HttpServletRequestWrapper的使用

本文轉載自查看原文 2016-09-24 19:11 3520

老大給了一個很實際的需求：有段程序，使用Http的方式與合作商交互，而且是明文傳輸數據。我方的代碼已經打包放在服務器上運行了很長時間，這時合作商突然要求修改數據傳輸的方式，要求加密后再傳輸，而我方的原有的代碼不能改變，以防止引發其它問題。
問：如何在不修改我方現有的代碼的前提下，滿足合作商的要求？

可能大家都想到了，只要加上一個過濾器Filter不就可以了嗎？事實就是這樣的，采用Filter+HttpServletRequestWrapper就可以解決這個問題。
首先：在filter中攔截到加密后的請求，將參數解密，然后組裝成一個新的明文請求串。
然后：重寫HttpServletRequestWrapper中的getInputStream()方法，讓其返回過濾器解析后的明文串即可。

具體代碼解釋如下。

首先我寫了兩個一摸一樣的servlet，一個用來直接接收合作商的明文請求並打印；一個用來接收Filter處理后的合作商的請求並打印（Filter中將合作商加密后的參數解密再傳給這個Servlet）。

Java代碼

@WebServlet("/SiServlet")
public class SiServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public SiServlet() {
super();
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
* response)
*/
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
this.doPost(request, response);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
* response)
*
*/
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
String bizBindMsg = IOUtils.toString(request.getInputStream(), "UTF-8");
bizBindMsg = URLDecoder.decode(bizBindMsg.toString(), "UTF-8");
System.out.println("SiServlet接收到請求為: " + bizBindMsg);
response.getWriter().write("==========success=========");
}
}

Java代碼

@WebServlet("/SiServletNormal")
public class SiServletNormal extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public SiServletNormal() {
super();
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
* response)
*/
protected void doGet(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
this.doPost(request, response);
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
* response)
*
*/
protected void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
String bizBindMsg = IOUtils.toString(request.getInputStream(), "UTF-8");
bizBindMsg = URLDecoder.decode(bizBindMsg.toString(), "UTF-8");
System.out.println("SiServletNormal接收到請求為: " + bizBindMsg);
response.getWriter()
.write("==========SiServletNormal Success=========");
}
}

然后我使用HttpClient模擬了一下合作商發送明文和密文請求的過程，加密使用Base64簡單模擬一下。

Java代碼

public class AdcClient {
private HttpPost httpPost = null;
private HttpClient client = null;
private List<NameValuePair> pairs = null;
public AdcClient() {
httpPost = new HttpPost("http://localhost:8080/filtertest/SiServlet");
client = new DefaultHttpClient();
}
/**
* 發送明文消息
*
*/
public void sendMsg() {
try {
httpPost = new HttpPost(
"http://localhost:8080/filtertest/SiServletNormal");
pairs = new ArrayList<NameValuePair>();
pairs.add(new BasicNameValuePair(("param1"), "obama沒加密"));
pairs.add(new BasicNameValuePair(("param2"), "男沒加密"));
pairs.add(new BasicNameValuePair(("param3"), "漢沒加密"));
pairs.add(new BasicNameValuePair(("param4"), "山東沒加密"));
httpPost.setEntity(new UrlEncodedFormEntity(pairs, "UTF-8"));
// httpPost.setHeader("Cookie", "TOKEN=1234567890");
HttpResponse response = client.execute(httpPost);
HttpEntity entity = response.getEntity();
BufferedReader br = new BufferedReader(new InputStreamReader(
entity.getContent()));
String line = null;
StringBuffer result = new StringBuffer();
while ((line = br.readLine()) != null) {
result.append(line);
line = br.readLine();
}
System.out.println("來自SiServletNormal的響應為:" + result.toString());
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
/**
* 發送加密后的消息
*/
public void sendEncryptMsg() {
try {
pairs = new ArrayList<NameValuePair>();
pairs.add(new BasicNameValuePair(("param1"), Base64EnDecrypt
.base64Encode("obama")));
pairs.add(new BasicNameValuePair(("param2"), Base64EnDecrypt
.base64Encode("男")));
pairs.add(new BasicNameValuePair(("param3"), Base64EnDecrypt
.base64Encode("漢")));
pairs.add(new BasicNameValuePair(("param4"), Base64EnDecrypt
.base64Encode("山東")));
HttpEntity reqEntity = new UrlEncodedFormEntity(pairs, "UTF-8");
httpPost.setEntity(reqEntity);
// httpPost.setHeader("Cookie", "TOKEN=1234567890");
HttpResponse response = client.execute(httpPost);
/**
* 獲取響應信息
*/
HttpEntity entity = response.getEntity();
BufferedReader br = new BufferedReader(new InputStreamReader(
entity.getContent()));
String line = null;
StringBuffer result = new StringBuffer();
while ((line = br.readLine()) != null) {
result.append(line);
line = br.readLine();
}
System.out.println("來自SiServlet的響應為:" + result.toString());
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
/**
* @param args
* @throws UnsupportedEncodingException
*/
public static void main(String[] args) throws UnsupportedEncodingException {
new AdcClient().sendMsg();
new AdcClient().sendEncryptMsg();
}
}

