struts2 源码分析 request ---设置setParameters 的值 二
来源:互联网 发布:便携式设备恢复数据 编辑:程序博客网 时间:2024/06/16 22:57
StrutsRequestWrapper
/* */ package org.apache.struts2.dispatcher;/* */ /* */ import com.opensymphony.xwork2.ActionContext;/* */ import com.opensymphony.xwork2.util.ValueStack;/* */ import javax.servlet.http.HttpServletRequest;/* */ import javax.servlet.http.HttpServletRequestWrapper;/* */ /* */ public class StrutsRequestWrapper extends HttpServletRequestWrapper/* */ {/* */ public StrutsRequestWrapper(HttpServletRequest req)/* */ {/* 49 */ super(req);/* */ }/* */ /* */ public Object getAttribute(String s)/* */ {/* 58 */ if ((s != null) && (s.startsWith("javax.servlet")))/* */ {/* 61 */ return super.getAttribute(s);/* */ }/* */ /* 64 */ ActionContext ctx = ActionContext.getContext();/* 65 */ Object attribute = super.getAttribute(s);/* 66 */ if ((ctx != null) && /* 67 */ (attribute == null)) {/* 68 */ boolean alreadyIn = false;/* 69 */ Boolean b = (Boolean)ctx.get("__requestWrapper.getAttribute");/* 70 */ if (b != null) {/* 71 */ alreadyIn = b.booleanValue();/* */ }/* */ /* 76 */ if ((!alreadyIn) && (s.indexOf("#") == -1)) {/* */ try/* */ {/* 79 */ ctx.put("__requestWrapper.getAttribute", Boolean.TRUE);/* 80 */ ValueStack stack = ctx.getValueStack();/* 81 */ if (stack != null)/* 82 */ attribute = stack.findValue(s);/* */ }/* */ finally {/* 85 */ ctx.put("__requestWrapper.getAttribute", Boolean.FALSE);/* */ }/* */ }/* */ }/* */ /* 90 */ return attribute;/* */ }/* */ }/* Location: C:\Documents and Settings\wb_zypt\妗岄潰\lib\struts2-core-2.2.1.1.jar * Qualified Name: org.apache.struts2.dispatcher.StrutsRequestWrapper * JD-Core Version: 0.6.0 */
MultiPartRequestWrapper
package org.apache.struts2.dispatcher.multipart;import com.opensymphony.xwork2.util.logging.Logger;import com.opensymphony.xwork2.util.logging.LoggerFactory;import java.io.File;import java.io.IOException;import java.util.ArrayList;import java.util.Collection;import java.util.Enumeration;import java.util.HashMap;import java.util.Iterator;import java.util.List;import java.util.Map;import java.util.Vector;import javax.servlet.http.HttpServletRequest;import org.apache.struts2.dispatcher.StrutsRequestWrapper;public class MultiPartRequestWrapper extends StrutsRequestWrapper{ protected static final Logger LOG = LoggerFactory.getLogger(MultiPartRequestWrapper.class); Collection<String> errors; //struts2是默认是从这个里面去取值的。没有的话才去原生request里面去取值 MultiPartRequest multi; public MultiPartRequestWrapper(MultiPartRequest multiPartRequest, HttpServletRequest request, String saveDir) { super(request); this.multi = multiPartRequest; try { this.multi.parse(request, saveDir); for (i$ = this.multi.getErrors().iterator(); i$.hasNext(); ) { Object o = i$.next(); String error = (String)o; addError(error); } } catch (IOException e) { Iterator i$; addError("Cannot parse request: " + e.toString()); } } public Enumeration<String> getFileParameterNames() { if (this.multi == null) { return null; } return this.multi.getFileParameterNames(); } public String[] getContentTypes(String name) { if (this.multi == null) { return null; } return this.multi.getContentType(name); } public File[] getFiles(String fieldName) { if (this.multi == null) { return null; } return this.multi.getFile(fieldName); } public String[] getFileNames(String fieldName) { if (this.multi == null) { return null; } return this.multi.getFileNames(fieldName); } public String[] getFileSystemNames(String fieldName) { if (this.multi == null) { return null; } return this.multi.getFilesystemName(fieldName); } public String getParameter(String name) { return (this.multi == null) || (this.multi.getParameter(name) == null) ? super.getParameter(name) : this.multi.getParameter(name); } public