SpingMVC Filter + HttpServletRequestWrapper 实现后台修改Request请求参数
1、封装Request请求对象,对外暴露修改请求参数的方法
package edu.mvcdemo.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import edu.mvcdemo.servlet.request.SecurityRiskRequestWrapper;
/**
* @编写人: yh.zeng
* @编写时间:2018-9-13 下午11:31:36
* @文件描述: 封装SecurityRiskRequestWrapper请求对象
*/
public class SecurityRiskRequestWrapperFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
SecurityRiskRequestWrapper requestWrapper = new SecurityRiskRequestWrapper( (HttpServletRequest) request );
chain.doFilter(requestWrapper, response);
}
@Override
public void destroy() {
}
}
2、通过Filter过滤器拦截请求对象,并进行封装
package edu.mvcdemo.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import edu.mvcdemo.servlet.request.SecurityRiskRequestWrapper;
/**
* @编写人: yh.zeng
* @编写时间:2018-9-13 下午11:31:36
* @文件描述: 封装SecurityRiskRequestWrapper请求对象
*/
public class SecurityRiskRequestWrapperFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
SecurityRiskRequestWrapper requestWrapper = new SecurityRiskRequestWrapper( (HttpServletRequest) request );
chain.doFilter(requestWrapper, response);
}
@Override
public void destroy() {
}
}
3. demo
ModifyParamsDemoInterceptor.java
package edu.mvcdemo.interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import edu.mvcdemo.servlet.request.SecurityRiskRequestWrapper;
/**
* @编写人: yh.zeng
* @编写时间:2018-9-16 下午12:39:11
* @文件描述: todo
*/
public class ModifyParamsDemoInterceptor implements HandlerInterceptor{
/**
* 是否需要将当前请求拦截下来,方法将在Controller处理之前进行调用
* 返回false,则请求被拦截下来,即不继续往下执行
* 返回true,继续往下执行
*/
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
SecurityRiskRequestWrapper req = (SecurityRiskRequestWrapper)request;
req.addParameter("userName", "被ModifyParamsDemoInterceptor篡改了!");
return true;
}
/**
* postHandle是在Controller的方法调用之后执行,但是它会在DispatcherServlet进行视图的渲染之前执行,
* 也就是说在这个方法中你可以对ModelAndView进行操作。
*/
@Override
public void postHandle(HttpServletRequest request,
HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
}
/**
* afterCompletion将在整个请求完成之后,也就是DispatcherServlet渲染了视图后执行,
* 这个方法的主要作用是用于清理资源的,
*/
@Override
public void afterCompletion(HttpServletRequest request,
HttpServletResponse response, Object handler, Exception ex)
throws Exception {
}
}
ModifyParamsDemoController.java
package edu.mvcdemo.controller;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import edu.mvcdemo.model.User;
/**
* @编写人: yh.zeng
* @编写时间:2018-9-16 上午11:52:55
* @文件描述: 通过SecurityRiskRequestWrapper对象,修改页面请求参数Demo
*/
@Controller
@RequestMapping(value="/SecurityRiskTest")
public class ModifyParamsDemoController {
@RequestMapping(value="/modiyParams",produces = "text/html; charset=utf-8")
@ResponseBody
private String modiyParams(User user, HttpServletResponse response){
return user.toString();
}
}
浏览器输入:http://localhost:8080/MavenSpringMvcDemo/SecurityRiskTest/modiyParams