AOP日志组件 多次获取post参数
- 需求:新增接口日志组件。通过拦截器对接口URL进行拦截处理,然后将接口post请求的参数与结果,写入日志表。
- 问题:POST方法的参数是存储在request.getInputStream中,只能读一次,不能多次读取。从中读取post请求参数,只能读取一次。在filter中获取之后,controller无法获取post请求参数。
- 解决办法:继承HttpServletRequest,先获取到请求参数,再加参数重新set到inputStream。
1.拦截器记录日志
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest)request;
String requestPath = httpRequest.getServletPath().split("\?")[0];
if(request == null){
chain.doFilter(request, response);
return ;
}
for (String noFilter : NO_FILETER_LIST) {
if(requestPath.toLowerCase().contains(noFilter)){
chain.doFilter(request, response);
return ;
}
}
Pattern pattern = Pattern.compile(".*[api|interface].*");
Matcher matcher = pattern.matcher(requestPath);
if(matcher.matches()){
LoggerManager loggerManager = SpringLoadListener.getBean("loggerManager",LoggerManager.class);
//扩展request,防止字符注入等
XssSqlHttpServletRequestWrapper xssRequest = new XssSqlHttpServletRequestWrapper((HttpServletRequest)request);
ResponseWrapper wrapResponse = new ResponseWrapper((HttpServletResponse)response);
//继续请求处理类
chain.doFilter(xssRequest, wrapResponse);
//获取URL的参数 get请求
Map<Object, Object> urlParam = xssRequest.getParameterMap();
//获取post参数
String param = xssRequest.getRequestParams();
JSONObject jObject = JSONObject.fromObject(urlParam);
jObject.put("postParam", param.toString());
String params = jObject.toString();
//获取接口处理类返回结果
byte[] data = wrapResponse.getResponseData();
String result = new String(data,"UTF-8");
//保存日志
loggerManager.operateInterfaceLogger("", params, requestPath, result);
ServletOutputStream out = response.getOutputStream();
out.write(data);
out.flush();
}else{
chain.doFilter(request, response);
}
}2.处理request请求,先获取inputStream,将请求参数复制给其他方法,同时再将获取的inputStream赋值回request中。
public class XssSqlHttpServletRequestWrapper extends HttpServletRequestWrapper
{
HttpServletRequest orgRequest = null;
private byte[] bytes;
private WrappedServletInputStream wrappedServletInputStream;
public XssSqlHttpServletRequestWrapper(HttpServletRequest request) throws IOException {
super(request);
this.orgRequest = request;
//读取输入流的请求参数,保存到bytes中
bytes = IOUtils.toByteArray(request.getInputStream());
ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes);
this.wrappedServletInputStream = new WrappedServletInputStream(byteArrayInputStream);
//把post参数重新写入请求流
reWriteInputStream();
}
/**
* 把参数重新写进请求里
*/
public void reWriteInputStream() {
wrappedServletInputStream.setStream(new ByteArrayInputStream(bytes != null ? bytes : new byte[0]));
}
@Override
public ServletInputStream getInputStream() throws IOException {
return wrappedServletInputStream;
}
@Override
public BufferedReader getReader() throws IOException {
return new BufferedReader(new InputStreamReader(wrappedServletInputStream));
}
/**
* 获取post参数
*/
public String getRequestParams() throws IOException {
return new String(bytes, this.getCharacterEncoding());
}
//清洗参数,防止xss注入
public String[] getParameterValues(String parameter)
{
String[] values = super.getParameterValues(parameter);
if (values == null) {
return null;
}
int count = values.length;
String[] encodedValues = new String[count];
for (int i = 0; i < count; i++) {
encodedValues[i] = xssEncode(values[i]);
}
return encodedValues;
}
public String getParameter(String name)
{
String value = super.getParameter(xssEncode(name));
if (value != null) {
value = xssEncode(value);
}
return value;
}
public String getHeader(String name)
{
String value = super.getHeader(xssEncode(name));
if (value != null) {
value = xssEncode(value);
}
return value;
}
private static String xssEncode(String s)
{
return StringUtil.xssEncode(s);
}
public HttpServletRequest getOrgRequest()
{
return this.orgRequest;
}
public static HttpServletRequest getOrgRequest(HttpServletRequest req)
{
if ((req instanceof XssSqlHttpServletRequestWrapper)) {
