struts2 源码分析 request ---设置setParameters 的值 二

StrutsRequestWrapper
/*    */ package org.apache.struts2.dispatcher;
/*    */ 
/*    */ import com.opensymphony.xwork2.ActionContext;
/*    */ import com.opensymphony.xwork2.util.ValueStack;
/*    */ import javax.servlet.http.HttpServletRequest;
/*    */ import javax.servlet.http.HttpServletRequestWrapper;
/*    */ 
/*    */ public class StrutsRequestWrapper extends HttpServletRequestWrapper
/*    */ {
/*    */   public StrutsRequestWrapper(HttpServletRequest req)
/*    */   {
/* 49 */     super(req);
/*    */   }
/*    */ 
/*    */   public Object getAttribute(String s)
/*    */   {
/* 58 */     if ((s != null) && (s.startsWith("javax.servlet")))
/*    */     {
/* 61 */       return super.getAttribute(s);
/*    */     }
/*    */ 
/* 64 */     ActionContext ctx = ActionContext.getContext();
/* 65 */     Object attribute = super.getAttribute(s);
/* 66 */     if ((ctx != null) && 
/* 67 */       (attribute == null)) {
/* 68 */       boolean alreadyIn = false;
/* 69 */       Boolean b = (Boolean)ctx.get("__requestWrapper.getAttribute");
/* 70 */       if (b != null) {
/* 71 */         alreadyIn = b.booleanValue();
/*    */       }
/*    */ 
/* 76 */       if ((!alreadyIn) && (s.indexOf("#") == -1)) {
/*    */         try
/*    */         {
/* 79 */           ctx.put("__requestWrapper.getAttribute", Boolean.TRUE);
/* 80 */           ValueStack stack = ctx.getValueStack();
/* 81 */           if (stack != null)
/* 82 */             attribute = stack.findValue(s);
/*    */         }
/*    */         finally {
/* 85 */           ctx.put("__requestWrapper.getAttribute", Boolean.FALSE);
/*    */         }
/*    */       }
/*    */     }
/*    */ 
/* 90 */     return attribute;
/*    */   }
/*    */ }

/* Location:           C:\Documents and Settings\wb_zypt\妗岄潰\lib\struts2-core-2.2.1.1.jar
 * Qualified Name:     org.apache.struts2.dispatcher.StrutsRequestWrapper
 * JD-Core Version:    0.6.0
 */
 



MultiPartRequestWrapper

 

package org.apache.struts2.dispatcher.multipart;

import com.opensymphony.xwork2.util.logging.Logger;
import com.opensymphony.xwork2.util.logging.LoggerFactory;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
import org.apache.struts2.dispatcher.StrutsRequestWrapper;

public class MultiPartRequestWrapper extends StrutsRequestWrapper
{
  protected static final Logger LOG = LoggerFactory.getLogger(MultiPartRequestWrapper.class);
  Collection<String> errors;
  //struts2是默认是从这个里面去取值的。没有的话才去原生request里面去取值
  MultiPartRequest multi;

  public MultiPartRequestWrapper(MultiPartRequest multiPartRequest, HttpServletRequest request, String saveDir)
  {
    super(request);

    this.multi = multiPartRequest;
    try {
      this.multi.parse(request, saveDir);
      for (i$ = this.multi.getErrors().iterator(); i$.hasNext(); ) { Object o = i$.next();
        String error = (String)o;
        addError(error);
      }
    }
    catch (IOException e)
    {
      Iterator i$;
      addError("Cannot parse request: " + e.toString());
    }
  }

  public Enumeration<String> getFileParameterNames()
  {
    if (this.multi == null) {
      return null;
    }

    return this.multi.getFileParameterNames();
  }

  public String[] getContentTypes(String name)
  {
    if (this.multi == null) {
      return null;
    }

    return this.multi.getContentType(name);
  }

  public File[] getFiles(String fieldName)
  {
    if (this.multi == null) {
      return null;
    }

    return this.multi.getFile(fieldName);
  }

  public String[] getFileNames(String fieldName)
  {
    if (this.multi == null) {
      return null;
    }

