Java#Servlet规范#HTTP Protocol Parameters
场景
异构系统服务调用,约定传递xml结构数据,服务逻辑使用getInputStream获取数据并进行逻辑处理,后续由于服务的统一入口逻辑变更增加request parameter操作造成传递的结构数据被安全过滤和转义,进而影响到后续服务逻辑处理。
原因
服务调用方传递的contentType为application/x-www-form-urlencoded依据servlet规则会自动组装到request parameter中。
Servlet规范约定了传递到Servlet的数据填充到request.getParameter集合的规则,在与异构系统通信时如果没有明确约束会增加很多调试沟通成本。
资料
一、servlet-2_4-fr-spec.pdf
二、SRV.4.1.1 When Parameters Are Available
The following are the conditions that must be met before post form data will be populated to the parameter set:
1. The request is anHTTP or HTTPS request.
2. The HTTP method is POST.
3. The content type is application/x-www-form-urlencoded.
4. The servlet has made an initial call of any of the getParameter family of methods on the request object.
If the conditions are not met and the post form data is not included in the parameter set, the post data must still be available to the servlet via the request object’s input stream. If the conditions are met, post form data will no longer be available for reading directly from the request object’s input stream.