浅入java架构-Filter-篡改RequestBody

浅入java架构-Filter-篡改RequestBody

没干过几年的朋友，一定会问：为啥要篡改RequestBody？

这里笔者不想过多解释了，列举个场景：

eg：一个大型项目，分为N个模块去开发，分别在东北、华北、华东都有研发中心，其中系统登录、注册、认证等基础功能在东北地区研发，转账、汇款、理财等业务功能有我在华北地区研发，聊天、论坛等边缘辅助功能安排在华东地区研发。

为了达到模块低耦合的最佳效果，每个地区分别立项各自的服务器、应用、设计各自的UI页面，此时用户发起转账交易的时候，只能从cookie中拿到用户登录的唯一标识（userId），而转账服务会用到userId。

此时有三种方式处理userId传到服务中：

一、在每一个需要用到userId的控制器中get到userId，再塞到请求对象（RequestBody）中，（代码重复性太强）

二、定义一个baseControler类，由需要用到userId的控制器继承，其中实现一，（如果是做代码重构，工作量太大）

三、定义Filter，从cookie中获取userId后，在塞到请求对象（RequestBody）

毋庸置疑，选择第三种，这种系统级别的优化功能，跟业务层面没有关系，应该保持透明化

步骤一：web.xml中声明过滤器：NormFilter

		RequestFilter
		com.front.web.filter.RequestFilter
		
			encoding
			utf-8
		
	
	
		RequestFilter
		/web/*
	

步骤二：创建过滤器：RequestFilter

/**
 * @ClassName RequestFilter
 * @Description 篡改requestbody过滤器
 * @author lisheng
 * @Date 2016年6月14日 下午4:51:56
 * @version 1.0.0
 */
public class RequestFilter implements Filter {
    private final Logger logger = LoggerFactory.getLogger(getClass());
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @SuppressWarnings("unchecked")
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        // 获取request
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        if (request.getMethod().toUpperCase().equals("GET")) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else if (request.getMethod().toUpperCase().equals("POST")) {
            // 错误对象
        	ClientResponse> baseResponseDto = ClientResponse.respFail();
            HttpServletRequestWapper requestWapper = new HttpServletRequestWapper(request);
            try {
                String jsonRequest = getJsonRequest(request, requestWapper);
                if (StringUtils.isNotEmpty(jsonRequest)) {
                    try {
                        Map requestMap = JsonUtil.json2Map(jsonRequest);
                        BaseReq baseReq = JsonUtil.json2Object(jsonRequest, BaseReq.class);
                        String userId = CookieUtils.getCookieValue(request, "userId", "");
                        requestMap.put("userId", userId);
                        baseReq.setUserId(userId);
                        requestWapper.setBody(JsonUtil.toJson(requestMap), baseReq);
                        filterChain.doFilter(requestWapper, servletResponse);
                        return;
                    } catch (Exception e) {
                        logger.error("doFilter 异常:", e);
                    }
                }
            } catch (Exception e) {
                logger.error("过滤器异常：", e);
            }
            servletResponse.setContentType("application/json; charset=utf-8");
            servletResponse.setCharacterEncoding("UTF-8");
            OutputStream out = servletResponse.getOutputStream();
            out.write(JsonUtil.toJson(baseResponseDto).getBytes("UTF-8"));
            out.flush();
        }
    }

    @Override
    public void destroy() {

    }
}

三、创建request转换类：HttpServletRequestWapper

/**
 * @ClassName HttpServletRequestWapper
 * @Description 重置requestbody
 * @author lisheng
 * @Date 2016年6月14日 下午4:50:30
 * @version 1.0.0
 */
public class HttpServletRequestWapper extends HttpServletRequestWrapper {

    private byte[] body;

    private String bodyStr;
    
    private HttpServletRequest request;

    public HttpServletRequestWapper(HttpServletRequest request) throws UnsupportedEncodingException {
    	super(request);
    	String bodyString = HttpHelper.getBodyString(request);
        body = StringUtils.isEmpty(bodyString) ? null : bodyString.getBytes("UTF-8");
        this.request = request;
    }

    public void setBody(String body, BaseReq baseReq) throws UnsupportedEncodingException {
    	this.request.setAttribute("bodyStr", body);
    	this.request.setAttribute("baseReq", baseReq);
        bodyStr = body;
        this.body = body.getBytes("UTF-8");
    }

    public String getBodyStr() {
        return bodyStr;
    }

    @Override
    public BufferedReader getReader() throws IOException {
        return new BufferedReader(new InputStreamReader(getInputStream(),getCharacterEncoding()));
    }

    @Override
    public ServletInputStream getInputStream() throws IOException {
        final ByteArrayInputStream bais = new ByteArrayInputStream(body);
        return new ServletInputStream() {
            public boolean isFinished() {
                return false;
            }

            public boolean isReady() {
                return false;
            }

            public void setReadListener(ReadListener readListener) {

            }

            @Override
            public int read() throws IOException {
                return bais.read();
            }
        };
    }
}

以上操作可以将request中的参数塞进Body中。