springboot配置拦截器，在拦截器中获取@RequestBody注解参数和post请求参数以及get请求参数

1.配置拦截器

package com.jy.gxw.config.interceptor;import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;import com.jy.common.base.event.IEventService;
import com.jy.common.interceptor.EventInterceptor;/*** 系统中的拦截器配置* * @author ShuoYuan**/
@Configuration
public class InterceptorConfigurer extends WebMvcConfigurerAdapter {@Autowiredprivate IEventService eventService;/***      * 配置静态资源      */public void addResourceHandlers(ResourceHandlerRegistry registry) {registry.addResourceHandler("/static/**").addResourceLocations("classpath:/static/");registry.addResourceHandler("/templates/**").addResourceLocations("classpath:/templates/");super.addResourceHandlers(registry);}@Overridepublic void addInterceptors(InterceptorRegistry registry) {// addPathPatterns 用于添加拦截规则// excludePathPatterns 用于排除拦截// 地址拦截器registry.addInterceptor(new SessionInterceptor()).addPathPatterns("/**").excludePathPatterns("/user/login") // 登录页.excludePathPatterns("/api/code/get/pageCode");// 登陆验证码super.addInterceptors(registry);// 用户操作日志拦截器registry.addInterceptor(new EventInterceptor(eventService));}}

package com.jy.gxw.config.interceptor;import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.jy.gxw.util.JSONUtils;/*** Created by 20160216 on 2018/2/8.*/
public class SessionInterceptor extends HandlerInterceptorAdapter {private Logger logger = LoggerFactory.getLogger(SessionInterceptor.class);// 拦截前处理@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {System.out.println("经过拦截器拦截前处理啦。。。。。");try {RequestWrapper requestWrapper = new RequestWrapper(request);// 获取@RequestBody注解参数和post请求参数String body = requestWrapper.getBody();System.out.println("拦截器输出body：" + body);System.out.println("uri=" + request.getRequestURI());// 获取get请求参数Map<String, String[]> ParameterMap = request.getParameterMap();System.out.println("参数个数：" + ParameterMap.size());Map reqMap = new HashMap();Set<Map.Entry<String, String[]>> entry = ParameterMap.entrySet();Iterator<Map.Entry<String, String[]>> it = entry.iterator();while (it.hasNext()) {Map.Entry<String, String[]> me = it.next();String key = me.getKey();String value = me.getValue()[0];reqMap.put(key, value);}String queryString = JSONUtils.JsonToString(JSONUtils.MapToJson(reqMap));System.out.println(queryString);// 不做拦截的地址if (request.getRequestURI().equals("/api/code/get/pageCode")) {return true;}// 验证session是否存在Object obj = request.getSession().getAttribute("_session_user");if (obj == null) {response.sendRedirect("/user/login_view");//重定向return false;}return true;} catch (Exception e) {logger.error("权限判断出错", e);}return false;}// 拦截后处理@Overridepublic void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o,ModelAndView modelAndView) throws Exception {}// 全部完成后处理@Overridepublic void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,Object o, Exception e) throws Exception {}
}

package com.jy.gxw.config.interceptor;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.*;public class RequestWrapper extends HttpServletRequestWrapper {private final String body;public RequestWrapper(HttpServletRequest request) {super(request);StringBuilder stringBuilder = new StringBuilder();BufferedReader bufferedReader = null;InputStream inputStream = null;try {inputStream = request.getInputStream();if (inputStream != null) {bufferedReader = new BufferedReader(new InputStreamReader(inputStream));char[] charBuffer = new char[128];int bytesRead = -1;while ((bytesRead = bufferedReader.read(charBuffer)) > 0) {stringBuilder.append(charBuffer, 0, bytesRead);}} else {stringBuilder.append("");}} catch (IOException ex) {} finally {if (inputStream != null) {try {inputStream.close();}catch (IOException e) {e.printStackTrace();}}if (bufferedReader != null) {try {bufferedReader.close();}catch (IOException e) {e.printStackTrace();}}}body = stringBuilder.toString();}@Overridepublic ServletInputStream getInputStream() throws IOException {final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(body.getBytes());ServletInputStream servletInputStream = new ServletInputStream() {@Overridepublic boolean isFinished() {return false;}@Overridepublic boolean isReady() {return false;}@Overridepublic void setReadListener(ReadListener readListener) {}@Overridepublic int read() throws IOException {return byteArrayInputStream.read();}};return servletInputStream;}@Overridepublic BufferedReader getReader() throws IOException {return new BufferedReader(new InputStreamReader(this.getInputStream()));}public String getBody() {return this.body;}}

