@RequestBody 无法转换从 AES 加密字符串派生的对象
@RequestBody not able to convert object derived from AES Encrypted String
从客户端传递内容类型为 text/plain.
的 AES 加密字符串
AES 加密字符串在通过过滤器到达控制器之前被解密。
CustomEncryptedFilter
@Component
@Order(0)
public class CustomEncryptedFilter implements Filter {
private static final Logger logger = LogManager.getLogger(CustomEncryptedFilter.class.getName());
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
logger.info("************** Encryption Filter - START ***********************");
String encryptedString = IOUtils.toString(request.getInputStream());
if (encryptedString != null && encryptedString.length() > 0) {
byte[] decryptedString = new AESEncrytion().decrypt(encryptedString).getBytes();
if (request instanceof HttpServletRequest) {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
CustomHttpServletRequestWrapper requestWrapper
= new CustomHttpServletRequestWrapper(httpServletRequest,decryptedString);
logger.info("Content Type: {}", requestWrapper.getContentType());
logger.info("Request Body: {}", IOUtils.toString(requestWrapper.getInputStream()));
chain.doFilter(requestWrapper, response);
} else {
chain.doFilter(request, response);
}
} else {
logger.info("Request is Invalid or Empty");
chain.doFilter(request, response);
}
}
}
这里我会得到当前的请求体,它是一个AES加密的字符串
然后我解密它以将其转换为字符串。
encrypted String - Ijwmn5sZ5HqoUPb15c5idjxetqmC8Sln6+d2BPaYzxA=
Original String - {"username":"thivanka"}
获得解密的字符串(Json 对象)后,我将其附加到请求正文
通过扩展 HttpServletRequestWrapper
public class CustomHttpServletRequestWrapper extends HttpServletRequestWrapper {
private static final Logger logger = LogManager.getLogger(CustomHttpServletRequestWrapper.class.getName());
private ByteArrayInputStream requestBody;
public CustomHttpServletRequestWrapper(HttpServletRequest request, byte[] decryptedString) {
super(request);
try {
requestBody = new ByteArrayInputStream(decryptedString);
} catch (Exception e) {
logger.error(e);
e.printStackTrace();
}
}
@Override
public String getHeader(String headerName) {
String headerValue = super.getHeader(headerName);
if ("Accept".equalsIgnoreCase(headerName)) {
return headerValue.replaceAll(MediaType.TEXT_PLAIN_VALUE, MediaType.APPLICATION_JSON_VALUE);
} else if ("Content-Type".equalsIgnoreCase(headerName)) {
return headerValue.replaceAll(MediaType.TEXT_PLAIN_VALUE, MediaType.APPLICATION_JSON_VALUE);
}
return headerValue;
}
@SuppressWarnings("unchecked")
@Override
public Enumeration getHeaderNames() {
HttpServletRequest request = (HttpServletRequest) getRequest();
List list = new ArrayList();
Enumeration e = request.getHeaderNames();
while (e.hasMoreElements()) {
String headerName = (String) e.nextElement();
String headerValue = request.getHeader(headerName);
if ("Accept".equalsIgnoreCase(headerName)) {
headerValue.replaceAll(MediaType.TEXT_PLAIN_VALUE, MediaType.APPLICATION_JSON_VALUE);
} else if ("Content-Type".equalsIgnoreCase(headerName)) {
headerValue.replaceAll(MediaType.TEXT_PLAIN_VALUE, MediaType.APPLICATION_JSON_VALUE);
}
list.add(headerName);
}
return Collections.enumeration(list);
}
@SuppressWarnings("unchecked")
@Override
public Enumeration getHeaders(final String headerName) {
HttpServletRequest request = (HttpServletRequest) getRequest();
List list = new ArrayList();
Enumeration e = request.getHeaders(headerName);
while (e.hasMoreElements()) {
String header = e.nextElement().toString();
if (header.equalsIgnoreCase(MediaType.TEXT_PLAIN_VALUE)) {
header = MediaType.APPLICATION_JSON_VALUE;
}
list.add(header);
}
return Collections.enumeration(list);
}
@Override
public String getContentType() {
String contentTypeValue = super.getContentType();
if (MediaType.TEXT_PLAIN_VALUE.equalsIgnoreCase(contentTypeValue)) {
return MediaType.APPLICATION_JSON_VALUE;
}
return contentTypeValue;
}
@Override
public BufferedReader getReader() throws UnsupportedEncodingException {
return new BufferedReader(new InputStreamReader(requestBody, "UTF-8"));
}
@Override
public ServletInputStream getInputStream() throws IOException {
