package com.cloud.models.conferencefillin.util;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.filter.OncePerRequestFilter;
import com.alibaba.fastjson.JSON;
import com.cloud.models.common.dto.ResCommonDto;
import lombok.extern.slf4j.Slf4j;
@Slf4j
@Component
public class TestFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
log.debug("processing authentication for '{}'", request.getRequestURL());
boolean flag = true;
ArrayList<String> badInfos = new ArrayList<String>();
badInfos.add("傻瓜");
badInfos.add("骗子");
if(request.getMethod().equals(RequestMethod.POST.name())) {
RequestWrapper requestWrapper = new RequestWrapper(request);
String body = requestWrapper.getBody();
for (String string : badInfos) {
if (body.contains(string)) {
flag=false;
break;
}
}
if (!flag) {
response.setContentType("application/json; charset=UTF-8");
PrintWriter out = response.getWriter();
ResCommonDto resCommonDto = new ResCommonDto();
out.println(JSON.toJSONString(resCommonDto.setErrorMessage("参数包含敏感信息")));
out.flush();
} else {
chain.doFilter(requestWrapper, response);
}
} else {
chain.doFilter(request, response);
}
}
}
package com.cloud.models.conferencefillin.util;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
public class RequestWrapper extends HttpServletRequestWrapper {
private String body;
public RequestWrapper(HttpServletRequest request) throws IOException {
super(request);
StringBuilder stringBuilder = new StringBuilder();
BufferedReader bufferedReader = null;
try {
InputStream inputStream = request.getInputStream();
if (inputStream != null) {
bufferedReader = new BufferedReader(new InputStreamReader(inputStream,"UTF-8"));
char[] charBuffer = new char[128];
int bytesRead = -1;
while ((bytesRead = bufferedReader.read(charBuffer)) > 0) {
stringBuilder.append(charBuffer, 0, bytesRead);
}
} else {
stringBuilder.append("");
}
} catch (IOException ex) {
throw ex;
} finally {
if (bufferedReader != null) {
try {
bufferedReader.close();
} catch (IOException ex) {
throw ex;
}
}
}
body = stringBuilder.toString();
}
@Override
public ServletInputStream getInputStream() throws IOException {
final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(body.getBytes());
ServletInputStream servletInputStream = new ServletInputStream() {
public boolean isFinished() {
return false;
}
public boolean isReady() {
return false;
}
public void setReadListener(ReadListener readListener) {}
public int read() throws IOException {
return byteArrayInputStream.read();
}
};
return servletInputStream;
}
@Override
public BufferedReader getReader() throws IOException {
return new BufferedReader(new InputStreamReader(this.getInputStream(),"UTF-8"));
}
public String getBody() {
return this.body;
}
}