    return this.multi.getFileNames(fieldName);
  }

  public String[] getFileSystemNames(String fieldName)
  {
    if (this.multi == null) {
      return null;
    }

    return this.multi.getFilesystemName(fieldName);
  }

  public String getParameter(String name)
  {
    return (this.multi == null) || (this.multi.getParameter(name) == null) ? super.getParameter(name) : this.multi.getParameter(name);
  }

  public Map getParameterMap()
  {
    Map map = new HashMap();
    Enumeration enumeration = getParameterNames();

    while (enumeration.hasMoreElements()) {
      String name = (String)enumeration.nextElement();
      map.put(name, getParameterValues(name));
    }

    return map;
  }

  public Enumeration getParameterNames()
  {
    if (this.multi == null) {
      return super.getParameterNames();
    }
    return mergeParams(this.multi.getParameterNames(), super.getParameterNames());
  }

  public String[] getParameterValues(String name)
  {
    return (this.multi == null) || (this.multi.getParameterValues(name) == null) ? super.getParameterValues(name) : this.multi.getParameterValues(name);
  }

  public boolean hasErrors()
  {
    return (this.errors != null) && (!this.errors.isEmpty());
  }

  public Collection<String> getErrors()
  {
    return this.errors;
  }

  protected void addError(String anErrorMessage)
  {
    if (this.errors == null) {
      this.errors = new ArrayList();
    }

    this.errors.add(anErrorMessage);
  }

  protected Enumeration mergeParams(Enumeration params1, Enumeration params2)
  {
    Vector temp = new Vector();

    while (params1.hasMoreElements()) {
      temp.add(params1.nextElement());
    }

    while (params2.hasMoreElements()) {
      temp.add(params2.nextElement());
    }

    return temp.elements();
  }
}

 

 MultiPartRequest 

 

package org.apache.struts2.dispatcher.multipart;

import com.opensymphony.xwork2.inject.Inject;
import com.opensymphony.xwork2.util.logging.Logger;
import com.opensymphony.xwork2.util.logging.LoggerFactory;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.fileupload.RequestContext;
import org.apache.commons.fileupload.disk.DiskFileItem;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;

public class JakartaMultiPartRequest
  implements MultiPartRequest
{
  static final Logger LOG = LoggerFactory.getLogger(MultiPartRequest.class);

  protected Map<String, List<FileItem>> files = new HashMap();

  protected Map<String, List<String>> params = new HashMap();

  protected List<String> errors = new ArrayList();
  protected long maxSize;

  @Inject("struts.multipart.maxSize")
  public void setMaxSize(String maxSize)
  {
    this.maxSize = Long.parseLong(maxSize);
  }

  public void parse(HttpServletRequest request, String saveDir)
    throws IOException
  {
    try
    {
      processUpload(request, saveDir);
    } catch (FileUploadException e) {
      LOG.warn("Unable to parse request", e, new String[0]);
      this.errors.add(e.getMessage());
    }
  }

  private void processUpload(HttpServletRequest request, String saveDir) throws FileUploadException, UnsupportedEncodingException {
    for (FileItem item : parseRequest(request, saveDir)) {
      if (LOG.isDebugEnabled()) {
        LOG.debug("Found item " + item.getFieldName(), new String[0]);
      }
      if (item.isFormField())
        processNormalFormField(item, request.getCharacterEncoding());
      else
        processFileField(item);
    }
  }

  private void processFileField(FileItem item)
  {
    LOG.debug("Item is a file upload", new String[0]);

    if ((item.getName() == null) || (item.getName().trim().length() < 1)) {
      LOG.debug("No file has been uploaded for the field: " + item.getFieldName(), new String[0]);
      return;
    }
    List values;
    List values;
    if (this.files.get(item.getFieldName()) != null)
      values = (List)this.files.get(item.getFieldName());
    else {
      values = new ArrayList();
    }