return ((XssSqlHttpServletRequestWrapper)req).getOrgRequest();
}
return req;
}
private class WrappedServletInputStream extends ServletInputStream {
public void setStream(InputStream stream) {
this.stream = stream;
}
private InputStream stream;
public WrappedServletInputStream(InputStream stream) {
this.stream = stream;
}
public int read() throws IOException {
return stream.read();
}
public boolean isFinished() {
return true;
}
public boolean isReady() {
return true;
}
public void setReadListener(ReadListener readListener) {
}
}
}3.Manager保存日志记录。对LoggerAnnotation自定义注解,实现AOP日志保存。
@LoggerAnnotation(type="INTERFACE", name="#name", params="#params", desc="#pageLink")
public String operateInterfaceLogger(String name, String params, String pageLink, String result)
{
return result;
}
@Component
@Aspect
@Async
public class LoggerOperationAop
{
private static final Logger logger = LoggerFactory.getLogger(LoggerOperationAop.class);
@Autowired
private LoggerManager loggerManager;
@Autowired
private UserManager userManager;
@Autowired
private JdbcTemplateImpl jdbcTemplate;
public LoggerOperationAop() {}
@Pointcut("@annotation(LoggerAnnotation)")
private void serviceAspect(LoggerAnnotation LoggerAnnotation) {}
@Around("serviceAspect(LoggerAnnotation)")
public Object process(ProceedingJoinPoint point, LoggerAnnotation LoggerAnnotation)
throws Throwable
{
String targetName = point.getTarget().getClass().getName();
String methodName = point.getSignature().getName();
Object[] arguments = point.getArgs();
String operationType = LoggerAnnotation.type();
String message = LoggerAnnotation.desc();
String params = LoggerAnnotation.params();
String name = LoggerAnnotation.name();
String id = LoggerAnnotation.id();
String[] paramNames = ReflectParamNames.getNames(targetName, methodName);
if ((StringUtil.isNotBlank(name)) && (name.startsWith("#"))) {
String value = SpelParser.getKey(name, "", paramNames, arguments);
if (StringUtil.isNotBlank(value)) {
targetName = value;
}
}
String methodParams = "";
if ((StringUtil.isNotBlank(params)) && (params.startsWith("#"))) {
methodParams = SpelParser.getKey(params, "", paramNames, arguments);
}
if ((StringUtil.isNotBlank(message)) && (message.startsWith("#"))) {
String value = SpelParser.getKey(message, "", paramNames, arguments);
if (StringUtil.isNotBlank(value)) {
message = value;
}
}
String userId = null;
String userName = "游客";
try {
Subject currentSubject = SecurityUtils.getSubject();
if (currentSubject != null) {
Object tmpObj = currentSubject.getSession().getAttribute("authorizeUser");
if ((tmpObj != null) && ("INTERFACE".equals(operationType))) {
userName = StringUtil.parseAny2String(tmpObj);
} else if (currentSubject.getPrincipal() != null) {
ShiroDbRealm.ShiroUser shiroUser = (ShiroDbRealm.ShiroUser)currentSubject.getPrincipal();
userId = shiroUser.getUserId();
userName = shiroUser.getLoginName();
}
}
} catch (Exception e) {
logger.info("不支持shiro技术框架");
logger.error("异常信息:{}", e.getMessage());
}
Object target = point.proceed();
try
{
String extName = DateUtil.getYearMonth(new Date());
String sql = " INSERT INTO T_E4S_DB_LOG_MESSAGE_" + extName +
" (USER_ID,USER_NAME,CLASS_NAME,METHOD_NAME,METHOD_PARAMS,LOG_DATE,LOG_MESSAGE,OPERATION_TYPE,REMARK) " +
" VALUES(?,?,?,?,?,?,?,?,?) ";
Object[] object = { userId, userName, targetName, methodName, methodParams,
new Date(), message, operationType, target };
this.jdbcTemplate.beginTranstaion();
this.jdbcTemplate.update(sql, object);
this.jdbcTemplate.commit();
}
catch (Exception ex) {
logger.error("==异常通知异常==");
logger.error("异常信息:{}", ex.getMessage());
this.jdbcTemplate.rollback();
}
return target;
}
}
LoggerFilter里一个实现了XssSqlHttpServletRequestWrapper类,其构造器自动读取了servletRequest里的输入流,并把数据保存了下来,最后又把数据重新写入servletRequest里,在filter中可以读取post请求参数,cotroller也可以再次从request里读取到post请求参数。