return new ServletInputStream() {
@Override
public int read() {
return requestBody.read();
}
@Override
public boolean isFinished() {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean isReady() {
// TODO Auto-generated method stub
return false;
}
@Override
public void setReadListener(ReadListener listener) {
// TODO Auto-generated method stub
}
};
}
}
除了添加新的请求正文之外,我还将媒体类型从 text/plain 更改为
到 application/json 以便我的 @RequestBody 注释获取媒体类型和
执行对象转换。
这是我的控制器
@CrossOrigin(origins = "*", allowedHeaders = "*")
@RestController
@RequestMapping("/api/mobc")
public class HomeController {
private static final Logger logger = LogManager.getLogger(HomeController.class.getName());
@RequestMapping(value="/hello", method=RequestMethod.POST,consumes="application/json", produces="application/json")
public ResponseEntity<?> Message(@RequestBody LoginForm loginForm,HttpServletRequest request) {
logger.info("In Home Controller");
logger.info("Content Type: {}", request.getContentType());
return ResponseEntity.status(HttpStatus.OK).body(loginForm);
}
}
LoginForm 对象(为了便于阅读,我删除了 Getters/Setters)
public class 登录表单 {
private String username;
private String password;
}
很遗憾,我遇到了错误。我在这里做错了什么。
ExceptionHandlerExceptionResolver - Resolved [org.springframework.http.converter.HttpMessageNotReadableException: Required request body is missing
可能的问题
我假设 IOUtils.toString(InputStream stream) 从 InputStream 读取所有字节。但是InputStream只能读一次。
您的日志记录语句
logger.info("Request Body: {}", IOUtils.toString(requestWrapper.getInputStream()));
读取了一个InputStream,所以Spring无法读取第二遍。尝试将 IOUtils.toString(requestWrapper.getInputStream()) 替换为 new String(encryptedString, Charset.defaultCharset()).
其他实施方案
您可以实施自定义 RequestBodyAdvice,它将解密消息并根据需要更改 headers。
来自 Spring 的 JavaDoc:
Implementations of this contract may be registered directly with the RequestMappingHandlerAdapter or more likely annotated with @ControllerAdvice in which case they are auto-detected.
这里是将消息的第一个字节更改为 { 并将最后一个字节更改为 } 的建议实施示例。您的实现可以修改解密它的消息。
@ControllerAdvice
class CustomRequestBodyAdvice extends RequestBodyAdviceAdapter {
@Override
public boolean supports(MethodParameter methodParameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
return true;
}
@Override
public HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) throws IOException {
try (InputStream inputStream = inputMessage.getBody()) {
byte[] bytes = inputStream.readAllBytes();
bytes[0] = 0x7b; // 0x7b = '{'
bytes[bytes.length - 1] = 0x7d; // 0x7d = '}'
return new CustomMessage(new ByteArrayInputStream(bytes), inputMessage.getHeaders());
}
}
}
class CustomMessage implements HttpInputMessage {
private final InputStream body;
private final HttpHeaders httpHeaders;
public CustomMessage(InputStream body, HttpHeaders httpHeaders) {
this.body = body;
this.httpHeaders = httpHeaders;
}
@Override
public InputStream getBody() throws IOException {
return this.body;
}
@Override
public HttpHeaders getHeaders() {
return this.httpHeaders;
}
}
还有supports方法returns是否应该调用这个RequestBodyAdvice。在此示例中,此方法始终 returns true,但您可以创建自定义注释并检查其是否存在。
// custom annotation
@Target(ElementType.PARAMETER)
@Retention(RetentionPolicy.RUNTIME)
@interface AesEncrypted {}
// class: CustomRequestBodyAdvice
@Override
public boolean supports(MethodParameter methodParameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
return methodParameter.hasParameterAnnotation(AesEncrypted.class);
}
// controller
@PostMapping("one")
String getDecrypted(@AesEncrypted @RequestBody Data data) {
return data.value;
}
如果有人为此苦苦挣扎,那么答案就是转向 ContentCachingRequestWrapper。其他方法是使用@geobreze 建议的面向方面的变体,它解决了同样的问题。
我只需要修改我的 HttpServletRequestWrapper 以促进更改。
参考 -> https://www.baeldung.com/spring-reading-httpservletrequest-multiple-times
This class caches the request body by consuming the InputStream. If we
read the InputStream in one of the filters, then other subsequent
filters in the filter chain can't read it anymore. Because of this
limitation, this class is not suitable in all situations.