    values.add(item);
    this.files.put(item.getFieldName(), values);
  }

  private void processNormalFormField(FileItem item, String charset) throws UnsupportedEncodingException {
    LOG.debug("Item is a normal form field", new String[0]);
    List values;
    List values;
    if (this.params.get(item.getFieldName()) != null)
      values = (List)this.params.get(item.getFieldName());
    else {
      values = new ArrayList();
    }

    if (charset != null)
      values.add(item.getString(charset));
    else {
      values.add(item.getString());
    }
    this.params.put(item.getFieldName(), values);
  }
  //解析request的值
  private List<FileItem> parseRequest(HttpServletRequest servletRequest, String saveDir) throws FileUploadException {
    DiskFileItemFactory fac = createDiskFileItemFactory(saveDir);
    ServletFileUpload upload = new ServletFileUpload(fac);
    upload.setSizeMax(this.maxSize);
    return upload.parseRequest(createRequestContext(servletRequest));
  }

  private DiskFileItemFactory createDiskFileItemFactory(String saveDir) {
    DiskFileItemFactory fac = new DiskFileItemFactory();

    fac.setSizeThreshold(0);
    if (saveDir != null) {
      fac.setRepository(new File(saveDir));
    }
    return fac;
  }

  public Enumeration<String> getFileParameterNames()
  {
    return Collections.enumeration(this.files.keySet());
  }

  public String[] getContentType(String fieldName)
  {
    List items = (List)this.files.get(fieldName);

    if (items == null) {
      return null;
    }

    List contentTypes = new ArrayList(items.size());
    for (FileItem fileItem : items) {
      contentTypes.add(fileItem.getContentType());
    }

    return (String[])contentTypes.toArray(new String[contentTypes.size()]);
  }

  public File[] getFile(String fieldName)
  {
    List items = (List)this.files.get(fieldName);

    if (items == null) {
      return null;
    }

    List fileList = new ArrayList(items.size());
    for (FileItem fileItem : items) {
      fileList.add(((DiskFileItem)fileItem).getStoreLocation());
    }

    return (File[])fileList.toArray(new File[fileList.size()]);
  }

  public String[] getFileNames(String fieldName)
  {
    List items = (List)this.files.get(fieldName);

    if (items == null) {
      return null;
    }

    List fileNames = new ArrayList(items.size());
    for (FileItem fileItem : items) {
      fileNames.add(getCanonicalName(fileItem.getName()));
    }

    return (String[])fileNames.toArray(new String[fileNames.size()]);
  }

  public String[] getFilesystemName(String fieldName)
  {
    List items = (List)this.files.get(fieldName);

    if (items == null) {
      return null;
    }

    List fileNames = new ArrayList(items.size());
    for (FileItem fileItem : items) {
      fileNames.add(((DiskFileItem)fileItem).getStoreLocation().getName());
    }

    return (String[])fileNames.toArray(new String[fileNames.size()]);
  }

  public String getParameter(String name)
  {
    List v = (List)this.params.get(name);
    if ((v != null) && (v.size() > 0)) {
      return (String)v.get(0);
    }

    return null;
  }

  public Enumeration<String> getParameterNames()
  {
    return Collections.enumeration(this.params.keySet());
  }

  public String[] getParameterValues(String name)
  {
    List v = (List)this.params.get(name);
    if ((v != null) && (v.size() > 0)) {
      return (String[])v.toArray(new String[v.size()]);
    }

    return null;
  }

  public List getErrors()
  {
    return this.errors;
  }

  private String getCanonicalName(String filename)
  {
    int forwardSlash = filename.lastIndexOf("/");
    int backwardSlash = filename.lastIndexOf("\\");
    if ((forwardSlash != -1) && (forwardSlash > backwardSlash))
      filename = filename.substring(forwardSlash + 1, filename.length());
    else if ((backwardSlash != -1) && (backwardSlash >= forwardSlash)) {
      filename = filename.substring(backwardSlash + 1, filename.length());
    }

    return filename;
  }

  private RequestContext createRequestContext(HttpServletRequest req)
  {
    return new RequestContext(req) {
      public String getCharacterEncoding() {
        return this.val$req.getCharacterEncoding();
      }

