AOP日志组件 多次获取post参数

·  阅读 770

AOP日志组件 多次获取post参数

需求

​新增接口日志组件。通过拦截器对接口URL进行拦截处理,然后将接口post请求的参数与结果,写入日志表。

问题

​POST方法的参数是存储在request.getInputStream中,只能读一次,不能多次读取。从中读取post请求参数,只能读取一次。在filter中获取之后,controller无法获取post请求参数。

解决办法

​继承HttpServletRequest,先获取到请求参数,再加参数重新set到inputStream。

1.拦截器记录日志
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest httpRequest = (HttpServletRequest)request;
        String requestPath  = httpRequest.getServletPath().split("\\?")[0];

        if(request  == null){
            chain.doFilter(request, response);
            return ;
        }
         for (String noFilter : NO_FILETER_LIST) {
             if(requestPath.toLowerCase().contains(noFilter)){
                 chain.doFilter(request, response);
                 return ;
             }
         }

         Pattern pattern = Pattern.compile(".*[api|interface].*");
         Matcher matcher = pattern.matcher(requestPath);
         if(matcher.matches()){
             LoggerManager loggerManager = SpringLoadListener.getBean("loggerManager",LoggerManager.class);
             //扩展request,防止字符注入等
             XssSqlHttpServletRequestWrapper xssRequest = new XssSqlHttpServletRequestWrapper((HttpServletRequest)request);
             ResponseWrapper wrapResponse = new ResponseWrapper((HttpServletResponse)response);
             //继续请求处理类
             chain.doFilter(xssRequest, wrapResponse);
             //获取URL的参数 get请求
             Map<Object, Object> urlParam = xssRequest.getParameterMap();
             //获取post参数
             String param = xssRequest.getRequestParams();
             JSONObject jObject = JSONObject.fromObject(urlParam);
             jObject.put("postParam", param.toString());
             String params = jObject.toString();
             //获取接口处理类返回结果
             byte[] data = wrapResponse.getResponseData();
              String result = new String(data,"UTF-8");
              //保存日志
              loggerManager.operateInterfaceLogger("", params, requestPath, result);
              ServletOutputStream out = response.getOutputStream();
              out.write(data);
              out.flush();
         }else{
             chain.doFilter(request, response);
         }

    }
复制代码
2.处理request请求.

先获取inputStream,将请求参数复制给其他方法,同时再将获取的inputStream赋值回request中。

public class XssSqlHttpServletRequestWrapper extends HttpServletRequestWrapper
 {
         HttpServletRequest orgRequest = null;
         private byte[] bytes;
         private WrappedServletInputStream  wrappedServletInputStream;

   public XssSqlHttpServletRequestWrapper(HttpServletRequest request) throws IOException {
           super(request);
           this.orgRequest = request;
           //读取输入流的请求参数,保存到bytes中
           bytes = IOUtils.toByteArray(request.getInputStream());
           ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes);
           this.wrappedServletInputStream = new WrappedServletInputStream(byteArrayInputStream);

           //把post参数重新写入请求流
           reWriteInputStream();
   }

   /**
    * 把参数重新写进请求里
    */
    public void reWriteInputStream() {
       wrappedServletInputStream.setStream(new ByteArrayInputStream(bytes != null ? bytes : new byte[0]));
   }

    @Override
    public ServletInputStream getInputStream() throws IOException {
        return wrappedServletInputStream;
    }

    @Override
    public BufferedReader getReader() throws IOException {
        return new BufferedReader(new InputStreamReader(wrappedServletInputStream));
    }

    /**
     * 获取post参数
     */
    public String getRequestParams() throws IOException {
        return new String(bytes, this.getCharacterEncoding());
    }

   //清洗参数,防止xss注入
   public String[] getParameterValues(String parameter)
   {
           String[] values = super.getParameterValues(parameter);
           if (values == null) {
             return null;
     }
           int count = values.length;
           String[] encodedValues = new String[count];
           for (int i = 0; i < count; i++) {
             encodedValues[i] = xssEncode(values[i]);
     }
           return encodedValues;
   }

   public String getParameter(String name)
   {
           String value = super.getParameter(xssEncode(name));
           if (value != null) {
             value = xssEncode(value);
     }
           return value;
   }

   public String getHeader(String name)
   {
           String value = super.getHeader(xssEncode(name));
           if (value != null) {
             value = xssEncode(value);
     }
           return value;
   }

   private static String xssEncode(String s)
   {
           return StringUtil.xssEncode(s);
   }

   public HttpServletRequest getOrgRequest()
   {
           return this.orgRequest;
   }


   public static HttpServletRequest getOrgRequest(HttpServletRequest req)
   {
           if ((req instanceof XssSqlHttpServletRequestWrapper)) {
             return ((XssSqlHttpServletRequestWrapper)req).getOrgRequest();
     }

