在filter中获取request的输入流以至于出现getInputStream() has already been called for this request问题的解决

最新推荐文章于 2024-03-06 13:11:09 发布
置顶 最新推荐文章于 2024-03-06 13:11:09 发布
阅读量1.9k 收藏 5
点赞数 1
分类专栏: java 文章标签: java spring
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_42581175/article/details/113705220
版权

通过Filter处理request数据,并对其进行校验

问题需求

现在需要对所有用户的输入数据请求进行处理,要求用户请求数据的数据不含有html的标签。对于该问题首先我们可以写一个filter过滤器,取出request中的数据,请求数据包括param和body的形式,也就是字符串拼接或者放在请求体中。取出数据后,在进行正则表达式校验就可以了。

出现的问题

思路就是这样,在写的过程中,但是由于我们从request中调用了getInputStream(),这样会导致,在controller层,我们使用@RequestBody注解获取数据时,出现getInputStream() has already been called for this request异常。因为request中的getRead() 和 getInputStream()在读取一次后标记为-1,无法再次被读取,而在@RequestBody在ServletServerHttpRequest中,也调用了getInputStream()方法所以如果数据在filter中被读取,将无法在@RequestBody中再次读取。当然如果传输的参数中存在文件,任然会有getInputStream() has already been called for this request异常,这个时候可以将自己文件上传的url过滤掉。

解决方法

我们设置一个私有变量用于存储原始request的body数据或者param数据,并重写getReader()和getInputStream()方法,这样我们在filter处理了body数据,又能在controller中用@RequestBody中获取到数据了此时解决方案,将request进行包装(装饰者模式),并重写getInputStream()和getRead()方法。

最后代码

filter类:
@Configuration
@Slf4j
public class HttpRequestParamFilter implements Filter {

    @Override
    public void init(FilterConfig filterConfig) {
        log.info("HttpRequestParamFilter init...");
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        //此处可以查询出所有的文件导入接口,排除掉文件上传导致ResponseBody失效引发的getInputStream() has already been called for this request异常
        List<String> uploadFileUrlList = new ArrayList<>();
        uploadFileUrlList.add("/ios/sysmgr/template/import");
        uploadFileUrlList.add("/ios/auth/app/upload");
        uploadFileUrlList.add("/doc.html");
        boolean exitUrl = true;
        for (String url : uploadFileUrlList) {
            if (url.equals(request.getServletPath())) {
                exitUrl = false;
                break;
            }
        }
        //获取param 参数并校验param中的参数
        String result = "";
        IRequestParamWrapper iRequestParamWrapper = new IRequestParamWrapper(request);
        String paramData = iRequestParamWrapper.getParam();
        if (paramData != null && !StringUtils.isEmpty(paramData)) {
            log.info("param===>{}", paramData);
            Map<String, String> resultMap = new HashMap<>(2);
            resultMap.put("code", "1");
            resultMap.put("illegalData", paramData);
            response.setContentType("application/x-www-form-urlencoded;charset=UTF-8");
            response.getOutputStream().write(JSON.toJSONString(resultMap).getBytes("UTF-8"));
            return;
        }
        //获取body参数
        IRequestBodyWrapper iRequestWrapper = null;
        if (exitUrl) {
            iRequestWrapper = new IRequestBodyWrapper(request);
            String bodyData = iRequestWrapper.getBody();
            if (bodyData != null && !StringUtils.isEmpty(bodyData)) {
                log.info("body====>{}", bodyData);
                result = CheckRequestParamUtil.regexBody(bodyData);
            }
            if (result != null && !StringUtils.isEmpty(result)) {
                log.info("body存在非法输入");
                Map<String, String> resultMap = new HashMap<>(2);
                resultMap.put("code", "1");
                resultMap.put("illegalData", result);
                response.setContentType(request.getContentType() + ";charset=UTF-8");
                response.getOutputStream().write(JSON.toJSONString(resultMap).getBytes("UTF-8"));
                return;
            }
        }
        filterChain.doFilter(iRequestWrapper != null ? iRequestWrapper : request, servletResponse);
    }

    @Override
    public void destroy() {
        log.info("HttpRequestParamFilter destroy....");
    }
}