从客户端传递内容类型为 text/plain.
的 AES 加密字符串AES 加密字符串在通过过滤器到达控制器之前被解密。
CustomEncryptedFilter
@Component
@Order(0)
public class CustomEncryptedFilter implements Filter {
private static final Logger logger = LogManager.getLogger(CustomEncryptedFilter.class.getName());
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
logger.info("************** Encryption Filter - START ***********************");
String encryptedString = IOUtils.toString(request.getInputStream());
if (encryptedString != null && encryptedString.length() > 0) {
byte[] decryptedString = new AESEncrytion().decrypt(encryptedString).getBytes();
if (request instanceof HttpServletRequest) {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
CustomHttpServletRequestWrapper requestWrapper
= new CustomHttpServletRequestWrapper(httpServletRequest,decryptedString);
logger.info("Content Type: {}", requestWrapper.getContentType());
logger.info("Request Body: {}", IOUtils.toString(requestWrapper.getInputStream()));
chain.doFilter(requestWrapper, response);
} else {
chain.doFilter(request, response);
}
} else {
logger.info("Request is Invalid or Empty");
chain.doFilter(request, response);
}
}
}
这里我会得到当前的请求体,它是一个AES加密的字符串 然后我解密它以将其转换为字符串。
encrypted String - Ijwmn5sZ5HqoUPb15c5idjxetqmC8Sln6+d2BPaYzxA=
Original String - {"username":"thivanka"}
获得解密的字符串(Json 对象)后,我将其附加到请求正文 通过扩展 HttpServletRequestWrapper
public class CustomHttpServletRequestWrapper extends HttpServletRequestWrapper {
private static final Logger logger = LogManager.getLogger(CustomHttpServletRequestWrapper.class.getName());
private ByteArrayInputStream requestBody;
public CustomHttpServletRequestWrapper(HttpServletRequest request, byte[] decryptedString) {
super(request);
try {
requestBody = new ByteArrayInputStream(decryptedString);
} catch (Exception e) {
logger.error(e);
e.printStackTrace();
}
}
@Override
public String getHeader(String headerName) {
String headerValue = super.getHeader(headerName);
if ("Accept".equalsIgnoreCase(headerName)) {
return headerValue.replaceAll(MediaType.TEXT_PLAIN_VALUE, MediaType.APPLICATION_JSON_VALUE);
} else if ("Content-Type".equalsIgnoreCase(headerName)) {
return headerValue.replaceAll(MediaType.TEXT_PLAIN_VALUE, MediaType.APPLICATION_JSON_VALUE);
}
return headerValue;
}
@SuppressWarnings("unchecked")
@Override
public Enumeration getHeaderNames() {
HttpServletRequest request = (HttpServletRequest) getRequest();
List list = new ArrayList();
Enumeration e = request.getHeaderNames();
while (e.hasMoreElements()) {
String headerName = (String) e.nextElement();
String headerValue = request.getHeader(headerName);
if ("Accept".equalsIgnoreCase(headerName)) {
headerValue.replaceAll(MediaType.TEXT_PLAIN_VALUE, MediaType.APPLICATION_JSON_VALUE);
} else if ("Content-Type".equalsIgnoreCase(headerName)) {
headerValue.replaceAll(MediaType.TEXT_PLAIN_VALUE, MediaType.APPLICATION_JSON_VALUE);
}
list.add(headerName);
}
return Collections.enumeration(list);
}
@SuppressWarnings("unchecked")
@Override
public Enumeration getHeaders(final String headerName) {
HttpServletRequest request = (HttpServletRequest) getRequest();
List list = new ArrayList();
Enumeration e = request.getHeaders(headerName);
while (e.hasMoreElements()) {
String header = e.nextElement().toString();
if (header.equalsIgnoreCase(MediaType.TEXT_PLAIN_VALUE)) {
header = MediaType.APPLICATION_JSON_VALUE;
}
list.add(header);
}
return Collections.enumeration(list);
}
@Override
public String getContentType() {
String contentTypeValue = super.getContentType();
if (MediaType.TEXT_PLAIN_VALUE.equalsIgnoreCase(contentTypeValue)) {
return MediaType.APPLICATION_JSON_VALUE;
}
return contentTypeValue;
}
@Override
public BufferedReader getReader() throws UnsupportedEncodingException {
return new BufferedReader(new InputStreamReader(requestBody, "UTF-8"));
}
@Override
public ServletInputStream getInputStream() throws IOException {
return new ServletInputStream() {
