2
我试图加密的响应数据之前写入HttpServletResponse的,所以我已经实现自定义的响应包装和输出streram和过滤器类,如何在过滤器加密响应数据
问题是我需要加密整个响应数据一次,但没有write(String content)方法,但有三种方法可用在ServletOutputStream类中,分别是write(int b),write(byte[] b)和write(byte[] b, int off, int len)当我运行应用程序时,只有一种方法叫做write(int b)。
那么是否有任何解决方法来获取整个响应数据作为字符串,在那里我可以调用encrypt(responseData)?
我的课是这样的:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpServletRequest = (HttpServletRequest)request;
HttpServletResponse httpServletResponse = (HttpServletResponse)response;
BufferedRequestWrapper bufferedReqest = new BufferedRequestWrapper(httpServletRequest);
BufferedServletResponseWrapper bufferedResponse = new BufferedServletResponseWrapper(httpServletResponse);
// pass the wrappers on to the next entry
chain.doFilter(bufferedReqest, bufferedResponse);
}
和
public class BufferedServletResponseWrapper extends HttpServletResponseWrapper {
private final Logger LOG = LoggerFactory.getLogger(getClass());
private ServletOutputStream outputStream;
private PrintWriter writer;
private MyServletOutputStream copier;
public BufferedServletResponseWrapper(HttpServletResponse response) throws IOException {
super(response);
}
@Override
public ServletOutputStream getOutputStream() throws IOException {
LOG.info("getOutputStream");
if (writer != null) {
throw new IllegalStateException("getWriter() has already been called on this response.");
}
if (outputStream == null) {
outputStream = getResponse().getOutputStream();
copier = new MyServletOutputStream(outputStream);
}
return copier;
}
@Override
public PrintWriter getWriter() throws IOException {
LOG.info("getWriter");
if (outputStream != null) {
throw new IllegalStateException("getOutputStream() has already been called on this response.");
}
if (writer == null) {
copier = new MyServletOutputStream(getResponse().getOutputStream());
writer = new PrintWriter(new OutputStreamWriter(copier, getResponse().getCharacterEncoding()), true);
}
return writer;
}
@Override
public void flushBuffer() throws IOException {
if (writer != null) {
writer.flush();
} else if (outputStream != null) {
copier.flush();
}
}
public byte[] getCopy() {
if (copier != null) {
return copier.getCopy();
} else {
return new byte[0];
}
}
}
和我的自定义输出流类的样子:
public class MyServletOutputStream extends ServletOutputStream{
private final Logger LOG = LoggerFactory.getLogger(getClass());
private OutputStream outputStream;
private ByteArrayOutputStream copy;
public MyServletOutputStream(OutputStream outputStream) {
this.outputStream = outputStream;
this.copy = new ByteArrayOutputStream(1024);
}
@Override
public void write(int b) throws IOException {
LOG.info("write int");
outputStream.write(b);
copy.write(b);
}
@Override
public void write(byte[] b) throws IOException {
LOG.info("write byte[]");
outputStream.write(b);
copy.write(b);
}
public byte[] getCopy() {
return copy.toByteArray();
}
}
你可以把每个字节在它自己的成['密码#更新(字节[1])'](https://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.html#update%28byte []%29),然后得到最终结果。或者通过一些密码流 – zapl 2014-11-25 10:50:17
想知道这里的'CipherOutputStream'会有帮助吗? https://docs.oracle.com/javase/7/docs/api/javax/crypto/CipherOutputStream.html – Qwerky 2014-11-25 10:51:15
@Qwerky感谢您的快速回复,任何实例如何使用它。 – Rembo 2014-11-25 14:32:21