//获取body数据
@Slf4j
public class IRequestBodyWrapper extends HttpServletRequestWrapper {

    /**
     * 记录request的body数据
     */
    private final String body;

    /**
     * 获取request body数据
     *
     * @param request
     * @throws IOException
     */
    public IRequestBodyWrapper(HttpServletRequest request) throws IOException {
        super(request);
        this.body = CheckRequestParamUtil.readHttpRequestBody(request);
    }

    public String getBody() {
        return body;
    }

    
    @Override
    public ServletInputStream getInputStream() {
        final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(body.getBytes());
        return new ServletInputStream() {
            @Override
            public boolean isFinished() {
                return false;
            }

            @Override
            public boolean isReady() {
                return false;
            }

            @Override
            public void setReadListener(ReadListener readListener) {

            }

            @Override
            public int read() {
                return byteArrayInputStream.read();
            }
        };
    }

    @Override
    public BufferedReader getReader() {
        return new BufferedReader(new InputStreamReader(this.getInputStream()));
    }
}

//获取param数据,并校验
@Slf4j
public class IRequestParamWrapper extends HttpServletRequestWrapper {

    /**
     * 记录request的body数据
     */
    private final String param;

    /**
     * 获取request param数据
     *
     * @param request
     * @throws IOException
     */
    public IRequestParamWrapper(HttpServletRequest request) throws IOException {
        super(request);
        this.param = CheckRequestParamUtil.readHttpRequestParam(request);
        System.out.println("param=" + param);
    }

    public String getParam() {
        return param;
    }


    @Override
    public ServletInputStream getInputStream() {
        final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(param.getBytes());
        return new ServletInputStream() {
            @Override
            public boolean isFinished() {
                return false;
            }

            @Override
            public boolean isReady() {
                return false;
            }

            @Override
            public void setReadListener(ReadListener readListener) {

            }

            @Override
            public int read() {
                return byteArrayInputStream.read();
            }
        };
    }

    @Override
    public BufferedReader getReader() {
        return new BufferedReader(new InputStreamReader(this.getInputStream()));
    }
}

//正则匹配工具类
@Slf4j
public class CheckRequestParamUtil {
    /**
     * 缓冲区大小
     */
    private static final int BUFFER_SIZE = 1024 * 8;
    /**
     * 匹配<script></script>标签
     */
    public static final String SCRIPT = "<script[^>]*>([^<]*)</script>";
    /**
     * 匹配<div></div> 标签正则
     */
    public static final String DIV = "<div[^>/]*>(.*?)</div>";
    /**
     * 匹配<form></form> 标签正则
     */
    public static final String FORM = "<form[^>]*>([^<]*)</form>";
    /**
     * 匹配<a></a> 标签正则表达式
     */
    public static final String A = "<a[^>]*>([^<]*)</a>";
    /**
     * 匹配input框标签
     */
    public static final String INPUT = "<input[^>/]*/>";

    public static final Map<String, String> regexMap = new HashMap<>(16);

    static {
        regexMap.put("<script></script>", SCRIPT);
        regexMap.put("<div></div>", DIV);
        regexMap.put("<input />", INPUT);
        regexMap.put("<a></a>", A);
        regexMap.put("<form></form>", FORM);
    }

    /**
     * 获取request请求中的参数
     *
     * @param request
     * @return
     */
    public static String readHttpRequestParam(HttpServletRequest request) {
        Map<String, Object> requestParamMap = new HashMap<>(16);
        Enumeration<String> paramNames = request.getParameterNames();
        while (paramNames.hasMoreElements()) {
            String paramName = paramNames.nextElement();
            String[] paramValues = request.getParameterValues(paramName);
            if (paramValues.length > 0) {
                String paramValue = paramValues[0];
                if (paramValue.length() != 0) {
                    requestParamMap.put(paramName, paramValue);
                }
            }
        }
        Set<Map.Entry<String, Object>> set = requestParamMap.entrySet();
        StringBuffer result = new StringBuffer();
        for (Map.Entry entry : set) {
            log.debug(entry.getKey() + ":" + entry.getValue());
            String temp = regexBody(entry.getValue().toString());
            if (temp != null || !StringUtils.isEmpty(temp)) {
                result.append(temp);
            }
        }
        return result.toString();
    }