Map getParameterMap() { Map map = new HashMap(); Enumeration enumeration = getParameterNames(); while (enumeration.hasMoreElements()) { String name = (String)enumeration.nextElement(); map.put(name, getParameterValues(name)); } return map; } public Enumeration getParameterNames() { if (this.multi == null) { return super.getParameterNames(); } return mergeParams(this.multi.getParameterNames(), super.getParameterNames()); } public String[] getParameterValues(String name) { return (this.multi == null) || (this.multi.getParameterValues(name) == null) ? super.getParameterValues(name) : this.multi.getParameterValues(name); } public boolean hasErrors() { return (this.errors != null) && (!this.errors.isEmpty()); } public Collection<String> getErrors() { return this.errors; } protected void addError(String anErrorMessage) { if (this.errors == null) { this.errors = new ArrayList(); } this.errors.add(anErrorMessage); } protected Enumeration mergeParams(Enumeration params1, Enumeration params2) { Vector temp = new Vector(); while (params1.hasMoreElements()) { temp.add(params1.nextElement()); } while (params2.hasMoreElements()) { temp.add(params2.nextElement()); } return temp.elements(); }}
MultiPartRequest
package org.apache.struts2.dispatcher.multipart;import com.opensymphony.xwork2.inject.Inject;import com.opensymphony.xwork2.util.logging.Logger;import com.opensymphony.xwork2.util.logging.LoggerFactory;import java.io.File;import java.io.IOException;import java.io.InputStream;import java.io.UnsupportedEncodingException;import java.util.ArrayList;import java.util.Collections;import java.util.Enumeration;import java.util.HashMap;import java.util.List;import java.util.Map;import javax.servlet.http.HttpServletRequest;import org.apache.commons.fileupload.FileItem;import org.apache.commons.fileupload.FileUploadException;import org.apache.commons.fileupload.RequestContext;import org.apache.commons.fileupload.disk.DiskFileItem;import org.apache.commons.fileupload.disk.DiskFileItemFactory;import org.apache.commons.fileupload.servlet.ServletFileUpload;public class JakartaMultiPartRequest implements MultiPartRequest{ static final Logger LOG = LoggerFactory.getLogger(MultiPartRequest.class); protected Map<String, List<FileItem>> files = new HashMap(); protected Map<String, List<String>> params = new HashMap(); protected List<String> errors = new ArrayList(); protected long maxSize; @Inject("struts.multipart.maxSize") public void setMaxSize(String maxSize) { this.maxSize = Long.parseLong(maxSize); } public void parse(HttpServletRequest request, String saveDir) throws IOException { try { processUpload(request, saveDir); } catch (FileUploadException e) { LOG.warn("Unable to parse request", e, new String[0]); this.errors.add(e.getMessage()); } } private void processUpload(HttpServletRequest request, String saveDir) throws FileUploadException, UnsupportedEncodingException { for (FileItem item : parseRequest(request, saveDir)) { if (LOG.isDebugEnabled()) { LOG.debug("Found item " + item.getFieldName(), new String[0]); } if (item.isFormField()) processNormalFormField(item, request.getCharacterEncoding()); else processFileField(item); } } private void processFileField(FileItem item) { LOG.debug("Item is a file upload", new String[0]); if ((item.getName() == null) || (item.getName().trim().length() < 1)) { LOG.debug("No file has been uploaded for the field: " + item.getFieldName(), new String[0]); return; } List values; List values; if (this.files.get(item.getFieldName()) != null) values = (List)this.files.get(item.getFieldName()); else { values = new