Backend Development 16 min read
Implementing Request Parameter Decryption with Servlet Filters in Java
This article explains how to create custom HttpServletRequestWrapper classes and servlet filters in Java to automatically decrypt or transform request parameters—such as converting email fields to lowercase—before they reach controller methods, covering both form/ajax and JSON payload scenarios with configuration examples for web.xml and Spring Boot.
Selected Java Interview Questions
Selected Java Interview Questions
Problem: When request parameters are encrypted, each controller method must decrypt them, which is cumbersome.
Design: Attempt to use a filter to modify HttpServletRequest parameters, but HttpServletRequest lacks a setParameter method, so a custom HttpServletRequestWrapper is created with setParameter capabilities.
Solution: Implement a filter that wraps the request with the custom wrapper, decrypts or transforms parameters before they reach the controller, handling both ordinary form/ajax requests and JSON payloads.
1. Form/Ajax Requests
Step 1: Create a class that extends HttpServletRequestWrapper.
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
/**
* 重写 HttpServletRequestWrapper
* 处理表单、ajax请求
* @author zhaoheng
*/
public class MyHttpServletRequestWrapper1 extends HttpServletRequestWrapper {
// 用于存储请求参数
private Map
params = new HashMap
();
// 构造方法
public MyHttpServletRequestWrapper1(HttpServletRequest request) throws IOException {
super(request);
// 把请求参数添加到我们自己的map当中
this.params.putAll(request.getParameterMap());
}
/**
* 添加参数到map中
* @param extraParams
*/
public void setParameterMap(Map
extraParams) {
for (Map.Entry
entry : extraParams.entrySet()) {
setParameter(entry.getKey(), entry.getValue());
}
}
/**
* 添加参数到map中
* @param name
* @param value
*/
public void setParameter(String name, Object value) {
if (value != null) {
System.out.println(value);
if (value instanceof String[]) {
params.put(name, (String[]) value);
} else if (value instanceof String) {
params.put(name, new String[]{(String) value});
} else {
params.put(name, new String[]{String.valueOf(value)});
}
}
}
/**
* 重写getParameter,代表参数从当前类中的map获取
* @param name
* @return
*/
@Override
public String getParameter(String name) {
String[] values = params.get(name);
if (values == null || values.length == 0) {
return null;
}
return values[0];
}
/**
* 重写getParameterValues方法,从当前类的 map中取值
* @param name
* @return
*/
@Override
public String[] getParameterValues(String name) {
return params.get(name);
}
}Step 2: Implement a filter that uses the wrapper to process parameters.
package com.zhh.filter;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
import com.zhh.util.request.MyHttpServletRequestWrapper1;
/**
* 参数处理过滤器(针对ajax、表单等请求)
* 1.获取请求参数;2.对获取到的请求参数进行处理(解密、字符串替换、请求参数分类截取等等);3.把处理后的参数放回到请求列表里面
* @author zhaoheng
*/
public class ValidatorFilter1 implements Filter {
private static final Logger log = Logger.getLogger(ValidatorFilter1.class);
/** 需要过滤的地址 */
private static List
urlList = Arrays.asList("/pastOrder/filterCsF");
public boolean isPast(String requestUrl) {
for (String url : urlList) {
if (requestUrl.equals(url)) {
return true;
}
}
return false;
}
@Override
public void destroy() {}
@SuppressWarnings("unchecked")
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
log.info("过滤器2执行开始");
String url = ((HttpServletRequest) request).getRequestURI().substring(((HttpServletRequest)request).getContextPath().length());
if (isPast(url)) {
MyHttpServletRequestWrapper1 requestWrapper1 = new MyHttpServletRequestWrapper1((HttpServletRequest) request);
// 1.获取需要处理的参数
String email = requestWrapper1.getParameter("email");
// 2.把处理后的参数放回去(这里是大小转小写处理)
requestWrapper1.setParameter("email", email.toLowerCase());
// 3.放行,把我们的requestWrapper1放到方法当中
chain.doFilter(requestWrapper1, response);
} else {
chain.doFilter(request, response);
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {}
}Step 3: Register the filter.
