == null) {
           requestBody = new byte[0];
       }
       final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(requestBody);
       return new ServletInputStream() {
           @Override
           public boolean isFinished() {
               return false;
           }
           @Override
           public boolean isReady() {
               return false;
           }
           @Override
           public void setReadListener(ReadListener readListener) {
           }
           @Override
           public int read() {
               return byteArrayInputStream.read();
           }
       };
   }
   /**
    * 重写 getReader()
    */
   @Override
   public BufferedReader getReader() {
       return new BufferedReader(new InputStreamReader(getInputStream()));
   }
}

public class ParameterCheckFilter implements Filter {
   @Override
   public void init(FilterConfig filterConfig) throws ServletException {
   }
   @Override
   public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
       ParameterCheckServletRequestWrapper myWrapper = new ParameterCheckServletRequestWrapper((HttpServletRequest) servletRequest);
       filterChain.doFilter(myWrapper, servletResponse);
   }
   @Override
   public void destroy() {
   }
}

@Configuration
public class FilterConfig {
   @Bean
   public FilterRegistrationBean authFilterRegistrationBean() {
       FilterRegistrationBean<Filter> registrationBean = new FilterRegistrationBean<>();
       registrationBean.setName("parameterCheckFilter");
       registrationBean.setFilter(new ParameterCheckFilter());
       registrationBean.setOrder(1);
       registrationBean.addUrlPatterns("/*");
       return registrationBean;
   }
}

通过filter修改body参数的思路

知识点

1、HttpServletRequestWrapper

2、filter

步骤

1、新建MyHttpServletRequestWrapper继承HttpServletRequestWrapper

2、讲传入的body赋值给自己的body（如下）

package com.orisdom.modules.common.filter;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.orisdom.modules.monitor.dto.input.MonitorPointQueryPara;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
/**
 * @author xiaokang
 * @description
 * @date 2021/6/11 10:56
 */
public class MyHttpServletRequestWrapper extends HttpServletRequestWrapper {
    private String tempBody;
    public MyHttpServletRequestWrapper(HttpServletRequest request) {
        super(request);
        this.tempBody = getBody(request);
        System.out.println(tempBody);
    }
    /**
     * 获取请求体
     * @param request 请求
     * @return 请求体
     */
    private String getBody(HttpServletRequest request) {
        try {
            ServletInputStream stream = request.getInputStream();
            String read = "";
            StringBuilder stringBuilder = new StringBuilder();
            byte[] b = new byte[1024];
            int lens = -1;
            while ((lens = stream.read(b)) > 0) {
                stringBuilder.append(new String(b, 0, lens));
            }
            return stringBuilder.toString();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
    /**
     * 获取请求体
     * @return 请求体
     */
    public String getBody() {
        MonitorPointQueryPara para = JSON.parseObject(tempBody, MonitorPointQueryPara.class);
        para.setName("1232321321");
        tempBody = JSONObject.toJSONString(para);
        return tempBody;
    }
    /**
     * 需要重写这个方法
     * @return
     * @throws IOException
     */
    @Override
    public BufferedReader getReader() throws IOException {
        return new BufferedReader(new InputStreamReader(getInputStream()));
    }
    /**
     * 需要重写这个方法
     * @return
     * @throws IOException
     */
    @Override
    public ServletInputStream getInputStream() throws IOException {
        // 创建字节数组输入流
        final ByteArrayInputStream bais = new ByteArrayInputStream(tempBody.getBytes(Charset.defaultCharset()));
        return new ServletInputStream() {
            @Override
            public boolean isFinished() {
                return false;
            }
            @Override
            public boolean isReady() {
                return false;
            }
            @Override
            public void setReadListener(ReadListener readListener) {
            }
            @Override
            public int read() throws IOException {
                return bais.read();
            }
        };
    }
}

1.新建MyFilter 继承 Filter

2.添加@WebFilter注解

3.启动类添加@ServletComponentScan(如下)

package com.orisdom.modules.common.filter;
import org.springframework.core.annotation.Order;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
/**
 * @author xiaokang
 * @description
 * @date 2021/6/11 9:47
 */
@WebFilter
public class MyFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {

        MyHttpServletRequestWrapper myHttpServletRequestWrapper = new MyHttpServletRequestWrapper((HttpServletRequest) servletRequest);
// 相当于赋值
        myHttpServletRequestWrapper.getBody();
// 自己定义的MyHttpServletRequestWrapper
        filterChain.doFilter(myHttpServletRequestWrapper, servletResponse);
        System.out.println(11111111);
    }
    @Override
    public void destroy() {
    }
}

没加之前

加了之后

来源：https://blog.csdn.net/u012661496/article/details/83653206