Spring Boot 中getReader() has already been called问题处理

最新推荐文章于 2025-01-06 17:26:41 发布
原创 最新推荐文章于 2025-01-06 17:26:41 发布 · 1.7k 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#java #开发语言

本文介绍了在Spring Boot应用中遇到getReader()已调用问题的背景和原因,即HttpServletRequest的流只能读取一次。提出了通过自定义HttpServletRequest包装类BodyReaderHttpServletRequestWrapper来保存Request Body,并覆盖getReader()和getInputStream()的方法,实现流的重新读取。同时,文章还强调了若要兼容form-data请求,需启用hiddenmethod过滤器,可在Spring Boot配置文件中进行相应设置。

1、问题:HttpServletRequest 的 getInputStream() 和 getReader() 都只能读取一次,由于 Request Body 是流的形式读取,流读了一次就没有,所以只能被调用一次,调用第二次就报错了。

2、解决方案:自定义HttpServletRequest包装类BodyReaderHttpServletRequestWrapper,然后放到过滤链

具体:先将 Request Body 保存,然后通过 Servlet 自带的 HttpServletRequestWrapper 类覆盖 getReader() 和getInputStream() 方法,使流从保存的body读取。然后再Filter中将ServletRequest替换为AuthenticationRequestWrapper。

package cn.gbits.oa.kernelsdk.security.xss;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.HashMap;
import java.util.Map;

import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

import org.springframework.util.StringUtils;

import cn.gbits.oa.kernelsdk.utils.JsoupUtil;
import cn.gbits.oa.kernelsdk.utils.SerializeUtils;


public class BodyReaderHttpServletRequestWrapper extends HttpServletRequestWrapper {
    private String requestBody = null;
    HttpServletRequest orgRequest = null;
    private boolean isIncludeRichText = false;
    private Map<String, String[]> requestMap = null;

    public BodyReaderHttpServletRequestWrapper(HttpServletRequest request) {
        super(request);
        orgRequest = request;
        if (requestBody == null) {
            try {
                requestMap = new HashMap<String, String[]>();
                requestBody = JsoupUtil.clean(readBody(request)).replaceAll("&nbsp;", "").replaceAll("&amp;", "&");

                /*
                 * String[] strs = requestBody.substring(1, requestBody.length()-1).split(","); requestBody="{"; for(String s:strs){ String[] ms =
                 * s.trim().split("="); if(ms.length>1&&ms[1]!=null) { if(!ms[0].startsWith("\"")){ requestBody+="\""+ms[0]+"\""+":"; }
                 * if(!ms[1].startsWith("\"")) { requestBody+="\""+ms[1]+"\""+","; } } } if(requestBody.endsWith(",")) {
                 * requestBody=requestBody.substring(0,requestBody.length()-1); } requestBody+="}";
                 */
            } catch (Exception ex) {

            }
        }
    }

    public String getRequestBody() {
        return requestBody;
    }

    @Override
    public BufferedReader getReader() throws IOException {
        return new BufferedReader(new InputStreamReader(getInputStream()));
    }

    @Override
    public ServletInputStream getInputStream() throws IOException {
        return new CustomServletInputStream(requestBody);
    }

    @Override
    public Map<String, String[]> getParameterMap() {
        return requestMap;
    }

    private static String readBody(ServletRequest request) {
        StringBuilder sb = new StringBuilder();
        String inputLine;
        BufferedReader br = null;
        try {
            br = request.getReader();
            while ((inputLine = br.readLine()) != null) {
                sb.append(inputLine);
            }
        } catch (IOException e) {
            throw new RuntimeException("Failed to read body.", e);
        } finally {
            if (br != null) {
                try {
                    br.close();
                } catch (IOException e) {
                }
            }
        }
        return sb.toString();
    }

    private class CustomServletInputStream extends ServletInputStream {
        private ByteArrayInputStream buffer;

        public CustomServletInputStream(String body) {
            body = body == null ? "" : body;
            this.buffer = new ByteArrayInputStream(body.getBytes());
        }

        @Override
        public int read() throws IOException {
            return buffer.read();
        }

        @Override
        public boolean isFinished() {
            return buffer.available() == 0;
        }

