java-springmvc+filter 替换输出流、response、响应内容

java-springmvc+filter 替换输出流、response、响应内容

一、问题

1.描述：在使用 filter 替换、修改 response 输出内容时常见的错误如下异常提示

getWriter() has already been called for this response

getOutputStream() has already been called for this response

2.问题产生原因：

getWriter() 和 getOutputStream() 方法互斥，一个 response 只允许调用一次；

getWriter() 对应一个字符流，用于处理纯文本相关的资源；

getOutputStream()  对应一个字节流，用于处理如图片之类的资源；

3.解决办法：

自定义一个包装器继承 HttpServletResponseWrapper 类，并且重写以下两个方法,且两个方法都向同一个输出流中写入内容；

public PrintWriter getWriter();

public PrintWriter getOutputStream();

4.注意：有时访问 jsp 页面或其它内容时，没有内容输出。分析是不是没有调用字节流、字符流的 flush() 方法。

二、下面使用 springmvc 的 OncePerRequestFilter 实现一个替换 response 内容的 filter；当然也可以直接实现 Filter 接口

1. web.xml 配置filter

<!-- 功能权限 filter -->
<filter>
<filter-name>AuthCodeFilter</filter-name>
<filter-class>com.demo.web.filter.AuthCodeFilter</filter-class>
<init-param>
<!-- 是否启用登录验证 -->
<param-name>enable</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<!-- 不验证的url(正则表达式)-->
<param-name>exclude_url</param-name>
<param-value>(/login\.jsp22)$|(\.css)$|(\.js)$|(\.jpg)$|(\.png)$|(\.gif)$|(\.pdf)$|(\.eot)$|(\.svg)$|(\.ttf)$|(\.woff)$|(\.woff2)$</param-value>
</init-param>
<init-param>
<!-- 验证的content-type(正则表达式)-->
<param-name>content_type</param-name>
<param-value>(text/.+)</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>AuthCodeFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>

2.AuthCodeFilter.java

package com.demo.web.filter;

import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.demo.web.rules.sys.AuthRule;

import me.grass.coder.Debug;
import me.grass.extend.StringExtend;

/**
* 功能权限筛选器
* @author xxj
*/
public class AuthCodeFilter extends org.springframework.web.filter.OncePerRequestFilter{
Pattern _pattenUrl;
Pattern _pattenContentType;
boolean _enbale=true;
AuthRule _rule = AuthRule.instance();

@Override
protected void initFilterBean() throws ServletException {
FilterConfig conf = this.getFilterConfig();
String enable = conf.getInitParameter("enable");
String regex = conf.getInitParameter("exclude_url");
String regexContentType = conf.getInitParameter("content_type");
Debug.printFormat("{2} init-param: enable={0};exclude_url={1}",enable,regex,this.getClass().getName());

_pattenContentType = Pattern.compile(regexContentType, Pattern.CASE_INSENSITIVE);
_enbale = StringExtend.getBoolean(enable);
// 初始化正则验证器
if(_pattenUrl==null){
//忽略大小写
_pattenUrl = Pattern.compile(regex, Pattern.CASE_INSENSITIVE);

Debug.printFormat("{2}初始化；Enable={1};content-type正则：{3}；url正则 ={0};"
, regex
,_enbale
,this.getClass().getSimpleName()
,regexContentType);
}
}

@Override
public void destroy() {

}

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response
, FilterChain filter)
throws ServletException, IOException {
//是否启用筛选器
if (!_enbale) {
filter.doFilter(request, response);
return;
}
HttpServletRequest req = (HttpServletRequest) request;
String url = req.getRequestURI();
//1 处理 request 请求信息
//1.1 不验证的资源
Matcher matcher = _pattenUrl.matcher(url);
if (matcher.find()) {
filter.doFilter(request, response);
return;
}
// 1.2 功能权限验证
// 1.2.1 实例化一个响应包装器，用于缓存 response 中的内容到 CharArrayWriter 对象中
AuthCodeResponseWrapper authResp = new AuthCodeResponseWrapper((HttpServletResponse) response);
// 2  调用 doFilter() 方法，继续执行 filter 链中其它 filter
filter.doFilter(request, authResp);
// 3 处理 response 响应信息
ServletOutputStream out = response.getOutputStream();
// 3.1  不需要验证的 content-type
String contentType = response.getContentType();
if(!StringExtend.isNullOrEmpty(contentType)){
matcher = _pattenContentType.matcher(contentType);
if(!matcher.find()){
authResp.getByteArrayOutputStream().writeTo(out);
return;
}
}
// 3.2 filter 链执行结束，获取 CharArrayWriter 的内容
// 3.3  将 content 内容进行过滤
String content = authResp.getTextContent();
String html = content.replece("hello word!","你好，世界！"); //替换敏感词
if(StringExtend.isNullOrEmpty(html)){
authResp.getByteArrayOutputStream().writeTo(out);
return;
}
// 3.4 将过滤后的内容写入响应流中
if(!_rule.isFilter()){//没有进行过功能筛选则原样输出
authResp.getByteArrayOutputStream().writeTo(out);
return;
}
//3.5 写入输出流
out.write(html.getBytes());
Debug.printFormat("[权限过滤] url={0}", url);
}
}

3.AuthCodeResponseWrapper.java

package com.demo.web.filter;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;

import me.grass.coder.Debug;

/**
* 功能权限响应对象
* @author xxj
*/
public class AuthCodeResponseWrapper extends HttpServletResponseWrapper {
ByteArrayOutputStream _stream = new ByteArrayOutputStream();
PrintWriter _pw=new PrintWriter(_stream);

public AuthCodeResponseWrapper(HttpServletResponse response) {
super(response);
}
/**
* 覆盖getWriter()方法，将字符流缓冲到本地
*/
@Override
public PrintWriter getWriter() throws IOException {
Debug.print("getWriter()");
return _pw;
}
/**
* 覆盖getOutputStream()方法，将字节流缓冲到本地
*/
@Override
public ServletOutputStream getOutputStream() throws IOException {
Debug.print("getOutputStream()");
return new ServletOutputStream(){
@Override
public void write(int b) throws IOException {
_stream.write(b);
}
};
}
/**
* 把缓冲区内容写入输出流后关闭
*
*  @author xxj
*/
public void flush(){
try {
_pw.flush();
_pw.close();
_stream.flush();
_stream.close();
} catch (IOException e) {
e.printStackTrace();
}
}
/**
* 获取字节流
* @return
*/
public ByteArrayOutputStream getByteArrayOutputStream(){
return _stream;
}
/**
* 将换出区内容转为文本输出
* @return
*/
public String getTextContent() {
flush();
return _stream.toString();
}
}