Method 1 – web.xml configuration:
ValidatorFilter1
com.zhh.filter.ValidatorFilter1
ValidatorFilter1
/*Method 2 – Spring Boot configuration:
@Configuration
public class WebFileterConfig {
/**
* 配置过滤器
* order属性:控制过滤器加载顺序:数字越小,加载越早
*/
@Bean
public FilterRegistrationBean ValidatorFilterRegistration() {
// 新建过滤器注册类
FilterRegistrationBean registration = new FilterRegistrationBean();
// 添加我们写好的过滤器
registration.setFilter(new ValidatorFilter1());
// 设置过滤器的URL模式
registration.addUrlPatterns("/*");
registration.setOrder(Integer.MAX_VALUE-10);
return registration;
}
}2. JSON Payload Requests
Step 1: Create a wrapper that can read and rewrite the request body.
package com.zhh.util.request;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import jodd.io.StreamUtil;
/**
* 重写 HttpServletRequestWrapper
* 处理json报文请求
* @author zhaoheng
*/
public class MyHttpServletRequestWrapper extends HttpServletRequestWrapper {
private byte[] body; // 用于保存读取body中数据
public MyHttpServletRequestWrapper(HttpServletRequest request) throws IOException {
super(request);
// 读取请求的数据保存到本类当中
body = StreamUtil.readBytes(request.getReader(), "UTF-8");
}
@Override
public BufferedReader getReader() throws IOException {
return new BufferedReader(new InputStreamReader(getInputStream()));
}
@Override
public ServletInputStream getInputStream() throws IOException {
final ByteArrayInputStream bais = new ByteArrayInputStream(body);
return new ServletInputStream() {
@Override
public int read() throws IOException {
return bais.read();
}
};
}
/** 获取body中的数据 */
public byte[] getBody() {
return body;
}
/** 把处理后的参数放到body里面 */
public void setBody(byte[] body) {
this.body = body;
}
}Step 2: Implement a filter that parses JSON, transforms the email field, and rewrites the body.
package com.zhh.filter;
import java.io.BufferedReader;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.zhh.util.request.MyHttpServletRequestWrapper;
/**
* 参数校验过滤器(针对json报文请求)
* 1.获取请求参数;2.对获取到的请求参数进行处理(解密、字符串替换、请求参数分类截取等等);3.把处理后的参数放回到请求列表里面
* @author zhaoheng
*/
public class ValidatorFilter implements Filter {
private static final Logger log = Logger.getLogger(ValidatorFilter.class);
/** 需要过滤的地址 */
private static List
urlList = Arrays.asList("/pastOrder/filterCs");
public boolean isPast(String requestUrl) {
for (String url : urlList) {
if (requestUrl.equals(url)) {
return true;
}
}
return false;
}
@Override
public void destroy() {
log.info("过滤器执行结束");
}
@SuppressWarnings("unchecked")
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
log.info("过滤器1执行开始");
String url = ((HttpServletRequest) request).getRequestURI().substring(((HttpServletRequest)request).getContextPath().length());
if (isPast(url)) {
// 处理json报文请求
MyHttpServletRequestWrapper requestWrapper = new MyHttpServletRequestWrapper((HttpServletRequest) request);
BufferedReader br = requestWrapper.getReader();
String line = null;
StringBuilder sb = new StringBuilder();
while ((line = br.readLine()) != null) {
sb.append(line);
}
// 将json字符串转换为json对象
JSONObject jsonObject = JSONObject.parseObject(sb.toString());
Map
map = JSON.toJavaObject(jsonObject, Map.class);
for (Entry
entry : map.entrySet()) {
// 把邮箱地址转换为小写
if (entry.getKey().equals("email")) {
map.put(entry.getKey(), entry.getValue().toString().toLowerCase());
}
}
// 把参数转换之后放到我们的body里面
String json = JSON.toJSONString(map);
requestWrapper.setBody(json.getBytes("UTF-8"));
// 放行
chain.doFilter(requestWrapper, response);
} else {
chain.doFilter(request, response);
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {}
}Step 3: Register the JSON filter similarly (web.xml or Spring Boot).
Controller example for receiving the processed parameters:
@ResponseBody
@RequestMapping(value = "/filterCs")
public User filterCs(@RequestBody User user) {
System.out.println(user.toString());
return user;
}Result: After the filter runs, the email field is automatically converted to lower case for both form and JSON requests, eliminating repetitive decryption logic in controller methods.
Written by
Selected Java Interview Questions
A professional Java tech channel sharing common knowledge to help developers fill gaps. Follow us!
0 followers
Reader feedback
How this landed with the community
Rate this article
Was this worth your time?
Discussion
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.