解决从request中只能获取一次post方式提交的参数
一.问题描述:
在给app做token验证的时候,要先在拦截器中获取到提交的参数并进行判断,如果携带的token不为空并且验证成功就放行,否则提示token验证失败。但是在interceptor中获取了参数之后,在controller中就获取不到参数了,因为在request中获取post方式提交的参数是从流中获取的,并且只能获取一次。
二.解决办法。
1.将参数存放到本地线程中(threadlocal)中。
2.是用servlet中的HttpServletRequestWrapper对request进行包装。
三.具体实现
@1将参数存放到本地线程(开发环境为jfinal)
1.新建一个类实现interceptor接口重写intercept方法
public class CheckTokenInterceptor implements Interceptor {
@Override
public void intercept(Invocation inv) {
String paras = inv.getController().getRawData();
if(StringUtils.isBlank(paras)){
inv.getController().renderJson(GeneralResponse.newInstanceTokenFail("参数为空",null));
return;
}
ThreadCacheUtils.setThreadLocalParams(paras);//使用threadlocal存储参数的方式
Map<String, Object> map = JSONObject.parseObject(paras);
String tokenKey = map.get("tokenKey").toString();
String tokenValue = map.get("tokenValue").toString();
if(StringUtils.isBlank(tokenKey) || StringUtils.isBlank(tokenValue)){
inv.getController().renderJson(GeneralResponse.newInstanceTokenFail("token为空",null));
return;
}
String value = jedisSet.get(tokenKey);
if(!tokenValue.equals(value)){
inv.getController().renderJson(GeneralResponse.newInstanceTokenFail("token认证失败",null));
return;
}else{
jedisSet.setEx(tokenKey, 60 * 60 * 24 * 7, tokenValue);
inv.invoke();
}
}
}
2.配置拦截器
jfinal拦截器的配置方式
3.threadlocal工具类
public class ThreadCacheUtils {
private static ThreadLocal<String> threadLocal = new ThreadLocal<>();
public static String getThreadLocalParams(){
return threadLocal.get();
}
public static void setThreadLocalParams(String params){
threadLocal.set(params);
}
public static void removeThreadLocalParams(){
threadLocal.remove();
}
}
将参数存放到本地线程(开发环境为springmvcl)
1.新建一个拦截器实现HandlerInterceptor接口重写preHandle(),postHandle(),afterCompletion()。
preHandle()在进入方法之前进行拦截。
postHandle()在进入方法之后,视图渲染之前拦截。
afterCompletion()在请求方法之后进行拦截。
拦截器
public class CheckTokenInterceptor implements HandlerInterceptor {
JedisUtil jedisUtil = JedisUtil.getInstance();
JedisUtil.Strings jedisSet= jedisUtil.new Strings();
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//第二种方式
byte[] bytes = IOUtils.toByteArray(request.getInputStream());
String paramStr = new String(bytes,request.getCharacterEncoding());
if(StringUtils.isBlank(paramStr)){
//认证失败 token为空
SendMsgUtil.sendJsonMessage(response, GeneralResponse.newInstanceTokenFail("token为空",null));
return false;
}
ThreadCacheUtils.setThreadLocalParams(paramStr);
Map<String,Object> paramMap = JSONObject.parseObject(paramStr);
String tokenKey = paramMap.get("tokenKey").toString();
String tokenValue = paramMap.get("tokenValue").toString();
if(StringUtils.isEmpty(tokenKey) || StringUtils.isEmpty(tokenValue)){
//认证失败 token为空
SendMsgUtil.sendJsonMessage(response, GeneralResponse.newInstanceTokenFail("token为空",null));
return false;
}
String value = jedisSet.get(tokenKey);
if(tokenValue.equals(value)){
jedisSet.setEx(tokenKey, 60 * 60 * 24 * 7, tokenValue);
return true;
}else{
//认证失败 token不正确
SendMsgUtil.sendJsonMessage(response,GeneralResponse.newInstanceTokenFail("token认证失败",null));
return false;
}
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
}
}
拦截器的配置
<mvc:interceptors>
<!-- 企业app验证token拦截器 -->
<mvc:interceptor>
<!--需要拦截 -->
<mvc:mapping path="/app/**" />
<!--不需要拦截 -->
<mvc:exclude-mapping path="/app/login/systemUserDoLogin.do" />
<mvc:exclude-mapping path="/app/login/messageLogin.do" />
<mvc:exclude-mapping path="/app/login/viewVerificationByregisterPhoneApp.do"/>
<bean class="com.shenhesoft.logistics.interceptor.CheckTokenInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
SendMsgUtil工具类
/**
*
* interceptor中返回json格式的数据
* */
public class SendMsgUtil {
/**
* 发送消息 text/html;charset=utf-8
* @param response
* @param str
* @throws Exception
*/
public static void sendMessage(HttpServletResponse response, String str) throws Exception {
response.setContentType("text/html; charset=utf-8");
PrintWriter writer = response.getWriter();
writer.print(str);
writer.close();
response.flushBuffer();
}
/**
* 将某个对象转换成json格式并发送到客户端
* @param response
* @param obj
* @throws Exception
*/
public static void sendJsonMessage(HttpServletResponse response, Object obj) throws Exception {
response.setContentType("application/json; charset=utf-8");
PrintWriter writer = response.getWriter();
writer.print(JSONObject.toJSONString(obj, SerializerFeature.WriteMapNullValue,
SerializerFeature.WriteDateUseDateFormat));
writer.close();
response.flushBuffer();
}
}
将参数存放到本地线程的方式,controller中获取参数的方式为:
<jfinal框架>
String paras = ThreadCacheUtils.getThreadLocalParams();
ThreadCacheUtils.removeThreadLocalParams();
Map<String, Object> jasonObject = JSONObject.parseObject(paras);
Map<String, Object> dataMap = jasonObject;
<springmvc框架>
public GeneralResponse listTbOrderWaitDispatchApp() {
Map<String, String> dataMap = ThreadCacheUtils.getMapParams();
.........
}
}
@2使用HttpServletRequestWrapper对request进行包装
1.创建拦截器实现HandlerInterceptor 接口
public class CheckTokenInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//第一种方式
WrappedHttpServletRequest wrappedHttpServletRequest = new WrappedHttpServletRequest(request);
Map<String, String> map = wrappedHttpServletRequest.getRequestParams();
if(map == null){
//认证失败 token为空
SendMsgUtil.sendJsonMessage(response, GeneralResponse.newInstanceTokenFail("token为空",null));
return false;
}
String tokenKey = map.get("tokenKey");
String tokenValue = map.get("tokenValue");
if(StringUtils.isEmpty(tokenKey) || StringUtils.isEmpty(tokenValue)){
//认证失败 token为空
SendMsgUtil.sendJsonMessage(response, GeneralResponse.newInstanceTokenFail("token为空",null));
return false;
}
String value = jedisSet.get(tokenKey);
if(tokenValue.equals(value)){
jedisSet.setEx(tokenKey, 60 * 60 * 24 * 7, tokenValue);
return true;
}else{
//认证失败 token不正确
SendMsgUtil.sendJsonMessage(response,GeneralResponse.newInstanceTokenFail("token认证失败",null));
return false;
}
}
}
2.拦截器的配置和上面的方式一样,根据框架选择相应的配置。
3.croller中接受参数的方式
WrappedHttpServletRequest request = new WrappedHttpServletRequest();
Map<String,String> map = request .getRequestParams();