1

我有一个简单的 JSON 清理过滤器/RequestWrapper(内容类型是application/json)。getReader(), getInputStream(), getParameter*()但是,在我的包装器中没有调用任何重要的覆盖 ( )。

这是我的过滤器:

public class MyFilter implements Filter 
{

    public MyFilter()
    {
        //Empty
    }

    @Override
    public void init(final FilterConfig filterConfig) throws ServletException
    {
        //Empty
    }

    @Override
    public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
            throws IOException, ServletException
    {
        HttpServletRequest httpRequest = (HttpServletRequest)request;
        HttpServletResponse httpResponse = (HttpServletResponse)response;
        MyRequestWrapper wrappedRequest = new MyRequestWrapper(httpRequest);

        chain.doFilter(wrappedRequest, httpResponse);
    }

    @Override
    public void destroy() 
    {
        // TODO Auto-generated method stub

    }
}

这是我的包装:

public class MyRequestWrapper extends HttpServletRequestWrapper
{
    private HttpServletRequest servletRequest;

    public MyRequestWrapper(HttpServletRequest servletRequest) 
    {
        super(servletRequest);
        this.servletRequest = servletRequest;
    }

    @Override
    public String[] getParameterValues(String parameter)
    {
        String[] values = super.getParameterValues(parameter);

        if (values == null) 
        {
            return null;
        }

        int count = values.length;
        String[] sanitizedValues = new String[count];
        for (int i = 0; i < count; i++)
        {
            sanitizedValues[i] = sanitizeUserInput(values[i]);
        }

        return sanitizedValues;
    }

    @Override
    public String getParameter(String parameter)
    {
        String value = super.getParameter(parameter);
        return sanitizeUserInput(value);
    }

    @Override
    public ServletInputStream getInputStream() throws IOException 
    {
        return this.servletRequest.getInputStream();
    }

    @Override
    public BufferedReader getReader() throws IOException
    {
        return new BufferedReader(new InputStreamReader(this.getInputStream()));
    }

    private String sanitizeUserInput(String input) 
    {
        // ...
        return input;
    }
}

我也尝试过覆盖 getParameterMap()、getHeaders() 等。一些覆盖被调用 - 但是当我的 json 发布到 servlet 时不会。过滤器链中的另一个过滤器是否有可能吞下柱体?有什么想法可以调试这个,或者有人知道会出什么问题吗?

谢谢

4

0 回答 0