        @Override
        public boolean isReady() {
            return true;
        }

        @Override
        public void setReadListener(ReadListener listener) {
            throw new RuntimeException("Not implemented");
        }
    }

    /**
     * 覆盖getParameter方法,将参数名和参数值都做xss过滤。<br/>
     * 如果需要获得原始的值,则通过super.getParameterValues(name)来获取<br/>
     * getParameterNames,getParameterValues和getParameterMap也可能需要覆盖
     */
    @Override
    public String getParameter(String name) {
        if (("content".equals(name) || name.endsWith("WithHtml")) && !isIncludeRichText) {
            return super.getParameter(name);
        }
        name = JsoupUtil.clean(name);
        String value = super.getParameter(name);
        if (!StringUtils.isEmpty(value)) {
            value = JsoupUtil.clean(value);
        }
        return value;
    }

    @Override
    public String[] getParameterValues(String name) {
        String[] arr = super.getParameterValues(name);

        if (arr != null) {
            for (int i = 0; i < arr.length; i++) {
                arr[i] = JsoupUtil.clean(arr[i]);
            }
        } else {
            if (!this.requestBody.isEmpty()) {
                arr = new String[1];
                arr[0] = SerializeUtils.getStringFromJsonNode(SerializeUtils.convertJsonString2ObjectNode(this.requestBody), name);
            }
        }
        return arr;
    }

    /**
     * 覆盖getHeader方法,将参数名和参数值都做xss过滤。<br/>
     * 如果需要获得原始的值,则通过super.getHeaders(name)来获取<br/>
     * getHeaderNames 也可能需要覆盖
     */
    @Override
    public String getHeader(String name) {
        name = JsoupUtil.clean(name);
        String value = super.getHeader(name);
        if (!StringUtils.isEmpty(value)) {
            value = JsoupUtil.clean(value);
        }
        return value;
    }

    /**
     * 获取最原始的request
     * 
     * @return
     */
    public HttpServletRequest getOrgRequest() {
        return orgRequest;
    }

    /**
     * 获取最原始的request的静态方法
     * 
     * @return
     */
    public static HttpServletRequest getOrgRequest(HttpServletRequest req) {
        if (req instanceof BodyReaderHttpServletRequestWrapper) {
            return ((BodyReaderHttpServletRequestWrapper) req).getOrgRequest();
        }

        return req;
    }

}

package cn.gbits.oa.security.xss;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.springframework.web.filter.GenericFilterBean;

/**
 * 核心请求处理,xss攻击过滤
 */
public class FileTranFilter extends GenericFilterBean {
    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
        BodyReaderHttpServletRequestWrapper myRequest = new BodyReaderHttpServletRequestWrapper((HttpServletRequest) request);
        filterChain.doFilter(myRequest, response);
    }
}

package cn.qh.filecenter.config;

import cn.gbits.oa.kernelsdk.accesslog.AccessLoggingFilter;
import cn.gbits.oa.kernelsdk.config.HttpSessionConfig;
import cn.gbits.oa.kernelsdk.security.xss.KernelTranFilter;
import org.springframework.context.annotation.Configuration;
import org.springframework.scheduling.annotation.EnableAsync;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.web.cors.CorsUtils;
import org.springframework.web.filter.CorsFilter;


@Configuration
@EnableWebSecurity
public class FileCenterConfig extends HttpSessionConfig{
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.csrf().disable()
				.cors()
				.and()
				.authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
				.and()
				.addFilterAfter(new AccessLoggingFilter(), CorsFilter.class)
				.addFilterAfter(new FileTranFilter(), AccessLoggingFilter.class)
				.addFilterAfter(SessionFilter.getInstance(),AccessLoggingFilter.class)
    			;
	}
}

3、特别注意:如果当前服务需要兼容form-data表单请求,还需要将 hiddenmethod 过滤器设置为启用,即在Spring Boot 的配置文件 application.properties加上以下配置即可

spring.mvc.hiddenmethod.filter.enabled=true

原因是在 Spring Boot 的 META-INF/spring-configuration-metadata.json 配置文件中,默认是关闭 Spring 的 hiddenmethod 过滤器的,只有在开启时,可以将请求转换为标准的http方法,使得支持GET、POST、PUT与DELETE请求,该过滤器为HiddenHttpMethodFilter。 

