老大給了一個很實際的需求:有段程序,使用Http的方式與合作商交互,而且是明文傳輸數據。我方的代碼已經打包放在服務器上運行了很長時間,這時合作商突然要求修改數據傳輸的方式,要求加密后再傳輸,而我方的原有的代碼不能改變,以防止引發其它問題。
問:如何在不修改我方現有的代碼的前提下,滿足合作商的要求?
可能大家都想到了,只要加上一個過濾器Filter不就可以了嗎?事實就是這樣的,采用Filter+HttpServletRequestWrapper就可以解決這個問題。
首先:在filter中攔截到加密后的請求,將參數解密,然后組裝成一個新的明文請求串。
然后:重寫HttpServletRequestWrapper中的getInputStream()方法,讓其返回過濾器解析后的明文串即可。
具體代碼解釋如下。
首先我寫了兩個一摸一樣的servlet,一個用來直接接收合作商的明文請求並打印;一個用來接收Filter處理后的合作商的請求並打印(Filter中將合作商加密后的參數解密再傳給這個Servlet)。
- @WebServlet("/SiServlet")
- public class SiServlet extends HttpServlet {
- private static final long serialVersionUID = 1L;
- /**
- * @see HttpServlet#HttpServlet()
- */
- public SiServlet() {
- super();
- }
- /**
- * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doGet(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- this.doPost(request, response);
- }
- /**
- * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
- * response)
- *
- */
- protected void doPost(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- String bizBindMsg = IOUtils.toString(request.getInputStream(), "UTF-8");
- bizBindMsg = URLDecoder.decode(bizBindMsg.toString(), "UTF-8");
- System.out.println("SiServlet接收到請求為: " + bizBindMsg);
- response.getWriter().write("==========success=========");
- }
- }
- @WebServlet("/SiServletNormal")
- public class SiServletNormal extends HttpServlet {
- private static final long serialVersionUID = 1L;
- /**
- * @see HttpServlet#HttpServlet()
- */
- public SiServletNormal() {
- super();
- }
- /**
- * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doGet(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- this.doPost(request, response);
- }
- /**
- * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
- * response)
- *
- */
- protected void doPost(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- String bizBindMsg = IOUtils.toString(request.getInputStream(), "UTF-8");
- bizBindMsg = URLDecoder.decode(bizBindMsg.toString(), "UTF-8");
- System.out.println("SiServletNormal接收到請求為: " + bizBindMsg);
- response.getWriter()
- .write("==========SiServletNormal Success=========");
- }
- }
然后我使用HttpClient模擬了一下合作商發送明文和密文請求的過程,加密使用Base64簡單模擬一下。
- public class AdcClient {
- private HttpPost httpPost = null;
- private HttpClient client = null;
- private List<NameValuePair> pairs = null;
- public AdcClient() {
- httpPost = new HttpPost("http://localhost:8080/filtertest/SiServlet");
- client = new DefaultHttpClient();
- }
- /**
- * 發送明文消息
- *
- */
- public void sendMsg() {
- try {
- httpPost = new HttpPost(
- "http://localhost:8080/filtertest/SiServletNormal");
- pairs = new ArrayList<NameValuePair>();
- pairs.add(new BasicNameValuePair(("param1"), "obama沒加密"));
- pairs.add(new BasicNameValuePair(("param2"), "男沒加密"));
- pairs.add(new BasicNameValuePair(("param3"), "漢沒加密"));
- pairs.add(new BasicNameValuePair(("param4"), "山東沒加密"));
- httpPost.setEntity(new UrlEncodedFormEntity(pairs, "UTF-8"));
- // httpPost.setHeader("Cookie", "TOKEN=1234567890");
- HttpResponse response = client.execute(httpPost);
- HttpEntity entity = response.getEntity();
- BufferedReader br = new BufferedReader(new InputStreamReader(
- entity.getContent()));
- String line = null;
- StringBuffer result = new StringBuffer();
- while ((line = br.readLine()) != null) {
- result.append(line);
- line = br.readLine();
- }
- System.out.println("來自SiServletNormal的響應為:" + result.toString());
- } catch (UnsupportedEncodingException e) {
- e.printStackTrace();
- } catch (ClientProtocolException e) {
- e.printStackTrace();
- } catch (IOException e) {
- e.printStackTrace();
- }
- }
- /**
- * 發送加密后的消息
- */
- public void sendEncryptMsg() {
- try {
- pairs = new ArrayList<NameValuePair>();
- pairs.add(new BasicNameValuePair(("param1"), Base64EnDecrypt
- .base64Encode("obama")));
- pairs.add(new BasicNameValuePair(("param2"), Base64EnDecrypt
- .base64Encode("男")));
- pairs.add(new BasicNameValuePair(("param3"), Base64EnDecrypt
- .base64Encode("漢")));
- pairs.add(new BasicNameValuePair(("param4"), Base64EnDecrypt
- .base64Encode("山東")));