ArrayList(); } values.add(item); this.files.put(item.getFieldName(), values); } private void processNormalFormField(FileItem item, String charset) throws UnsupportedEncodingException { LOG.debug("Item is a normal form field", new String[0]); List values; List values; if (this.params.get(item.getFieldName()) != null) values = (List)this.params.get(item.getFieldName()); else { values = new ArrayList(); } if (charset != null) values.add(item.getString(charset)); else { values.add(item.getString()); } this.params.put(item.getFieldName(), values); } //解析request的值 private List<FileItem> parseRequest(HttpServletRequest servletRequest, String saveDir) throws FileUploadException { DiskFileItemFactory fac = createDiskFileItemFactory(saveDir); ServletFileUpload upload = new ServletFileUpload(fac); upload.setSizeMax(this.maxSize); return upload.parseRequest(createRequestContext(servletRequest)); } private DiskFileItemFactory createDiskFileItemFactory(String saveDir) { DiskFileItemFactory fac = new DiskFileItemFactory(); fac.setSizeThreshold(0); if (saveDir != null) { fac.setRepository(new File(saveDir)); } return fac; } public Enumeration<String> getFileParameterNames() { return Collections.enumeration(this.files.keySet()); } public String[] getContentType(String fieldName) { List items = (List)this.files.get(fieldName); if (items == null) { return null; } List contentTypes = new ArrayList(items.size()); for (FileItem fileItem : items) { contentTypes.add(fileItem.getContentType()); } return (String[])contentTypes.toArray(new String[contentTypes.size()]); } public File[] getFile(String fieldName) { List items = (List)this.files.get(fieldName); if (items == null) { return null; } List fileList = new ArrayList(items.size()); for (FileItem fileItem : items) { fileList.add(((DiskFileItem)fileItem).getStoreLocation()); } return (File[])fileList.toArray(new File[fileList.size()]); } public String[] getFileNames(String fieldName) { List items = (List)this.files.get(fieldName); if (items == null) { return null; } List fileNames = new ArrayList(items.size()); for (FileItem fileItem : items) { fileNames.add(getCanonicalName(fileItem.getName())); } return (String[])fileNames.toArray(new String[fileNames.size()]); } public String[] getFilesystemName(String fieldName) { List items = (List)this.files.get(fieldName); if (items == null) { return null; } List fileNames = new ArrayList(items.size()); for (FileItem fileItem : items) { fileNames.add(((DiskFileItem)fileItem).getStoreLocation().getName()); } return (String[])fileNames.toArray(new String[fileNames.size()]); } public String getParameter(String name) { List v = (List)this.params.get(name); if ((v != null) && (v.size() > 0)) { return (String)v.get(0); } return null; } public Enumeration<String> getParameterNames() { return Collections.enumeration(this.params.keySet()); } public String[] getParameterValues(String name) { List v = (List)this.params.get(name); if ((v != null) && (v.size() > 0)) { return (String[])v.toArray(new String[v.size()]); } return null; } public List getErrors() { return this.errors; } private String getCanonicalName(String filename) { int forwardSlash = filename.lastIndexOf("/"); int backwardSlash = filename.lastIndexOf("\\"); if ((forwardSlash != -1) && (forwardSlash > backwardSlash)) filename = filename.substring(forwardSlash + 1, filename.length()); else if ((backwardSlash != -1) && (backwardSlash >= forwardSlash)) { filename = filename.substring(backwardSlash + 1, filename.length()); } return filename; } private RequestContext createRequestContext(HttpServletRequest req) { return new RequestContext(req) { public String getCharacterEncoding() { return this.val$req.getCharacterEncoding(); } public String getContentType() { return this.val$req.getContentType(); } public int getContentLength() { return this.val$req.getContentLength(); } public InputStream getInputStream() throws IOException { InputStream in = this.val$req.getInputStream(); if (in == null) { throw new IOException("Missing content in the request"); } return this.val$req.getInputStream(); } }; }}