Alen.23.1.14.7
关注
getReader() has already been called for this request
默默不代表沉默
06-23 4360
解决body流数据只能读取一次的问题
自定义拦截器——Springboot/获取参数/手写response/400问题
孤星的博客
04-22 2057
创建自定义拦截器 首先,需要创建一个类实现HandlerInterceptor接口或者继承HandlerInterceptorAdapter抽象类 此处使用实现Handle Interceptor的方式自定义拦截器,实际使用时无太大区别 package common; import org.springframework.stereotype.Component; import org.springframework.web.servlet.HandlerInterceptor; import org.s
spring boot项目拦截拦截请求后使用request.getInputStream(); 在后续的方法中无法获取到参数的问题
weixin_41807355的博客
06-08 807
spring boot项目拦截拦截请求后使用request.getInputStream(); 在后续的方法中无法获取到参数的问题
SpringBoot 解决 getReader() has already been called for this request
Charge8的博客
02-03 4626
SpringBoot 解决 getReader() has already been called for this request
解决:getReader() has already been called for this request
09-02
Java开发中,出现`getReader() has already been called for this request`错误,是因为`HttpServletRequest`中的内容只能被读取一次,第二次读取就会报错。解决该问题可使用`HttpServletRequestWrapper`来实现...
解决:getReader() has already been called for this request 不要使用javax,使用Jakarta
最新发布
09-02
在不使用 `javax` 而是使用 `Jakarta` 的情况下,要解决 `getReader() has already been called for this request` 问题,可以通过自定义过滤器来实现请求体的可重复读取。下面是一个示例代码,它使用了 `Jakarta` ...
getinputstream has already been called for this request是这个用法导致到错误吗
07-21
我们正在讨论的问题是:在Spring Boot接口中同时使用`@RequestBody`和`MultipartFile`作为参数,是否会导致`getInputStream has already been called for this request`异常? 根据引用内容,我们可以分析如下: 1...
getReader() has already been called for this request 问题解决
qq_43570058的博客
05-13 6631
getReader() has already been called for this request 问题解决 在java里面写了个拦截器。处理请求参数中的特殊字符。使用request.getReader()的时候,报了 getReader() has already been called for this request 解决方案, 先把request.getReader()保存到 body中,然后重写 getReader()getInputStream() 方法。 import jodd
getOutputStream() has already been called for this response异常的原因和解决方法[转]
weixin_34377065的博客
05-04 2756
1.在tomcat6.0下jsp出现getOutputStream() has already been called for this response异常的原因和解决方法   在tomcat6.0下jsp中出现此错误一般都是在jsp中使用了输出流(如输出图片验证码,文件下载等),没有妥善处理好的原因。   具体的原因就是:  在tomcat中jsp编译成servlet之后在函数_jspSe...
异常:getReader() has already been called for this request
文盲青年的博客
12-26 1275
https://blog.youkuaiyun.com/mazhen1991/article/details/80695473
问题记录】SpringBoot 解决 getReader() has already been called for this request 错误
学习记录
01-06 1490
根据Servlet规范,Servlet规范不允许直接多次读取请求体。由于我在拦截器中读取了请求体的信息,又在controller层中使用@RequestBody来获取请求体的信息,导致多次读取请求体的信息,抛出IllegalStateException异常。类,把请求体信息保存在 CacheRequestBodyWrapper。方法,返回新的流对象。这样就可以多次读取请求体信息。完成这些配置后再访问接口就不会报错了!在配置类中注册过滤器。
java getreader_异常处理getReader() has already been called for this request
weixin_39606177的博客
02-16 628
场景描述:在 Spring Boot 自定义拦截器中,需要对请求 body 中的内容做签名验证。在日志切面中,需要打印请求 body 中的内容。报错内容:java.lang.IllegalStateException: getReader() has already been called forthis requestat org.apache.catalina.connector.Reques...
【Exception】getReader() has already been called for this request
HaHa_Sir的博客
05-06 1590
【Exception】getReader() has already been called for this request 一、问题描述 1、在SpringMVC的拦截器中,使用了一次 HttpServletRequest 的 getInputStream()getReader() 的方法后,再次在调用,就会抛出异常: getReader() has already been called for this request 2、最简单的触发: @RequestMapp.
评论 1
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值