重點是下面的這個HttpServletRequestWrapper，我重寫了它的getInputStream()方法，這個方法返回包含明文的ServletInputStream

Java代碼

public class MyRequestWrapper extends HttpServletRequestWrapper {
private HttpServletRequest request;
public MyRequestWrapper(HttpServletRequest request) {
super(request);
this.request = request;
}
/**
* 先解密，獲取明文；然后將明文轉化為字節數組；然后再去讀取字節數組中的內容
*/
@Override
public ServletInputStream getInputStream() {
String bizBindMsg = null;
ServletInputStream stream = null;
try {
stream = request.getInputStream();
bizBindMsg = IOUtils.toString(stream, "UTF-8");
} catch (IOException e) {
e.printStackTrace();
}
try {
bizBindMsg = URLDecoder.decode(bizBindMsg.toString(), "UTF-8");
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
System.out.println("MyRequestWrapper接收到的請求為: " + bizBindMsg);
/**
* 獲取加密的值進行解密
*/
final StringBuffer reqStr = new StringBuffer();
reqStr.append("param1=").append(
Base64EnDecrypt.base64Decode(bizBindMsg.substring(
bizBindMsg.indexOf("param1=") + 7,
bizBindMsg.indexOf("param2="))));
reqStr.append("&");
reqStr.append("param2=").append(
Base64EnDecrypt.base64Decode(bizBindMsg.substring(
bizBindMsg.indexOf("param2=") + 7,
bizBindMsg.indexOf("param3="))));
reqStr.append("&");
reqStr.append("param3=").append(
Base64EnDecrypt.base64Decode(bizBindMsg.substring(
bizBindMsg.indexOf("param3=") + 7,
bizBindMsg.indexOf("param4="))));
reqStr.append("&");
reqStr.append("param4=").append(
Base64EnDecrypt.base64Decode(bizBindMsg.substring(bizBindMsg
.indexOf("param4=") + 7)));
System.out.println("********MyRequestWrapper接收到的解密后的請求為*********");
System.out.println(reqStr.toString());
/**
* 將解密后的明文串放到buffer數組中
*/
byte[] buffer = null;
try {
buffer = reqStr.toString().getBytes("UTF-8");
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
final ByteArrayInputStream bais = new ByteArrayInputStream(buffer);
ServletInputStream newStream = new ServletInputStream() {
@Override
public int read() throws IOException {
return bais.read();
}
};
return newStream;
}
}

最后是簡單的Filter，在這里將加密后的ServletRequest重新包裝，交給SiServlet進行處理

Java代碼

public class EncryptFilter implements Filter {
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
chain.doFilter(new MyRequestWrapper((HttpServletRequest) request),
response);
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}

我的web.xml中是這樣配置的

Java代碼

<filter>
<filter-name>encryptFilter</filter-name>
<filter-class>com.test.filter.EncryptFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>encryptFilter</filter-name>
<url-pattern>/SiServlet</url-pattern>
</filter-mapping>

確保過濾器entyptFilter只攔截到SiServlet的請求即可。

運行AdcClient，可以看到下面的結果

這里的重點是MyRequestWrapper中重寫的getInputStream()方法。大家可以看看API中關於HttpServletRequest的用法http://tomcat.apache.org/tomcat-5.5-doc/servletapi/index.html。

http://lichuanbao.iteye.com/blog/1102138

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。