如何用RequestBodyAdvice实现对Http请求非法字符过滤
短信预约 -IT技能 免费直播动态提醒
这篇文章主要介绍“如何用RequestBodyAdvice实现对Http请求非法字符过滤”,在日常操作中,相信很多人在如何用RequestBodyAdvice实现对Http请求非法字符过滤问题上存在疑惑,小编查阅了各式资料,整理出简单好用的操作方法,希望对大家解答”如何用RequestBodyAdvice实现对Http请求非法字符过滤”的疑惑有所帮助!接下来,请跟着小编一起来学习吧!
RequestBodyAdvice对Http请求非法字符过滤
利用RequestBodyAdvice对HTTP请求参数放入body中的参数进行非法字符过滤。
要求:spring 4.2+
额外的pom.xml
<dependency><groupId>org.apache.commons</groupId><artifactId>commons-io</artifactId><version>1.3.2</version></dependency> <dependency><groupId>com.alibaba</groupId><artifactId>fastjson</artifactId><version>1.2.44</version></dependency>代码
package com.niugang.controller;import java.io.IOException;import java.io.InputStream;import java.lang.reflect.Type;import java.util.ArrayList;import java.util.HashMap;import java.util.List;import java.util.Map;import java.util.Map.Entry;import java.util.Set;import org.apache.commons.io.IOUtils;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.core.MethodParameter;import org.springframework.http.HttpHeaders;import org.springframework.http.HttpInputMessage;import org.springframework.http.converter.HttpMessageConverter;import org.springframework.web.bind.annotation.ControllerAdvice;import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice; import com.alibaba.fastjson.JSON;import com.alibaba.fastjson.JSONArray;@ControllerAdvice(basePackages = "com.niugang")public class MyRequestBodyAdvice implements RequestBodyAdvice {private final static Logger logger = LoggerFactory.getLogger(MyRequestBodyAdvice.class); @Overridepublic boolean supports(MethodParameter methodParameter, Type targetType,Class<? extends HttpMessageConverter<?>> converterType) {return true;}@Overridepublic Object handleEmptyBody(Object body, HttpInputMessage inputMessage, MethodParameter parameter,Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {return body;} @Overridepublic HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter, Type targetType,Class<? extends HttpMessageConverter<?>> converterType) throws IOException { try {return new MyHttpInputMessage(inputMessage);} catch (Exception e) {e.printStackTrace();return inputMessage; }}@Overridepublic Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType,Class<? extends HttpMessageConverter<?>> converterType) {return body;} class MyHttpInputMessage implements HttpInputMessage {private HttpHeaders headers;private InputStream body; @SuppressWarnings("unchecked")public MyHttpInputMessage(HttpInputMessage inputMessage) throws Exception {String string = IOUtils.toString(inputMessage.getBody(), "UTF-8");Map<String, Object> mapJson = (Map<String, Object>) JSON.parseObject(string, Map.class);Map<String, Object> map = new HashMap<String, Object>();Set<Entry<String, Object>> entrySet = mapJson.entrySet();for (Entry<String, Object> entry : entrySet) {String key = entry.getKey();Object objValue = entry.getValue(); if (objValue instanceof String) {String value = objValue.toString();map.put(key, filterDangerString(value));} else { // 针对结合的处理@SuppressWarnings("rawtypes")List<HashMap> parseArray = JSONArray.parseArray(objValue.toString(), HashMap.class);List<Map<String, Object>> listMap = new ArrayList<Map<String, Object>>();for (Map<String, Object> innerMap : parseArray) {Map<String, Object> childrenMap = new HashMap<String, Object>();Set<Entry<String, Object>> elseEntrySet = innerMap.entrySet();for (Entry<String, Object> en : elseEntrySet) { String innerKey = en.getKey();Object innerObj = en.getValue();if (innerObj instanceof String) {String value = innerObj.toString();childrenMap.put(innerKey, filterDangerString(value));} }listMap.add(childrenMap);}map.put(key, listMap);}}this.headers = inputMessage.getHeaders();this.body = IOUtils.toInputStream(JSON.toJSONString(map), "UTF-8");} @Overridepublic InputStream getBody() throws IOException {return