      public String getContentType() {
        return this.val$req.getContentType();
      }

      public int getContentLength() {
        return this.val$req.getContentLength();
      }

      public InputStream getInputStream() throws IOException {
        InputStream in = this.val$req.getInputStream();
        if (in == null) {
          throw new IOException("Missing content in the request");
        }
        return this.val$req.getInputStream();
      }
    };
  }
}

    strtus2通过 ServletActionContext.getRequest() 获取Request。

    获取的Request对象有可能是MultiPartRequestWrapper也有可能是StrutsRequestWrapper

    为了动态像Request设置值,通过源码了解。通过以下方法可以动态获取值。

    如果没有用strtus2中获取的Request是原生的Request的话,就直接可以通过

Map m = getRequest().getParameterMap();
				m.put(key, val);

     下列方法是获取原生的request然后修改里面的map

     MultiPartRequestWrapper--StrutsRequestWrapper--- HttpServletRequestWrapper- ServletRequestWrapper--ServletRequest

   ServletRequestWrapper 源码。我们只要拿到ServletRequestWrapper中的request对象,修改里面的map就可以达到setParameters的效果。这种方法比上一种方法简洁一点。

 
 
 
 

 

/*     */ package javax.servlet;
/*     */ 
/*     */ import java.io.BufferedReader;
/*     */ import java.io.IOException;
/*     */ import java.io.UnsupportedEncodingException;
/*     */ import java.util.Enumeration;
/*     */ import java.util.Locale;
/*     */ import java.util.Map;
/*     */ 
/*     */ public class ServletRequestWrapper
/*     */   implements ServletRequest
/*     */ {
/*     */   private ServletRequest request;
/*     */ 
/*     */   public ServletRequestWrapper(ServletRequest request)
/*     */   {
/*  95 */     if (request == null) {
/*  96 */       throw new IllegalArgumentException("Request cannot be null");
/*     */     }
/*  98 */     this.request = request;
/*     */   }
/*     */ 
/*     */   public ServletRequest getRequest()
/*     */   {
/* 105 */     return this.request;
/*     */   }

 

 

 

  /**
    * 获取原生的requst
    * public class ServletRequestWrapper
    *   implements ServletRequest
    * {
    *   private ServletRequest request;
    * @return
    */
   public HttpServletRequest getSoundServletRequest(HttpServletRequest request){
	   HttpServletRequest httpServletRequest = getRequest();
	   try{
		   Class<?> c = getSoundServletRequestClass(request.getClass());
		   if(c!=null){
			   Field requestField =   c.getDeclaredField("request");
			   if(requestField!=null){
				   requestField.setAccessible(true);
				   httpServletRequest = (HttpServletRequest)requestField.get(request);
			   }
		   }
	   }catch (Exception e) {
		   log.error(e.getMessage(), e);
	 }
	   return httpServletRequest;
   }
   
  /**
   * 获取原生的ServletRequestWrapper 对象 Class
   * @param request
   * @return Class
   */
  public Class<?> getSoundServletRequestClass(Class<?> request){
	  if(request == ServletRequestWrapper.class){
		   return request;
	   }
	  return getSoundServletRequestClass(request.getSuperclass());
  }
  
  
  /**
   * 设置Parameters 的值
   * @param key
   * @param val
   */
   public void setParameters(String key,String val){    
	   //获取原生的HttpServletRequest
	   try{
		   HttpServletRequest request =   getSoundServletRequest(getRequest());
		   Map m = request.getParameterMap();
		   m.put(key, val);
	   }catch (Exception e) {
		   log.error(e.getMessage(), e);
	   }
	  
   }

   

XssHttpServletRequestWrapper 
package com.dep.aop;

import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.dep.util.StringUtil;

/**
 * 拦截防止sql注入 
 * @author wb_zypt
 *
 */
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
	HttpServletRequest orgRequest = null;
	Map newParams = null;
	private static Logger log = LoggerFactory.getLogger(XssHttpServletRequestWrapper.class);
	public XssHttpServletRequestWrapper(HttpServletRequest request) {
		super(request);
		orgRequest = request;
	}

