HttpServletRequestWrapper、HttpServletResponseWrapper结合 过滤器 实现接口的加解密、国际化

news/2025/2/19 9:42:12/

目录

一、HttpServletRequestWrapper代码

二、HttpServletRequestWrapper代码

三、加解密过滤器代码

四、国际化过滤器代码

一、HttpServletRequestWrapper代码

package com.vteam.uap.security.httpWrapper;import jakarta.servlet.ReadListener;
import jakarta.servlet.ServletInputStream;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequestWrapper;import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;/*** @author Miller.Lai* @description: 请求装饰器* @date 2023-12-18 11:09:46*/
public class RequestWrapper extends HttpServletRequestWrapper {private byte[] bytes;private HttpServletRequest request;/*** @param request*/public RequestWrapper(HttpServletRequest request) {super(request);this.request = request;}public String getRequestBody() throws IOException {try (BufferedInputStream bis = new BufferedInputStream(request.getInputStream());ByteArrayOutputStream baos = new ByteArrayOutputStream()) {byte[] buffer = new byte[1024];int len;while ((len = bis.read(buffer)) > 0) {baos.write(buffer, 0, len);}bytes = baos.toByteArray();String body = new String(bytes);return body;} catch (IOException ex) {throw ex;}}public void setRequestBody(String body){bytes = body.getBytes();}public ServletInputStream getInputStream() throws IOException {final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes);return new ServletInputStream() {@Overridepublic boolean isFinished() {return false;}@Overridepublic boolean isReady() {return false;}@Overridepublic void setReadListener(ReadListener readListener) {}@Overridepublic int read() throws IOException {return byteArrayInputStream.read();}};}}

二、HttpServletRequestWrapper代码

package com.vteam.uap.security.httpWrapper;import jakarta.servlet.ServletOutputStream;
import jakarta.servlet.WriteListener;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletResponseWrapper;import java.io.*;/*** @author Miller.Lai* @description: 响应装饰器* @date 2023-12-15 13:29:16*/
public class ResponseWrapper extends HttpServletResponseWrapper {private ByteArrayOutputStream outputStream;public byte[] getResponseData(){try {outputStream.flush();} catch (IOException e) {e.printStackTrace();}return outputStream.toByteArray();}public ResponseWrapper(HttpServletResponse response) {super(response);this.outputStream =new ByteArrayOutputStream();}@Overridepublic PrintWriter getWriter() throws IOException {return new PrintWriter(outputStream);}@Overridepublic ServletOutputStream getOutputStream() throws IOException {return new ServletOutputStream() {@Overridepublic boolean isReady() {return false;}@Overridepublic void setWriteListener(WriteListener listener) {}@Overridepublic void write(int b) throws IOException {outputStream.write(b);}};}
}

三、加解密过滤器代码

package com.vteam.uap.core.filter;import com.alibaba.fastjson2.JSON;
import com.alibaba.fastjson2.JSONObject;
import com.vteam.uap.common.util.*;
import com.vteam.uap.security.codec.CodecProperties;
import com.vteam.uap.security.httpWrapper.RequestWrapper;
import com.vteam.uap.security.httpWrapper.ResponseWrapper;
import jakarta.annotation.Resource;
import jakarta.servlet.Filter;
import jakarta.servlet.*;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.ArrayUtils;
import org.springframework.util.PatternMatchUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;import java.io.IOException;
import java.util.Objects;/*** @author Miller.Lai* @description:  加解码过滤器* @date 2023-12-15 16:46:03*/
@Slf4j
public class CodecFilter implements Filter {@Resourceprotected CodecProperties codecProperties;@Overridepublic void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {// 请求解密if (codecProperties.isApiEnable() && !isIgnore() && ("POST".equals(((HttpServletRequest)request).getMethod().trim().toUpperCase())) && "application/json".equals(request.getContentType().trim().toLowerCase())){RequestWrapper requestWrapper = new RequestWrapper((HttpServletRequest) request);String bodyStr =  requestWrapper.getRequestBody();if(StringUtils.isNotBlank(bodyStr)){JSONObject bodyJson = JSONObject.parseObject(bodyStr);Object data = bodyJson.get("data");if(data != null && data instanceof String && ((String)data).trim().length () !=0 ){if (log.isDebugEnabled()) {log.debug("解密 API 请求消息:type={}, requestBody={}",requestWrapper.getMethod(), bodyJson.toJSONString());}String plainText = AesUtils.decrypt((String) data, AesUtils.Mode.API,codecProperties.getAesKey(),codecProperties.getAesIv(),codecProperties.isDbEnable());bodyJson.put("data",JSONObject.parseObject(plainText));requestWrapper.setRequestBody(bodyJson.toJSONString());}}// 包装响应对象ResponseWrapper responseWrapper = new ResponseWrapper((HttpServletResponse) response);chain.doFilter(requestWrapper, responseWrapper);// 拿到响应对象byte[] responseData = responseWrapper.getResponseData();if("application/json".equals(responseWrapper.getContentType().trim().toLowerCase())){String originalResulet = new String(responseData);JSONObject jsonObject  =JSONObject.parseObject(originalResulet);// 拿到响应对象中的dataObject data = jsonObject.get("data");if(data != null){String encText = AesUtils.encrypt(JSON.toJSONString(data), AesUtils.Mode.API,codecProperties.getAesKey(),codecProperties.getAesIv(),codecProperties.isDbEnable());jsonObject.put("data", encText);}responseData = jsonObject.toJSONString().getBytes("utf-8");}HttpServletResponse httpServletResponse = (HttpServletResponse) response;response.setContentLength(responseData.length);httpServletResponse.getOutputStream().write(responseData);httpServletResponse.getOutputStream().flush();}else{// 处理业务逻辑chain.doFilter(request, response);}}@Overridepublic void destroy() {}protected boolean isIgnore() {boolean isIgnore = false;String[] ignoreUrl = codecProperties.getIgnoreUrl();if (ArrayUtils.isNotEmpty(ignoreUrl)) {HttpServletRequest request =((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getRequest();for (String s : ignoreUrl) {if (PatternMatchUtils.simpleMatch(s, request.getRequestURI())) {isIgnore = true;break;}}}return isIgnore;}}