@Override
public int read() {
return requestBody.read();
}
@Override
public boolean isFinished() {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean isReady() {
// TODO Auto-generated method stub
return false;
}
@Override
public void setReadListener(ReadListener listener) {
// TODO Auto-generated method stub
}
};
}
}
除了添加新的请求正文之外,我还将媒体类型从 text/plain 更改为 到 application/json 以便我的 @RequestBody 注释获取媒体类型和 执行对象转换。
这是我的控制器
@CrossOrigin(origins = "*", allowedHeaders = "*")
@RestController
@RequestMapping("/api/mobc")
public class HomeController {
private static final Logger logger = LogManager.getLogger(HomeController.class.getName());
@RequestMapping(value="/hello", method=RequestMethod.POST,consumes="application/json", produces="application/json")
public ResponseEntity<?> Message(@RequestBody LoginForm loginForm,HttpServletRequest request) {
logger.info("In Home Controller");
logger.info("Content Type: {}", request.getContentType());
return ResponseEntity.status(HttpStatus.OK).body(loginForm);
}
}
LoginForm 对象(为了便于阅读,我删除了 Getters/Setters)
public class 登录表单 {
private String username;
private String password;
}
很遗憾,我遇到了错误。我在这里做错了什么。
ExceptionHandlerExceptionResolver - Resolved [org.springframework.http.converter.HttpMessageNotReadableException: Required request body is missing
可能的问题
我假设 IOUtils.toString(InputStream stream) 从 InputStream 读取所有字节。但是InputStream只能读一次。
您的日志记录语句
logger.info("Request Body: {}", IOUtils.toString(requestWrapper.getInputStream()));
读取了一个InputStream,所以Spring无法读取第二遍。尝试将 IOUtils.toString(requestWrapper.getInputStream()) 替换为 new String(encryptedString, Charset.defaultCharset()).
其他实施方案
您可以实施自定义 RequestBodyAdvice,它将解密消息并根据需要更改 headers。
来自 Spring 的 JavaDoc:
Implementations of this contract may be registered directly with the RequestMappingHandlerAdapter or more likely annotated with @ControllerAdvice in which case they are auto-detected.
这里是将消息的第一个字节更改为 { 并将最后一个字节更改为 } 的建议实施示例。您的实现可以修改解密它的消息。
@ControllerAdvice
class CustomRequestBodyAdvice extends RequestBodyAdviceAdapter {
@Override
public boolean supports(MethodParameter methodParameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
return true;
}
@Override
public HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) throws IOException {
try (InputStream inputStream = inputMessage.getBody()) {
byte[] bytes = inputStream.readAllBytes();
bytes[0] = 0x7b; // 0x7b = '{'
bytes[bytes.length - 1] = 0x7d; // 0x7d = '}'
return new CustomMessage(new ByteArrayInputStream(bytes), inputMessage.getHeaders());
}
}
}
class CustomMessage implements HttpInputMessage {
private final InputStream body;
private final HttpHeaders httpHeaders;
public CustomMessage(InputStream body, HttpHeaders httpHeaders) {
this.body = body;
this.httpHeaders = httpHeaders;
}
@Override
public InputStream getBody() throws IOException {
return this.body;
}
@Override
public HttpHeaders getHeaders() {
return this.httpHeaders;
}
}
还有supports方法returns是否应该调用这个RequestBodyAdvice。在此示例中,此方法始终 returns true,但您可以创建自定义注释并检查其是否存在。
// custom annotation
@Target(ElementType.PARAMETER)
@Retention(RetentionPolicy.RUNTIME)
@interface AesEncrypted {}
// class: CustomRequestBodyAdvice
@Override
public boolean supports(MethodParameter methodParameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
return methodParameter.hasParameterAnnotation(AesEncrypted.class);
}
// controller
@PostMapping("one")
String getDecrypted(@AesEncrypted @RequestBody Data data) {
return data.value;
}
如果有人为此苦苦挣扎,那么答案就是转向 ContentCachingRequestWrapper。其他方法是使用@geobreze 建议的面向方面的变体,它解决了同样的问题。
我只需要修改我的 HttpServletRequestWrapper 以促进更改。
参考 -> https://www.baeldung.com/spring-reading-httpservletrequest-multiple-times
This class caches the request body by consuming the InputStream. If we read the InputStream in one of the filters, then other subsequent filters in the filter chain can't read it anymore. Because of this limitation, this class is not suitable in all situations.