我正在使用 HMAC 身份验证过滤器。当我访问我的 POST 请求正文时,在过滤器中,我能够在其中获取 XML。当我尝试访问 Controller 中的 XML 时,我得到一个空字符串。过滤器中的 xmlString
提供正确的 XML,但 Controller 中的 xmlString
提供空白字符串。我正在使用 Spring MVC。
我的过滤器是:
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String authorisation = httpRequest.getHeader("authorization");
String accessKeyId = authorisation.split(":")[0].split(" ")[1];
String signature = authorisation.split(":")[1];
String secretAccessKey = getSecretAccessKey(accessKeyId);
InputStream xmlStream = httpRequest.getInputStream();
String xmlString = IOUtils.toString(xmlStream, "UTF-8");
String encodedXml = new String();
try {
encodedXml = HMACEncoder.calculateHMAC(xmlString, secretAccessKey);
} catch (SignatureException e) {
e.printStackTrace();
}
if (!signature.equals(encodedXml))
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
else
chain.doFilter(request, response);
}
我的 Controller 是:
@RequestMapping(value = "/user", method = RequestMethod.POST)
public String fetchUserString(HttpServletRequest request) {
InputStream xml = null;
String xmlString = null;
try {
xml = request.getInputStream();
xmlString = IOUtils.toString(xml, "UTF-8");
} catch (IOException e) {
e.printStackTrace();
}
return xmlString;
}
最佳答案
正如 praki 所建议的,我将 XML 放在请求属性中,在我的 Controller 中,我从请求属性中获取它,然后将 XML 放在 ModelAttribute
中。这是我的代码:
我的过滤器:
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
if (httpRequest.getMethod().equalsIgnoreCase("POST")) {
String authorisation = httpRequest.getHeader("authorization");
String accessKeyId = authorisation.split(":")[0].split(" ")[1];
String signature = authorisation.split(":")[1];
String secretAccessKey = getSecretAccessKey(accessKeyId);
ServletInputStream servletStream = httpRequest.getInputStream();
String xmlString = IOUtils.toString(servletStream);
String encodedXml = new String();
try {
encodedXml = HMACEncoder.calculateHMAC(xmlString, secretAccessKey);
} catch (SignatureException e) {
e.printStackTrace();
}
httpRequest.setAttribute("content", xmlString);
if (!signature.equals(encodedXml))
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
else
chain.doFilter(request, response);
} else
chain.doFilter(request, response);
}
和我的 Controller :
@RequestMapping(value = "/add", method = RequestMethod.POST, produces = "application/xml")
public @ResponseBody Catalog addCatalog(@ModelAttribute("catalog") Catalog catalog) {
logger.info("In addCatalog with " + catalog);
catalog.getHeader().setOrganizationId(IConstant.ORGANIZATION_ID_BSL);
try {
catalog = catalogService.addCatalogIntegration(catalog);
} catch (Exception e) {
e.printStackTrace();
}
logger.info("Returning from addCatalog with " + catalog);
return catalog;
}
@ModelAttribute("catalog")
private Catalog getCatalog(HttpServletRequest request) throws Exception {
Catalog catalog = new Catalog();
try {
String xml = (String) request.getAttribute("content");
if (xml != null) {
JAXBContext jaxbContext = JAXBContext.newInstance(Catalog.class);
Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
catalog = (Catalog) unmarshaller.unmarshal(new StringReader(xml));
}
} catch (Exception e) {
e.printStackTrace();
}
return catalog;
}
关于java - 导致 POST 请求主体变空的过滤器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30092584/