- HttpEntity reqEntity = new UrlEncodedFormEntity(pairs, "UTF-8");
- httpPost.setEntity(reqEntity);
- // httpPost.setHeader("Cookie", "TOKEN=1234567890");
- HttpResponse response = client.execute(httpPost);
- /**
- * 獲取響應信息
- */
- HttpEntity entity = response.getEntity();
- BufferedReader br = new BufferedReader(new InputStreamReader(
- entity.getContent()));
- String line = null;
- StringBuffer result = new StringBuffer();
- while ((line = br.readLine()) != null) {
- result.append(line);
- line = br.readLine();
- }
- System.out.println("來自SiServlet的響應為:" + result.toString());
- } catch (UnsupportedEncodingException e) {
- e.printStackTrace();
- } catch (ClientProtocolException e) {
- e.printStackTrace();
- } catch (IOException e) {
- e.printStackTrace();
- }
- }
- /**
- * @param args
- * @throws UnsupportedEncodingException
- */
- public static void main(String[] args) throws UnsupportedEncodingException {
- new AdcClient().sendMsg();
- new AdcClient().sendEncryptMsg();
- }
- }
重點是下面的這個HttpServletRequestWrapper,我重寫了它的getInputStream()方法,這個方法返回包含明文的ServletInputStream
- public class MyRequestWrapper extends HttpServletRequestWrapper {
- private HttpServletRequest request;
- public MyRequestWrapper(HttpServletRequest request) {
- super(request);
- this.request = request;
- }
- /**
- * 先解密,獲取明文;然后將明文轉化為字節數組;然后再去讀取字節數組中的內容
- */
- @Override
- public ServletInputStream getInputStream() {
- String bizBindMsg = null;
- ServletInputStream stream = null;
- try {
- stream = request.getInputStream();
- bizBindMsg = IOUtils.toString(stream, "UTF-8");
- } catch (IOException e) {
- e.printStackTrace();
- }
- try {
- bizBindMsg = URLDecoder.decode(bizBindMsg.toString(), "UTF-8");
- } catch (UnsupportedEncodingException e) {
- e.printStackTrace();
- }
- System.out.println("MyRequestWrapper接收到的請求為: " + bizBindMsg);
- /**
- * 獲取加密的值進行解密
- */
- final StringBuffer reqStr = new StringBuffer();
- reqStr.append("param1=").append(
- Base64EnDecrypt.base64Decode(bizBindMsg.substring(
- bizBindMsg.indexOf("param1=") + 7,
- bizBindMsg.indexOf("param2="))));
- reqStr.append("&");
- reqStr.append("param2=").append(
- Base64EnDecrypt.base64Decode(bizBindMsg.substring(
- bizBindMsg.indexOf("param2=") + 7,
- bizBindMsg.indexOf("param3="))));
- reqStr.append("&");
- reqStr.append("param3=").append(
- Base64EnDecrypt.base64Decode(bizBindMsg.substring(
- bizBindMsg.indexOf("param3=") + 7,
- bizBindMsg.indexOf("param4="))));
- reqStr.append("&");
- reqStr.append("param4=").append(
- Base64EnDecrypt.base64Decode(bizBindMsg.substring(bizBindMsg
- .indexOf("param4=") + 7)));
- System.out.println("********MyRequestWrapper接收到的解密后的請求為*********");
- System.out.println(reqStr.toString());
- /**
- * 將解密后的明文串放到buffer數組中
- */
- byte[] buffer = null;
- try {
- buffer = reqStr.toString().getBytes("UTF-8");
- } catch (UnsupportedEncodingException e) {
- e.printStackTrace();
- }
- final ByteArrayInputStream bais = new ByteArrayInputStream(buffer);
- ServletInputStream newStream = new ServletInputStream() {
- @Override
- public int read() throws IOException {
- return bais.read();
- }
- };
- return newStream;
- }
- }
最后是簡單的Filter,在這里將加密后的ServletRequest重新包裝,交給SiServlet進行處理
- public class EncryptFilter implements Filter {
- @Override
- public void destroy() {
- }
- @Override
- public void doFilter(ServletRequest request, ServletResponse response,
- FilterChain chain) throws IOException, ServletException {
- chain.doFilter(new MyRequestWrapper((HttpServletRequest) request),
- response);
- }
- @Override
- public void init(FilterConfig arg0) throws ServletException {
- }
- }
我的web.xml中是這樣配置的
- <filter>
- <filter-name>encryptFilter</filter-name>
- <filter-class>com.test.filter.EncryptFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>encryptFilter</filter-name>
- <url-pattern>/SiServlet</url-pattern>
- </filter-mapping>
確保過濾器entyptFilter只攔截到SiServlet的請求即可。
運行AdcClient,可以看到下面的結果
這里的重點是MyRequestWrapper中重寫的getInputStream()方法。大家可以看看API中關於HttpServletRequest的用法http://tomcat.apache.org/tomcat-5.5-doc/servletapi/index.html。
http://lichuanbao.iteye.com/blog/1102138