body;} @Overridepublic HttpHeaders getHeaders() {return headers;}}private String filterDangerString(String value) {if (value == null) {return null;}value = value.replaceAll("\\|", "");value = value.replaceAll("&", "");value = value.replaceAll(";", "");value = value.replaceAll("@", "");value = value.replaceAll("'", "");value = value.replaceAll("\\'", "");value = value.replaceAll("<", "");value = value.replaceAll("-", "");value = value.replaceAll(">", "");value = value.replaceAll("\\(", "");value = value.replaceAll("\\)", "");value = value.replaceAll("\\+", "");value = value.replaceAll("\r", "");value = value.replaceAll("\n", "");value = value.replaceAll("script", "");value = value.replaceAll("select", "");value = value.replaceAll("\"", "");value = value.replaceAll(">", "");value = value.replaceAll("<", "");value = value.replaceAll("=", "");value = value.replaceAll("/", "");return value;}}对于以上的配置Controller接收参数需要加@RequestBody。
测试
过滤后的数据
自定义RequestBodyAdvice过滤Json表情符号
@ControllerAdvice@Slf4jpublic class FilterEmojiRequestBodyAdvice implements RequestBodyAdvice { @Override public boolean supports(MethodParameter methodParameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) { Annotation[] annotations = methodParameter.getParameterAnnotations(); for (Annotation ann : annotations) { Validated validatedAnn = AnnotationUtils.getAnnotation(ann, Validated.class); if (validatedAnn != null || ann.annotationType().getSimpleName().startsWith("Valid")) { return true; } } return false; } @Override public HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) throws IOException { return inputMessage; } @Override public Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) { try { this.filterEmojiAfterBody(body); } catch (Exception e) { log.info("过滤表情异常:{}", e); } return body; } private void filterEmojiAfterBody(Object body) throws IllegalAccessException { if (null != body) { Field[] fields = ReflectUtil.getFields(body.getClass()); for (int i = 0; i < fields.length; i++) { Field field = fields[i]; if (field.isAnnotationPresent(Valid.class)) { field.setAccessible(true); this.filterEmojiAfterBody(field.get(body)); } if (field.isAnnotationPresent(FilterEmoji.class)) { field.setAccessible(true); Object value = field.get(body); if (value instanceof String) { String str = filterEmoji(value.toString()); field.set(body, str); } } } } } @Override public Object handleEmptyBody(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) { return body; } public static String filterEmoji(String source) { if (StringUtils.isEmpty(source)) { return ""; } if (!containsEmoji(source)) { return source;//如果不包含,直接返回 } StringBuilder buf = new StringBuilder(); int len = source.length(); for (int i = 0; i < len; i++) { char codePoint = source.charAt(i); if (isNotEmojiCharacter(codePoint)) { buf.append(codePoint); } } return buf.toString().trim(); } public static boolean containsEmoji(String source) { if (StringUtils.isBlank(source)) { return false; } int len = source.length(); for (int i = 0; i < len; i++) { char codePoint = source.charAt(i); if (!isNotEmojiCharacter(codePoint)) { //判断到了这里表明,确认有表情字符 return true; } } return false; } public static boolean isNotEmojiCharacter(char codePoint) { return (codePoint == 0x0) || (codePoint == 0x9) || (codePoint == 0xA) || (codePoint == 0xD) || ((codePoint >= 0x20) && (codePoint <= 0xD7FF)) || ((codePoint >= 0xE000) && (codePoint <= 0xFFFD)) || ((codePoint >= 0x10000) && (codePoint <= 0x10FFFF)); }}到此,关于“如何用RequestBodyAdvice实现对Http请求非法字符过滤”的学习就结束了,希望能够解决大家的疑惑。理论与实践的搭配能更好的帮助大家学习,快去试试吧!若想继续学习更多相关知识,请继续关注编程网网站,小编会继续努力为大家带来更多实用的文章!
免责声明:
① 本站未注明“稿件来源”的信息均来自网络整理。其文字、图片和音视频稿件的所属权归原作者所有。本站收集整理出于非商业性的教育和科研之目的,并不意味着本站赞同其观点或证实其内容的真实性。仅作为临时的测试数据,供内部测试之用。本站并未授权任何人以任何方式主动获取本站任何信息。
② 本站未注明“稿件来源”的临时测试数据将在测试完成后最终做删除处理。有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341