strtus2通过 ServletActionContext.getRequest() 获取Request。
获取的Request对象有可能是MultiPartRequestWrapper也有可能是StrutsRequestWrapper
为了动态像Request设置值,通过源码了解。通过以下方法可以动态获取值。
如果没有用strtus2中获取的Request是原生的Request的话,就直接可以通过
Map m = getRequest().getParameterMap();m.put(key, val);
下列方法是获取原生的request然后修改里面的map
MultiPartRequestWrapper--StrutsRequestWrapper--- HttpServletRequestWrapper- ServletRequestWrapper--ServletRequest
ServletRequestWrapper 源码。我们只要拿到ServletRequestWrapper中的request对象,修改里面的map就可以达到setParameters的效果。这种方法比上一种方法简洁一点。
/* */ package javax.servlet;/* */ /* */ import java.io.BufferedReader;/* */ import java.io.IOException;/* */ import java.io.UnsupportedEncodingException;/* */ import java.util.Enumeration;/* */ import java.util.Locale;/* */ import java.util.Map;/* */ /* */ public class ServletRequestWrapper/* */ implements ServletRequest/* */ {/* */ private ServletRequest request;/* */ /* */ public ServletRequestWrapper(ServletRequest request)/* */ {/* 95 */ if (request == null) {/* 96 */ throw new IllegalArgumentException("Request cannot be null");/* */ }/* 98 */ this.request = request;/* */ }/* */ /* */ public ServletRequest getRequest()/* */ {/* 105 */ return this.request;/* */ }
/** * 获取原生的requst * public class ServletRequestWrapper * implements ServletRequest * { * private ServletRequest request; * @return */ public HttpServletRequest getSoundServletRequest(HttpServletRequest request){ HttpServletRequest httpServletRequest = getRequest(); try{ Class<?> c = getSoundServletRequestClass(request.getClass()); if(c!=null){ Field requestField = c.getDeclaredField("request"); if(requestField!=null){ requestField.setAccessible(true); httpServletRequest = (HttpServletRequest)requestField.get(request); } } }catch (Exception e) { log.error(e.getMessage(), e); } return httpServletRequest; } /** * 获取原生的ServletRequestWrapper 对象 Class * @param request * @return Class */ public Class<?> getSoundServletRequestClass(Class<?> request){ if(request == ServletRequestWrapper.class){ return request; } return getSoundServletRequestClass(request.getSuperclass()); } /** * 设置Parameters 的值 * @param key * @param val */ public void setParameters(String key,String val){ //获取原生的HttpServletRequest try{ HttpServletRequest request = getSoundServletRequest(getRequest()); Map m = request.getParameterMap(); m.put(key, val); }catch (Exception e) { log.error(e.getMessage(), e); } }
XssHttpServletRequestWrapper
package com.dep.aop;import java.util.HashMap;import java.util.Iterator;import java.util.Map;import java.util.Set;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletRequestWrapper;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import com.dep.util.StringUtil;/** * 拦截防止sql注入 * @author wb_zypt * */public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {HttpServletRequest orgRequest = null;Map newParams = null;private static Logger log = LoggerFactory.getLogger(XssHttpServletRequestWrapper.class);public XssHttpServletRequestWrapper(HttpServletRequest request) {super(request);orgRequest = request;}/*** 覆盖getParameter方法,将参数名和参数值都做xss过滤。<br/>* 如果需要获得原始的值,则通过super.getParameterValues(name)来获取<br/>* getParameterNames,getParameterValues和getParameterMap也可能需要覆盖*/@Overridepublic String getParameter(String name) {String value = super.getParameter(StringUtil.filterDangerString(name));if (value != null) {value = StringUtil.filterDangerString(value);}if(value == null){value = (String)getParameterMap().get(name);}return value;}@Override@SuppressWarnings("unchecked")public Map getParameterMap() {if(newParams !