    /**
     * 读取body中的数据
     *
     * @param request
     * @return
     * @throws IOException
     */
    public static String readHttpRequestBody(HttpServletRequest request) throws IOException {
        BufferedReader bufferedReader = request.getReader();
        StringWriter writer = new StringWriter();
        write(bufferedReader, writer);
        return writer.getBuffer().toString();
    }

    public static long write(Reader reader, Writer writer) throws IOException {
        return write(reader, writer, BUFFER_SIZE);
    }

    public static long write(Reader reader, Writer writer, int bufferSize) throws IOException {
        int read;
        long total = 0;
        char[] buf = new char[bufferSize];
        while ((read = reader.read(buf)) != -1) {
            writer.write(buf, 0, read);
            total += read;
        }
        return total;
    }

    /**
     * 校验是否存在完整html的标签数据
     *
     * @param body body数据
     * @return java.lang.String 提示信息
     */
    public static String regexBody(String body) {
        Iterator<Map.Entry<String, String>> entryIterator = regexMap.entrySet().iterator();
        StringBuffer result = new StringBuffer();
        while (entryIterator.hasNext()) {
            Map.Entry<String, String> entry = entryIterator.next();
            Pattern pattern = Pattern.compile(entry.getValue());
            Matcher matcher = pattern.matcher(body);
            if (matcher.find()) {
                result.append("(不合法标签内的内容:").append(matcher.group(0)).append(");");
            }
        }
        return result.toString();
    }
}