四、国际化过滤器代码

package com.vteam.uap.core.filter;import com.alibaba.fastjson2.JSONObject;
import com.vteam.uap.common.constant.CommonConstants;
import com.vteam.uap.common.util.GlobalConstants;
import com.vteam.uap.common.util.I18NUtils;
import com.vteam.uap.common.util.StringUtils;
import com.vteam.uap.common.util.UuidUtil;
import com.vteam.uap.security.httpWrapper.ResponseWrapper;
import jakarta.servlet.*;
import jakarta.servlet.Filter;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.ArrayUtils;
import org.slf4j.MDC;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.util.PatternMatchUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;import java.io.IOException;
import java.util.Objects;/*** @author Miller.Lai* @description:* @date 2023-12-15 16:46:03*/
@Slf4j
public class I18NFilter implements Filter {@Value("${uap.i18n.enable:false}")private boolean i18nEnable;@Value("${uap.i18n.language:zh_CN}")private String language;@Value("${uap.i18n.ignore-url:/doc.html,/webjars/**,/v3/api-docs/**,/actuator**,/favicon.ico}")private String ignoreUrl;@Value("${uap.response.msg.include-request-id:false}")private boolean msgIncludeRequestId;public I18NFilter() {}@Overridepublic void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {// 如果开启了国际化则进行国际化处理if (i18nEnable && !isIgnore()) {// 包装响应对象ResponseWrapper customResponseWrapper = new ResponseWrapper((HttpServletResponse) response);// 处理业务逻辑chain.doFilter(request, customResponseWrapper);// 拿到响应对象byte[] responseData = customResponseWrapper.getResponseData();if("application/json".equals(customResponseWrapper.getContentType().trim().toLowerCase())){String originalResulet = new String(responseData);JSONObject jsonObject  =JSONObject.parseObject(originalResulet);// 拿到响应对象中的msgString msg = (String)jsonObject.get("msg");String i18nMsg = null;if ( StringUtils.isNotBlank(msg) ) {HttpServletRequest httpServletRequest = (HttpServletRequest) request;String languageInheader = httpServletRequest.getHeader("Language");// 优先使用请求头里的国际化语言if (languageInheader != null) {i18nMsg = I18NUtils.getI18N(msg, languageInheader);} else {i18nMsg = I18NUtils.getI18N(msg, language);}}else if( StringUtils.isNotBlank(msg) ){// 不进行国际化也要清除相关缓存I18NUtils.getActualContainBraceMsgParamMap().remove(msg+GlobalConstants.Symbol.UNDERLINE+Thread.currentThread().getId());I18NUtils.getActualContainBraceMsgMap().remove(msg+GlobalConstants.Symbol.UNDERLINE+Thread.currentThread().getId());}if(i18nMsg != null ){msg = i18nMsg;}if(msg == null){msg = "";}// 如果线程号不存在,则进行设置if(StringUtils.isEmpty(MDC.get("UUID"))){MDC.put("UUID", UuidUtil.getShortUuid());}// msg中携带请求id返回if(msgIncludeRequestId ){msg = MDC.get("UUID") + GlobalConstants.Symbol.SPACE + msg ;}jsonObject.put("msg", msg);responseData =  jsonObject.toJSONString().getBytes("utf-8");}HttpServletResponse httpServletResponse = (HttpServletResponse) response;response.setContentLength(responseData.length);httpServletResponse.getOutputStream().write(responseData);httpServletResponse.getOutputStream().flush();}else{// 处理业务逻辑chain.doFilter(request, response);}}@Overridepublic void destroy() {}protected boolean isIgnore() {boolean isIgnore = false;if(StringUtils.isEmpty(ignoreUrl)){return false;}String[] ignoreUrls = ignoreUrl.split(CommonConstants.Symbol.COMMA);if (ArrayUtils.isNotEmpty(ignoreUrls)) {HttpServletRequest request =((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getRequest();for (String s : ignoreUrls) {if (PatternMatchUtils.simpleMatch(s, request.getRequestURI())) {isIgnore = true;break;}}}return isIgnore;}
}