	/**
	* 覆盖getParameter方法,将参数名和参数值都做xss过滤。<br/>
	* 如果需要获得原始的值,则通过super.getParameterValues(name)来获取<br/>
	* getParameterNames,getParameterValues和getParameterMap也可能需要覆盖
	*/
	@Override
	public String getParameter(String name) {
		String value = super.getParameter(StringUtil.filterDangerString(name));
		if (value != null) {
			value = StringUtil.filterDangerString(value);
		}
		if(value == null){
			value = (String)getParameterMap().get(name);
		}
		return value;
	}
	
	
	@Override
	@SuppressWarnings("unchecked")
	public Map getParameterMap() {
		if(newParams !=null){
			return newParams;
		}else{
			newParams = new HashMap();
		}
	//	Map newParams  = new HashMap();
		Map params = super.getParameterMap();
		
		Set<String> keySet = params.keySet();
        for (Iterator iterator = keySet.iterator(); iterator.hasNext();) {
	            String key = (String) iterator.next();
	             Object obj =  params.get(key);
	            if(obj instanceof String){
	            	 String str = (String) params.get(key);
	            	 newParams.put(key, StringUtil.filterDangerString((String)str));
	            }else if(obj.getClass() == String[].class){
	            	 String[] str = (String[]) params.get(key);
	            	 newParams.put(key, xssEncode((String[])str));
	            }else{
	            	 newParams.put(key, obj);
	            }
	           
	           
	             }
		/*java.lang.reflect.Field lockedField = null;
		try {
			lockedField = params.getClass().getDeclaredField("locked");
			lockedField.setAccessible(true);
			lockedField.set(params, false);
		} catch (Exception e) {
			log.error(e.getMessage(), e);
		}
		Set<String> keySet = params.keySet();
        for (Iterator iterator = keySet.iterator(); iterator.hasNext();) {
	            String key = (String) iterator.next();
	             Object obj =  params.get(key);
	            if(obj instanceof String){
	            	 String str = (String) params.get(key);
	            	 params.put(key, xssEncode((String)str));
	            }else{
	            	 String[] str = (String[]) params.get(key);
	            	 params.put(key, xssEncode((String[])str));
	            }
	           
	           
	             }
        if(lockedField!=null){
        	try {
				lockedField.set(params, true);
			} catch (Exception e) {
				log.error(e.getMessage(), e);
			}
        }*/
		return newParams;
	}

	public String[] getParameterValues(String parameter) {
	      String[] values = super.getParameterValues(parameter);
	      if (values==null)  {
	                  return null;
	          }
	      int count = values.length;
	      String[] encodedValues = new String[count];
	      for (int i = 0; i < count; i++) {
	                 encodedValues[i] = StringUtil.filterDangerString(values[i]);
	       }
	      return encodedValues;
	    }
	
	/**
	* 覆盖getHeader方法,将参数名和参数值都做xss过滤。<br/>
	* 如果需要获得原始的值,则通过super.getHeaders(name)来获取<br/>
	* getHeaderNames 也可能需要覆盖
	*/
	@Override
	public String getHeader(String name) {
		
		String value = super.getHeader(StringUtil.filterDangerString(name));
		if (value != null) {
			value = StringUtil.filterDangerString(value);
		}
		return value;
	}
	private static String[] xssEncode(String[] s) {
		String[] newStr = new String[s.length];
		for(int i=0;i<s.length;i++){
			newStr[i]= StringUtil.filterDangerString(s[i]);
		}
		return newStr;
	}
	

	/**
	* 获取最原始的request
	*
	* @return
	*/
	public HttpServletRequest getOrgRequest() {
		return orgRequest;
	}

	/**
	* 获取最原始的request的静态方法
	*
	* @return
	*/
	public static HttpServletRequest getOrgRequest(HttpServletRequest req) {
		if (req instanceof XssHttpServletRequestWrapper) {
			return ((XssHttpServletRequestWrapper) req).getOrgRequest();
		}

		return req;
	}

}

 

你可能感兴趣的:(parameter)