=null){return newParams;}else{newParams = new HashMap();}//Map newParams = new HashMap();Map params = super.getParameterMap();Set<String> keySet = params.keySet(); for (Iterator iterator = keySet.iterator(); iterator.hasNext();) { String key = (String) iterator.next(); Object obj = params.get(key); if(obj instanceof String){ String str = (String) params.get(key); newParams.put(key, StringUtil.filterDangerString((String)str)); }else if(obj.getClass() == String[].class){ String[] str = (String[]) params.get(key); newParams.put(key, xssEncode((String[])str)); }else{ newParams.put(key, obj); } }/*java.lang.reflect.Field lockedField = null;try {lockedField = params.getClass().getDeclaredField("locked");lockedField.setAccessible(true);lockedField.set(params, false);} catch (Exception e) {log.error(e.getMessage(), e);}Set<String> keySet = params.keySet(); for (Iterator iterator = keySet.iterator(); iterator.hasNext();) { String key = (String) iterator.next(); Object obj = params.get(key); if(obj instanceof String){ String str = (String) params.get(key); params.put(key, xssEncode((String)str)); }else{ String[] str = (String[]) params.get(key); params.put(key, xssEncode((String[])str)); } } if(lockedField!=null){ try {lockedField.set(params, true);} catch (Exception e) {log.error(e.getMessage(), e);} }*/return newParams;}public String[] getParameterValues(String parameter) { String[] values = super.getParameterValues(parameter); if (values==null) { return null; } int count = values.length; String[] encodedValues = new String[count]; for (int i = 0; i < count; i++) { encodedValues[i] = StringUtil.filterDangerString(values[i]); } return encodedValues; }/*** 覆盖getHeader方法,将参数名和参数值都做xss过滤。<br/>* 如果需要获得原始的值,则通过super.getHeaders(name)来获取<br/>* getHeaderNames 也可能需要覆盖*/@Overridepublic String getHeader(String name) {String value = super.getHeader(StringUtil.filterDangerString(name));if (value != null) {value = StringUtil.filterDangerString(value);}return value;}private static String[] xssEncode(String[] s) {String[] newStr = new String[s.length];for(int i=0;i<s.length;i++){newStr[i]= StringUtil.filterDangerString(s[i]);}return newStr;}/*** 获取最原始的request** @return*/public HttpServletRequest getOrgRequest() {return orgRequest;}/*** 获取最原始的request的静态方法** @return*/public static HttpServletRequest getOrgRequest(HttpServletRequest req) {if (req instanceof XssHttpServletRequestWrapper) {return ((XssHttpServletRequestWrapper) req).getOrgRequest();}return req;}}
0 0
- struts2 源码分析 request ---设置setParameters 的值 二
- struts2 源码分析 request ---设置setParameters 的值
- Struts2源码分析二
- struts2源码分析(二)(初始化)
- servlet request.setParameters 方法 自创
- Struts2源码分析(二)Struts2运行流程分析
- Struts2源码粗略分析二:初始化详解
- scrapy源码分析(三)---------ExecutionEngine(二)一个request的周期
- Volley源码分析(二)-Volley中的Request类
- servlet request.setParameters 方法 自创 修改
- 在struts2的action中获取/设置request对象的属性的值
- struts2+freemarker项目根路径设置源码分析
- Struts2源码分析(二) 一一一 StrutsRequestWrapper
- Struts2获取request的
- struts2的请求处理过程源码分析
- struts2的请求处理过程源码分析
- struts2的请求处理过程源码分析
- Struts2的工作原理(源码分析)
- jQuery事件绑定.on()简要概述及应用
- Git中pull对比fetch和merge
- Unicode 和 UTF-8 有何区别?
- struts2 源码分析 request ---设置setParameters 的值
- 持续集成篇_08_Hudson持续集成服务器的使用(自动化编译、分析、打包、部署)
- struts2 源码分析 request ---设置setParameters 的值 二
- sliping windows
- jdk 版本差异之 DateFormat.getDateInstance()
- FTP错误列表
- 迭代器模式
- 锁定表头和固定列(Fixed table head and columns)
- 产品估算题
- Hibernate 参数设置一览表
- 機器學習基石 (Machine Learning Foundations) 作业1 Q18-20的C++实现(pocket)