五、过滤器注册

    /*** 国际化过滤器* @return*/@Beanpublic I18NFilter i18NFilter() {return new I18NFilter();}@Beanpublic FilterRegistrationBean i18NFilterRegistrationBean() {// 新建过滤器注册类FilterRegistrationBean registration = new FilterRegistrationBean();// 添加自定义 过滤器registration.setFilter(i18NFilter());// 设置过滤器的URL模式registration.addUrlPatterns("/*");//设置过滤器顺序registration.setOrder(4);return registration;}/*** 请求加解密过滤器* @return*/@Beanpublic CodecFilter codecFilter() {return new CodecFilter();}@Beanpublic FilterRegistrationBean codecFilterRegistrationBean() {// 新建过滤器注册类FilterRegistrationBean registration = new FilterRegistrationBean();// 添加自定义 过滤器registration.setFilter(codecFilter());// 设置过滤器的URL模式registration.addUrlPatterns("/*");//设置过滤器顺序registration.setOrder(3);return registration;}


http://www.ppmy.cn/news/1280630.html

相关文章

基于多反应堆的高并发服务器【C/C++/Reactor】(中)Dispatcher模块的实现思路

基于多反应堆的高并发服务器【C/C++/Reactor】(中)Dispatcher模块的实现思路

(四)Dispatcher模块的实现思路 关于dispatcher,它应该是反应堆模型里边的核心组成部分,因为如果说这个反应堆模型里边有事件需要处理,或者说有事件需要检测,那么是需要通过这个poll、epoll 或者 select来完…
阅读更多...
uni-app之HelloWorld实现

uni-app之HelloWorld实现

锋哥原创的uni-app视频教程: 2023版uniapp从入门到上天视频教程(Java后端无废话版),火爆更新中..._哔哩哔哩_bilibili2023版uniapp从入门到上天视频教程(Java后端无废话版),火爆更新中...共计23条视频,包括:第1讲 uni…
阅读更多...
基于STM32的DS1302实时时钟模块应用及原理介绍

基于STM32的DS1302实时时钟模块应用及原理介绍

在嵌入式系统中,实时时钟模块是一个常见的功能模块,用于记录和管理系统的时间信息。DS1302是一款低功耗、具有多种功能的实时时钟芯片,被广泛应用于各种电子产品中。本文将介绍基于STM32微控制器的DS1302实时时钟模块的应用及原理&#xff0c…
阅读更多...
TCP:IP原理

TCP:IP原理

TCP/IP 原理 TCP/IP 协议不是 TCP 和 IP 这两个协议的合称,而是指因特网整个 TCP/IP 协议族。从协议分层模型方面来讲,TCP/IP 由四个层次组成:网络接口层、网络层、传输层、应用层。 网络访问层(Network Access Layer) 网络访问层(Network …
阅读更多...
恶意软件分析沙箱在网络安全策略中处于什么位置?

恶意软件分析沙箱在网络安全策略中处于什么位置?

恶意软件分析沙箱提供了一种全面的恶意软件分析方法,包括静态和动态技术。这种全面的评估可以更全面地了解恶意软件的功能和潜在影响。然而,许多组织在确定在其安全基础设施中实施沙箱的最有效方法方面面临挑战。让我们看一下可以有效利用沙盒解决方案的…
阅读更多...
DP读书:《openEuler操作系统》(六)文件系统

DP读书:《openEuler操作系统》(六)文件系统

10min速通文件系统 文件系统概述硬件基础磁盘和磁盘驱动器磁盘读写操作数据传输控制 文件系统中的基本概念文件目录文件系统 尽管内存的访问速度很快,但因其容量十分的有限,而且一旦断电,保存其中的数据就会丢失。用户希望数据保存的更大并且…
阅读更多...
mac m1芯片 pytorch安装及gpu性能测试

mac m1芯片 pytorch安装及gpu性能测试

pytorch 使用mac的m1芯片进行模型训练。 #小结:在数据量小和模型参数少,batch_size小时,cpu训练更快(原因:每次训练时数据需要放入GPU中,由于batch_size小。数据放入gpu比模型计算时间还长) 在…
阅读更多...
TikTok真题第3天 | 856.括号的分数、2115. 从给定原材料中找到所有可以做出的菜、394.字符串解码

TikTok真题第3天 | 856.括号的分数、2115. 从给定原材料中找到所有可以做出的菜、394.字符串解码

856.括号的分数 题目链接:856.score-of-parentheses 解法: leetcode官方的题解基本是每个字都认得,连起来就看不懂。 使用栈来解决,后进先出,后面加入的左括号,先弹出和右括号去匹配。定义一个记录分数…
阅读更多...
最新文章

Copyright @ 2022~2023