以上就是大致实现思路。

测试

测试字符串:
在这里插入图片描述
在这里插入图片描述

运行截图
在这里插入图片描述
在这里插入图片描述

@小码哥
关注
专栏目录
#12解决requestgetReader()和getInputStream()只能调用一次的问题
weixin_42718399的博客
02-22 2609
getInputStream() has already been called for this request,解决requestgetReader()和getInputStream()只能调用一次的问题
Spring Boot getReader() has already been called问题处理
ALEX_wxy的博客
05-09 1421
getReader() has already been called
getInputStream() has already been called for this request
MKNDG的专栏
09-06 1万+
在以multipart/form-data进行数据传输的时候,通过以下方式处理数据的时候 @RequestMapping(value = "/Devices/1000019$0/Events", method = RequestMethod.POST) public void getStream(HttpServletRequest servletRequest) throws IOException { dealDhData(servletRequest); }
异常:getInputStream() has already been called for this request
qq_36934544的博客
02-26 9431
异常:getInputStream() has already been called for this request... 造成异常的代码: 从请求获取body参数 BufferedReader reader = request.getReader(); while ((str = reader.readLine()) != null) { ...
getInputStream has already been called for this request 问题记录
07-27 4060
*** @desc 重复读取HttpServletRequest reader/inputstream/**try {if(ins!if(isr!} }/*** @desc 重复读取HttpServletRequest reader/inputstream/**try {if(ins!
web 文件上传以及getInputStream() has already been called for this request问题解决
qq_38849721的博客
07-17 8495
 效果图:  一、点击的按钮代码 &lt;button type="button" class="btn btn-default" onclick=""data-toggle="modal" data-target="#importExcelModel"&gt; &lt;i class="fa fa-cogs"&gt;&lt;/i&am
浅谈图片上传利用request.getInputStream()获取文件时遇到的问题
08-28
"浅谈图片上传利用request.getInputStream()获取文件时遇到的问题" 本文讨论了使用request....本文讨论了使用request.getInputStream()获取文件时遇到的问题,并提供了两种获取文件的方式和解决问题的方法。
完美解决request请求只能读取一次的问题
08-24
完美解决request请求只能读取一次的问题 在Web开发Request对象的InputStream只能读取一次,这是一个常见的限制。为了解决这个问题,我们可以自定义一个HttpServletRequestWrapper,覆写getInputStream()和...
获取request输入
ZHL's Blog
08-12 4769
前言 我们在进行请求进行拦截的时候经常会碰上这样一个问题,我们想要在拦截器filter获取request的请求,如果使用请求默认的getInputStream()方法或者getReader()方法获取数据,但是在后面的Controller使用@ResquestBody注解,我们读取不到request的body的值,这是因为request的body的数据只能通过getInputStrea...
getInputStream/getReader() has already been called for this request
只有那些疯狂到认为自己可以改变世界的人,才可以真的改变世界
11-07 1万+
getInputStream/getReader() has already been called for this request一、背景定义了一个安全校验过滤器,现在要获取请求参数。 通过request.getParameter获取请求参数,然而这种方式只能获取POST方式的Content-Type: application/x-www-form-urlencoded。 通过request.
解决只能读一次的问题,getInputStream() has already been called for this request
Henry_rwy的专栏
12-16 2872
场景:在aop的日志获取 post请求的json数据时报错,因为在后台 控制器的接口已经读取了,导致日志这里获取就会报错,需要重写请求的 getInputStream getReader,然后配置一个过滤器 1、requestWrapper public class StreamWrapper extends HttpServletRequestWrapper{ public String _body; public StreamWrapper(HttpServlet.
处理全局异常想要打印请求参数报错了 getinputstream() has already been called for this request
最新发布
xiaojiejie_baby的博客
03-06 2342
在编写处理全局异常时,想要打印出来异常请求的URL和参数等信息,但是在获取请求参数的时候报错了。
getReader()/getInputStream() has already been called for this request
热门推荐
滴滴哒滴滴的博客
03-11 2万+
项目需要在filterrequestbody的数据进行处理,发现了这个问题 getRead() has already been called for this request/getInputStream() has already been called for this request 工程读取request body的方法 public class RequestReadU...
getInputStream() has already been called for this request解决方法二
MKNDG的专栏
09-07 2432
HttpServletRequest读取的时候,出现如标题所示无法再读或者读出来表现为空的情况,是由于在框架或者其他地方已经读了一次。 在上一篇用了一种方式处理;在上一种方式,把HttpServletRequest全部实例化为MyRequestWrapper,用来保存副本;个人始终觉得不是很好。 今晚回家,思考了一下,用另外一种方式进行了处理,最终效果一致;记录如下: package net.dlet.dhdemo.configure; import net.dlet.dhdemo.util
问题:getInputStream() has already been called for this request
trymore的学习和分享
04-07 3763
问题描述: 2012-4-6 22:25:42 org.apache.catalina.core.StandardWrapperValve invoke 严重: Servlet.service() for servlet default threw exception java.lang.IllegalStateException: getInputStream() has already
java.lang.IllegalStateException: getInputStream() has already been called for this request
编程语言与各种框架(Java,python)
05-22 4999
java.lang.IllegalStateException: getInputStream() has already been called for this request 在使用HttpServletRequest获取post请求对象的方法如下 BufferedReader reader = req.getReader(); while (null != (line = reader.readLine())){ data.append(line); } 当某些时候, tomcat已经读取
getInputStream() has already been called for this request解决方法
05-27
这个错误通常出现在使用 ServletInputStream 读取请求体时,多次调用了 getInputStream() 方法。在 Servlet 规范,每个请求只能调用一次 getInputStream() 或 getReader() 方法,因为它们都是读取请求体的方法,多次调用会导致数据失。如果需要多次读取请求体,可以将请求体存储在一个变量,然后反复使用这个变量。 解决方法是,在读取完请求体后,将其存储在一个变量,然后反复使用这个变量。示例如下: ```java ServletInputStream inputStream = request.getInputStream(); byte[] requestBody = IOUtils.toByteArray(inputStream); // 将请求体读取到字节数组 // 使用字节数组进行业务处理 ``` 如果需要再次读取请求体,可以使用字节数组进行处理,而不是再次调用 getInputStream() 方法。 ```java // 再次读取请求体 String requestBodyStr = new String(requestBody, "UTF-8"); ``` 注意,每个请求只能调用一次 getReader() 或 getInputStream() 方法,否则会抛出 "getInputStream() has already been called for this request" 或 "getReader() has already been called for this request" 异常。
评论 4
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值