package com.jy.gxw.util;
import java.util.HashMap;
import java.util.Map;import com.alibaba.druid.util.StringUtils;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;public class JSONUtils {/*** Bean对象转JSON* * @param object* @param dataFormatString* @return*/public static String beanToJson(Object object, String dataFormatString) {if (object != null) {if (StringUtils.isEmpty(dataFormatString)) {return JSONObject.toJSONString(object);}return JSON.toJSONStringWithDateFormat(object, dataFormatString);} else {return null;}}/*** Bean对象转JSON* * @param object* @return*/public static String beanToJson(Object object) {if (object != null) {return JSON.toJSONString(object);} else {return null;}}/*** String转JSON字符串* * @param key* @param value* @return*/public static String stringToJsonByFastjson(String key, String value) {if (StringUtils.isEmpty(key) || StringUtils.isEmpty(value)) {return null;}Map<String, String> map = new HashMap<String, String>();map.put(key, value);return beanToJson(map, null);}/*** 将json字符串转换成对象* * @param json* @param clazz* @return*/public static Object jsonToBean(String json, Object clazz) {if (StringUtils.isEmpty(json) || clazz == null) {return null;}return JSON.parseObject(json, clazz.getClass());}/*** json字符串转map* * @param json* @return*/@SuppressWarnings("unchecked")public static Map<String, Object> jsonToMap(String json) {if (StringUtils.isEmpty(json)) {return null;}return JSON.parseObject(json, Map.class);}public static JSONObject MapToJson(Map m){JSONObject json = new JSONObject(m);return json;}public static String JsonToString(JSONObject json){return json.toJSONString();}}

package com.jy.gxw.config.filter;import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.util.ArrayList;import java.util.List;import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;import com.jy.gxw.config.interceptor.RequestWrapper;/*** * 非法字符过滤器（防SQL注入，防XSS漏洞）* * */
public class XssFilter implements Filter {private static final Logger logger = LogManager.getLogger(XssFilter.class);/*** 排除部分URL不做过滤*/private List<String> excludeUrls = new ArrayList<String>();/*** 公告新增、修改用到富文本，对标签进行转义*/private List<String> noticeUrls = new ArrayList<String>();public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)throws IOException, ServletException {logger.info("================进入过滤器======================");HttpServletResponse response = (HttpServletResponse) arg1;ServletRequest req = null;if(arg0 instanceof HttpServletRequest) {req = new RequestWrapper((HttpServletRequest) arg0);// 获取@RequestBody注解参数和post请求参数String body = ((RequestWrapper) req).getBody();System.out.println("过滤器输出body：" + body);HttpServletRequest req1 = (HttpServletRequest) req;String pathInfo = req1.getPathInfo() == null ? "" : req1.getPathInfo();String url = req1.getServletPath() + pathInfo;String uri = req1.getRequestURI();boolean isNoticeUrl = false;// 排除部分URL不做过滤。for (String str : excludeUrls) {if (uri.indexOf(str) >= 0) {logger.info("该URL不作校验：" + url);arg2.doFilter(req, response);return;}}for (String st : noticeUrls) {if (uri.indexOf(st) >= 0) {isNoticeUrl = true;break;}}List<String> ll=getvalue(body);// 获取请求所有参数值，校验防止SQL注入，防止XSS漏洞if(ll!=null){for(String ss:ll) {// 校验是否存在SQL注入信息if (checkSQLInject(ss, url)) {errorResponse(response, ss);return;}}}}if(req == null) {arg2.doFilter(arg0, response);} else {arg2.doFilter(req, response);}}public  List<String> getvalue(String str){int len=str.length();if(len>5){List<String> l=new ArrayList<String>();for(int i=0;i<len;i++){if(str.charAt(i)==':'){i++;if(str.charAt(i)=='"'){int ii=str.indexOf('"', i+1);l.add(str.substring(i+1, ii));i=ii;}}}return l;}else return null;  }private void errorResponse(HttpServletResponse response, String paramvalue) throws IOException {String warning = "输入项中不能包含非法字符。";response.setContentType("text/html; charset=UTF-8");PrintWriter out = response.getWriter();out.println("{\"httpCode\":\"-9998\",\"msg\":\"" + warning + "\", \"输入值\": \"" +paramvalue + "\"}");out.flush();out.close();}public void destroy() {}public void init(FilterConfig filterconfig1) throws ServletException {// 读取文件String path = XssFilter.class.getResource("/").getFile();excludeUrls = readFile(path + "xssWhite.txt");noticeUrls.add("notice!saveNotice");noticeUrls.add("notice!updateNoticeById");}/*** 读取白名单* * @param fileName* @return*/private List<String> readFile(String fileName) {List<String> list = new ArrayList<String>();BufferedReader reader = null;FileInputStream fis = null;try {File f = new File(fileName);if (f.isFile() && f.exists()) {fis = new FileInputStream(f);reader = new BufferedReader(new InputStreamReader(fis, "UTF-8"));String line;while ((line = reader.readLine()) != null) {if (!"".equals(line)) {list.add(line);}}}} catch (Exception e) {logger.error("readFile", e);} finally {try {if (reader != null) {reader.close();}} catch (IOException e) {logger.error("InputStream关闭异常", e);}try {if (fis != null) {fis.close();}} catch (IOException e) {logger.error("FileInputStream关闭异常", e);}}return list;}private String xssEncode(String s) {if (s == null || s.isEmpty()) {return s;}/*s.replaceAll("||", "");s.replaceAll("|", "");s.replaceAll(regex, replacement)*/StringBuilder sb = new StringBuilder(s.length() + 16);for (int i = 0; i < s.length(); i++) {char c = s.charAt(i);switch (c) {case '>':sb.append('＞');// 全角大于号break;case '<':sb.append('＜');// 全角小于号break;case '\'':sb.append('‘');// 全角单引号break;case '\"':sb.append('“');// 全角双引号break;case '&':sb.append('＆');// 全角break;case '\\':sb.append('＼');// 全角斜线break;case '#':sb.append('＃');// 全角井号break;case '(':sb.append('（');//break;case ')':sb.append('）');//break;default:sb.append(c);break;}}return sb.toString();}/*** * 检查是否存在非法字符，防止SQL注入* * @param str*            被检查的字符串* @return ture-字符串中存在非法字符，false-不存在非法字符*/public static boolean checkSQLInject(String str, String url) {if (StringUtils.isEmpty(str)) {return false;// 如果传入空串则认为不存在非法字符}// 判断黑名单String[] inj_stra = { "script", "mid", "master", "truncate", "insert", "select", "delete", "update", "declare","iframe", "'", "onreadystatechange", "alert", "atestu", "xss", ";", "'", "\"", "<", ">", "(", ")", ",","\\", "svg", "confirm", "prompt", "onload", "onmouseover", "onfocus", "onerror" };str = str.toLowerCase(); // sql不区分大小写for (int i = 0; i < inj_stra.length; i++) {if (str.indexOf(inj_stra[i]) >= 0) {logger.info("xss防攻击拦截url:" + url + "，原因：特殊字符，传入str=" + str + ",包含特殊字符：" + inj_stra[i]);return true;}}return false;}
}