         return req;
   }


   private class WrappedServletInputStream extends ServletInputStream {
       public void setStream(InputStream stream) {
           this.stream = stream;
       }
       private InputStream stream;
       public WrappedServletInputStream(InputStream stream) {
           this.stream = stream;
       }
       public int read() throws IOException {
           return stream.read();
       }

       public boolean isFinished() {
           return true;
       }

       public boolean isReady() {
           return true;
       }

       public void setReadListener(ReadListener readListener) {

       }
   }

 }
复制代码
3.Manager保存日志记录。

对LoggerAnnotation自定义注解,实现AOP日志保存。

@LoggerAnnotation(type="INTERFACE", name="#name", params="#params", desc="#pageLink")
public String operateInterfaceLogger(String name, String params, String pageLink, String result)
{
    return result;

}


 @Component
 @Aspect
 @Async
 public class LoggerOperationAop
 {
   private static final Logger logger = LoggerFactory.getLogger(LoggerOperationAop.class);
   @Autowired
   private LoggerManager loggerManager;
   @Autowired
   private UserManager userManager;
   @Autowired
   private JdbcTemplateImpl jdbcTemplate;

   public LoggerOperationAop() {}

   @Pointcut("@annotation(LoggerAnnotation)")
   private void serviceAspect(LoggerAnnotation LoggerAnnotation) {}

   @Around("serviceAspect(LoggerAnnotation)")
   public Object process(ProceedingJoinPoint point, LoggerAnnotation LoggerAnnotation)
     throws Throwable
   {
     String targetName = point.getTarget().getClass().getName();
     String methodName = point.getSignature().getName();
     Object[] arguments = point.getArgs();

     String operationType = LoggerAnnotation.type();
     String message = LoggerAnnotation.desc();
     String params = LoggerAnnotation.params();
     String name = LoggerAnnotation.name();
     String id = LoggerAnnotation.id();
     String[] paramNames = ReflectParamNames.getNames(targetName, methodName);
     if ((StringUtil.isNotBlank(name)) && (name.startsWith("#"))) {
       String value = SpelParser.getKey(name, "", paramNames, arguments);
       if (StringUtil.isNotBlank(value)) {
         targetName = value;
       }
     }
     String methodParams = "";
     if ((StringUtil.isNotBlank(params)) && (params.startsWith("#"))) {
       methodParams = SpelParser.getKey(params, "", paramNames, arguments);
     }
     if ((StringUtil.isNotBlank(message)) && (message.startsWith("#"))) {
       String value = SpelParser.getKey(message, "", paramNames, arguments);
       if (StringUtil.isNotBlank(value)) {
         message = value;
       }
     }

     String userId = null;
     String userName = "游客";
     try {
         Subject currentSubject = SecurityUtils.getSubject();
         if (currentSubject != null) {
           Object tmpObj = currentSubject.getSession().getAttribute("authorizeUser");
           if ((tmpObj != null) && ("INTERFACE".equals(operationType))) {
             userName = StringUtil.parseAny2String(tmpObj);
           } else if (currentSubject.getPrincipal() != null) {
             ShiroDbRealm.ShiroUser shiroUser = (ShiroDbRealm.ShiroUser)currentSubject.getPrincipal();
             userId = shiroUser.getUserId();
             userName = shiroUser.getLoginName();
           }
         }
       } catch (Exception e) {
         logger.info("不支持shiro技术框架");
         logger.error("异常信息:{}", e.getMessage());
       }

     Object target = point.proceed();
     try
     {
       String extName = DateUtil.getYearMonth(new Date());
       String sql = " INSERT INTO T_E4S_DB_LOG_MESSAGE_" + extName + 
         " (USER_ID,USER_NAME,CLASS_NAME,METHOD_NAME,METHOD_PARAMS,LOG_DATE,LOG_MESSAGE,OPERATION_TYPE,REMARK) " + 
         " VALUES(?,?,?,?,?,?,?,?,?) ";
       Object[] object = { userId, userName, targetName, methodName, methodParams, 
         new Date(), message, operationType, target };
       this.jdbcTemplate.beginTranstaion();
       this.jdbcTemplate.update(sql, object);
       this.jdbcTemplate.commit();
     }
     catch (Exception ex) {
       logger.error("==异常通知异常==");
       logger.error("异常信息:{}", ex.getMessage());
       this.jdbcTemplate.rollback();
     }

     return target;
   }
 }
复制代码

LoggerFilter里一个实现了XssSqlHttpServletRequestWrapper类,其构造器自动读取了servletRequest里的入流,并把数据保存了下来,最后又把数据重新写入servletRequest里,在filter中可以读取post请求参数,cotroller也可以再次从request里读取到post请求参数。

分类:
后端
标签:
分类:
后端
标签:
收藏成功!
已添加到「」, 点击更改