通過攔截器和過濾器實現,話不多說上代碼。
1、重寫HttpServletRequestWrapper讀取body裏面的內容。
public class RequestWrapper extends HttpServletRequestWrapper { private final String body; public RequestWrapper(HttpServletRequest request) { super(request); StringBuilder stringBuilder = new StringBuilder(); BufferedReader bufferedReader = null; InputStream inputStream = null; try { inputStream = request.getInputStream(); if (inputStream != null) { bufferedReader = new BufferedReader(new InputStreamReader(inputStream)); char[] charBuffer = new char[128]; int bytesRead = -1; while ((bytesRead = bufferedReader.read(charBuffer)) > 0) { stringBuilder.append(charBuffer, 0, bytesRead); } } else { stringBuilder.append(""); } } catch (IOException ex) { } finally { if (inputStream != null) { try { inputStream.close(); } catch (IOException e) { e.printStackTrace(); } } if (bufferedReader != null) { try { bufferedReader.close(); } catch (IOException e) { e.printStackTrace(); } } } body = stringBuilder.toString(); } @Override public ServletInputStream getInputStream() throws IOException { final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(body.getBytes()); ServletInputStream servletInputStream = new ServletInputStream() { @Override public boolean isFinished() { return false; } @Override public boolean isReady() { return false; } @Override public void setReadListener(ReadListener readListener) { } @Override public int read() throws IOException { return byteArrayInputStream.read(); } }; return servletInputStream; } @Override public BufferedReader getReader() throws IOException { return new BufferedReader(new InputStreamReader(this.getInputStream())); } public String getBody() { return this.body; } }
2、因爲reque裏面的內容只能讀取一次,需要重寫回去。增加ChannelFilter
import org.springframework.stereotype.Component; import javax.servlet.*; import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import java.io.IOException; @Component @WebFilter(urlPatterns = "/*",filterName = "channelFilter") public class ChannelFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { ServletRequest requestWrapper = null; if(servletRequest instanceof HttpServletRequest) { requestWrapper = new RequestWrapper((HttpServletRequest) servletRequest); } if(requestWrapper == null) { filterChain.doFilter(servletRequest, servletResponse); } else { filterChain.doFilter(requestWrapper, servletResponse); } } @Override public void destroy() { } }
3、增加攔截器,獲取請求的body
@Component public class ParamInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String method = request.getMethod(); String contentType = request.getContentType() == null ? "" : request.getContentType(); if (HttpMethod.POST.name().equals(method) && !contentType.equals(MediaType.MULTIPART_FORM_DATA_VALUE)) { RequestWrapper requestWrapper = new RequestWrapper(request); String body = requestWrapper.getBody(); testParam(body); } return true; } private void testParam(String param){ try { param = param.replace(" ", ""); param = param.replace("&", ""); param = param.replace("#", ""); param = param.replace(" ", ""); param = param.replace("\"\"", ""); if (param.toLowerCase().contains("<script") || param.contains("<") || param.contains(">") || param.toLowerCase().contains("<html") || param.toLowerCase().contains("<header") || param.toLowerCase().contains("alert") || param.toLowerCase().contains("console") ) { throw new BusinessException("500", "非法參數!"); } } catch (Exception ex) { if (ex instanceof BusinessException) { throw new BusinessException("500", ((BusinessException) ex).getMsg()); } } } }
4、攔截器配置(略)
5、過濾器配置,在啓動類上增加@ServletComponentScan註解