springboot配置拦截器，在拦截器中获取@RequestBody注解参数和post请求参数以及get请求参数相关推荐

在SpringMVC中使用@RequestBody注解处理json时，报出HTTP Status 415的解决方案
在SpringMVC中使用@RequestBody注解处理json时,报出HTTP Status 415的解决方案参考文章: (1)在SpringMVC中使用@RequestBody注解处理json ...
在Servlet中获取Spring注解的bean
最近由于项目中出现了Servlet调用Spring的bean,由于整个项目中所有的bean均是注解方式完成,如@Service,@Repository,@Resource等,但是Spring的容器管理 ...
Springboot配置多个视图解析器，项目同时有jsp和html
废话有点多..大家谅解下啊,如果着急的话可以直接下拉到底部,上面是我的解决历程.. 这个问题一般是遇不到的,只怪我们项目是在奇葩.事情是这样的,我们先开发的项目要集成进去一个老项目,新项目用的是htm ...
用springboot编写RestController之——详解RestController中获取请求的各种数据
参考资料:老葛课堂 https://study.163.com/course/courseLearn.htm?courseId=1005213034#/learn/video?lessonId=105 ...
springmvc 异常001---在SpringMVC中使用@RequestBody注解处理json时，报出HTTP Status 415的解决方案
Spring的@RequestBody非常牛x,可以将提交的json直接转换成POJO对象. 正好今天有这样的需求,使用一下,结果一直报415,十分头疼. HTTP 415 错误 – 不支持的媒体类型 ...
微信小程序跳转页面后onload中获取到的参数值和跳转页面时传的参数不一样
channel是一个从后端获取的被加密的一个字符串且已经被encode,我不对其进行修改,只在页面中跳转时带上这个参数,有接口需要传给后端这个参数时,传给他decodeURIComponent(cha ...
spring boot整合IBM WebSphere MQ，并配置多个队列管理器
IBM WebSphere MQ概述网上关于IBM WebSphere MQ的资料挺少的,毕竟是一项老技术,整理一下从零开始对于IBM WebSphere MQ的理解 IBM WebSphere M ...
在SpringBoot项目中，自定义注解+拦截器优雅的实现敏感数据的加解密！
在实际生产项目中,经常需要对如身份证信息.手机号.真实姓名等的敏感数据进行加密数据库存储,但在业务代码中对敏感信息进行手动加解密则十分不优雅,甚至会存在错加密.漏加密.业务人员需要知道实际的加密规则等 ...
springboot配置监听器、过滤器和拦截器
监听器:listener是servlet规范中定义的一种特殊类.用于监听servletContext.HttpSession和servletRequest等域对象的创建和销毁事件.监听域对象的属性发生 ...

springboot配置拦截器，在拦截器中获取@RequestBody注解参数和post请求参数以及get请求参数

springboot配置拦截器，在拦截器中获取@RequestBody注解参数和post请求参数以及get请求参数相关推荐

最新文章

热门文章