接口安全防线加解密(二)：加密后请求异常和文件上传处理

1.加密请求异常后请求/error处理

目的：解决解密时，解密时参数对象类型不同导致抛出异常后接口二次请求到/error的问题
方式：设置异常拦截器，自定义捕获异常。

@RestControllerAdvice
public class GlobalExceptionConfig {
    private static Logger logger = LogManager.getLogger(GlobalExceptionConfig.class);

    //自定义捕获异常，加密返回前端数据
    @ExceptionHandler(value = Exception.class)
    public JSONObject AllException(Exception e) {
        logger.error(e.getMessage());
        e.printStackTrace();
        String data = EncryptApi(e.getMessage());
        JSONObject json = new JSONObject();
        json.put("data", data);
        return json;
    }


    public String EncryptApi(String data) {
        //加密返回前端数据
    }
}

2.HttpServletRequestWrapper处理文件被破坏的问题

1.对文件上传的的请求不进行string读取，进行byte[] 转换
2.不对文件上传加密
3.文件上传有数据时，原路返还

重点是

bodyBytes= StreamUtils.copyToByteArray(inputStream);

和

if(bodyBytes!=null&&bodyBytes.length>0){
byteArrayInputStream = new ByteArrayInputStream(bodyBytes);
}else {
byteArrayInputStream = new ByteArrayInputStream(body.getBytes());
}

import org.springframework.http.MediaType;
import org.springframework.util.StreamUtils;

import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.*;
import java.util.*;

public class RequestWrapper extends HttpServletRequestWrapper {
private String body;
private byte[] bodyBytes;
private Map<String, String[]> params = new HashMap<String, String[]>();

    public RequestWrapper(HttpServletRequest request) {
        super(request);
        StringBuilder stringBuilder = new StringBuilder();
        BufferedReader bufferedReader = null;
        InputStream inputStream = null;
        try {
            inputStream = request.getInputStream();
            String contentType = request.getContentType();
            //RequestWrapper继承了HttpServletRequestWrapper，获取request并读取了inputstream把inputsream转为string，而文件上传时，inpustream转为string，就会出现解析出错，文件损坏
            if (contentType!=null&& contentType.startsWith(MediaType.MULTIPART_FORM_DATA_VALUE)) {
                bodyBytes= StreamUtils.copyToByteArray(inputStream);
                inputStream= new ByteArrayInputStream(bodyBytes);
            }

            if (inputStream != null) {
                bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
                char[] charBuffer = new char[128];
                int bytesRead = -1;
                while ((bytesRead = bufferedReader.read(charBuffer)) > 0) {
                    stringBuilder.append(charBuffer, 0, bytesRead);
                }
            } else {
                stringBuilder.append("");
            }
        } catch (IOException ex) {

        } finally {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
        }
        this.body = stringBuilder.toString();
        this.params.putAll(request.getParameterMap());
    }


    @Override
    public Map<String, String[]> getParameterMap() {
        return params;
    }


    @Override
    public ServletInputStream getInputStream() throws IOException {

         ByteArrayInputStream byteArrayInputStream =null;
        if(bodyBytes!=null&&bodyBytes.length>0){
            byteArrayInputStream = new ByteArrayInputStream(bodyBytes);
        }else {
            byteArrayInputStream = new ByteArrayInputStream(body.getBytes());
        }

        ByteArrayInputStream finalByteArrayInputStream = byteArrayInputStream;
        ServletInputStream servletInputStream = new ServletInputStream() {
            @Override
            public boolean isFinished() {
                return false;
            }

            @Override
            public boolean isReady() {
                return false;
            }

            @Override
            public void setReadListener(ReadListener readListener) {
            }

            @Override
            public int read() throws IOException {
                return finalByteArrayInputStream.read();
            }
        };
        return servletInputStream;
    }


    // 重载一个构造方法
    public RequestWrapper(HttpServletRequest request, Map<String, Object> extendParams, String body) {
        this(request);
        if (body != null && body.length() > 0) {
            setBody(body);
        }
        if (extendParams.size() > 0) {
            addAllParameters(extendParams);// 这里将扩展参数写入参数表
        }
    }


    @Override
    public BufferedReader getReader() throws IOException {
        return new BufferedReader(new InputStreamReader(this.getInputStream()));
    }

    public String getBody() {
        return this.body;
    }

    // 赋值给body字段
    public void setBody(String body) {
        this.body = body;
    }


    @Override
    public String getParameter(String name) {// 重写getParameter，代表参数从当前类中的map获取
        String[] values = params.get(name);
        if (values == null || values.length == 0) {
            return null;
        }
        return values[0];
    }

    public String[] getParameterValues(String name) {// 同上
        return params.get(name);
    }


    /**
     * 修改此方法主要是因为当RequestMapper中的参数为pojo类型时，
     * 会通过此方法获取所有的请求参数并进行遍历，对pojo属性赋值
     *
     * @return
     */
    @Override
    public Enumeration<String> getParameterNames() {// 同上
        ArrayList<String> list = list = new ArrayList<>();
        for (Map.Entry<String, String[]> entry : params.entrySet()) {
            list.add(entry.getKey());
        }
        return Collections.enumeration(list);
    }

    public void addAllParameters(Map<String, Object> otherParams) {// 增加多个参数
        for (Map.Entry<String, Object> entry : otherParams.entrySet()) {
            addParameter(entry.getKey(), entry.getValue());
        }
    }


    public void addParameter(String name, Object value) {// 增加参数
        if (value != null) {
            if (value instanceof String[]) {
                params.put(name, (String[]) value);
            } else if (value instanceof String) {
                params.put(name, new String[]{(String) value});
            } else {
                params.put(name, new String[]{String.valueOf(value)});
            }
        }
    }

    public byte[] getBodyBytes() {
        return bodyBytes;
    }

    public void setBodyBytes(byte[] bodyBytes) {
        this.bodyBytes = bodyBytes;
    }
}