場景描述:
在 Spring Boot 自定義攔截器中,需要對請求 body 中的內容做簽名驗證。在日志切面中,需要打印請求 body 中的內容。
報錯內容:
java.lang.IllegalStateException: getReader() has already been called for this request
at org.apache.catalina.connector.Request.getInputStream(Request.java:1069)
at org.apache.catalina.connector.RequestFacade.getInputStream(RequestFacade.java:365)
at com.igg.aggregate.server.aspect.LogAspect.before(LogAspect.java:80)
原因分析:
HttpServletRequest 的 getInputStream() 和 getReader() 都只能讀取一次,由於 Request Body 是流的形式讀取,那么
流讀了一次就沒有了,所以只能被調用一次。
解決辦法:
先將 Request Body 保存,然后通過 Servlet 自帶的 HttpServletRequestWrapper 類覆蓋 getReader() 和
getInputStream() 方法,使流從保存的body讀取。然后再Filter中將ServletRequest替換為AuthenticationRequestWrapper。
代碼示例:
public class MyRequestWrapper extends HttpServletRequestWrapper {
private byte[] body;
public MyRequestWrapper(HttpServletRequest request) throws IOException {
super(request);
StringBuilder sb = new StringBuilder();
String line;
BufferedReader reader = request.getReader();
while ((line = reader.readLine()) != null) {
sb.append(line);
}
String body = sb.toString();
this.body = body.getBytes(StandardCharsets.UTF_8);
}
public String getBody() {
return new String(body, StandardCharsets.UTF_8);
}
}
// 獲取請求body
try {
MyRequestWrapper myRequestWrapper = new MyRequestWrapper(request);
return myRequestWrapper.getBody();
} catch (IOException e) {
log.error("get request body exception", e);
throw new RuntimeException(e);
}
解決:getReader() has already been called for this request
在 Filter 中對 request 中的 body 進行參數簽名校驗, 會報如下錯誤:
getReader() has already been called for this request
原因是 request.getReader() 和 request.getInputStream() 都是只能調用一次
並且 getReader() 方法底層也是調用 getInputStream() 來實現的.
所以我們要使用 HttpServletRequestWrapper 來實現自定義的 CustomHttpServletRequestWrapper, 把 body 保存在 CustomHttpServletRequestWrapper 中, 並且重寫 getInputStream() 方法
public class CustomHttpServletRequestWrapper extends HttpServletRequestWrapper{ private byte[] body; public CustomHttpServletRequestWrapper(HttpServletRequest request) throws IOException { super(request); BufferedReader reader = request.getReader(); try (StringWriter writer = new StringWriter()) { int read; char[] buf = new char[1024 * 8]; while ((read = reader.read(buf)) != -1) { writer.write(buf, 0, read); } this.body = writer.getBuffer().toString().getBytes(); } } public byte[] getBody() { return body; } @Override public ServletInputStream getInputStream() throws IOException { ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(body); return new ServletInputStream() { @Override public int read() throws IOException { return byteArrayInputStream.read(); } @Override public void setReadListener(ReadListener listener) { } @Override public boolean isReady() { return false; } @Override public boolean isFinished() { return false; } }; } }
然后, 獲取 body 就調用 CustomHttpServletRequestWrapper 中的 getBody() 方法, 后面就使用
filterChain.doFilter(customHttpServletRequestWrapper, response);
就 OK 了