ims内容的json内容格式过滤

2026-03-25 16:23:33 +08:00 · 2026-03-25 16:23:33 +08:00 · a258db21a4
parent 1efa2feee9
commit a258db21a4
3 changed files with 124 additions and 4 deletions
--- a/src/main/java/com/chinaweal/aiccs/config/FilterConfig.java
+++ b/src/main/java/com/chinaweal/aiccs/config/FilterConfig.java
@ -36,4 +36,17 @@ public class FilterConfig {
        registrationBean.setOrder(-100);
        return registrationBean;
    }
    /**
     * IMS请求编码预处理过滤器
     */
    @Bean
    public FilterRegistrationBean<ImsRequestFilter> imsRequestFilter() {
        FilterRegistrationBean<ImsRequestFilter> registrationBean = new FilterRegistrationBean<>();
        registrationBean.setFilter(new ImsRequestFilter());
        registrationBean.addUrlPatterns("/ims/*");
        registrationBean.setName("imsRequestFilter");
        registrationBean.setOrder(-101);
        return registrationBean;
    }
 }
--- a/src/main/java/com/chinaweal/aiccs/config/ImsRequestFilter.java
+++ b/src/main/java/com/chinaweal/aiccs/config/ImsRequestFilter.java
@ -0,0 +1,111 @@
 package com.chinaweal.aiccs.config;
 import lombok.extern.slf4j.Slf4j;
 import javax.servlet.*;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
 import java.io.*;
 import java.nio.charset.StandardCharsets;
 import java.util.regex.Pattern;
@Slf4j
 public class ImsRequestFilter implements Filter {
    // 匹配不可见字符（控制字符0-31和127，以及零宽字符）
    private static final Pattern INVISIBLE_CHAR_PATTERN = Pattern.compile(
        "[\\x00-\\x1f\\x7f\\u200b-\\u200f\\u2028\\u2029\\ufeff]"
    );
    @Override
    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        // 只处理 JSON 请求
        String contentType = request.getContentType();
        if (contentType != null && contentType.contains("application/json")) {
            CachedBodyHttpServletRequest cachedRequest =
                new CachedBodyHttpServletRequest(request);
            String body = cachedRequest.getBody();
            // 移除不可见字符
            String cleanedBody = INVISIBLE_CHAR_PATTERN.matcher(body).replaceAll("");
            if (!cleanedBody.equals(body)) {
                log.warn("ImsRequestFilter removed invisible characters from request body");
            }
            cachedRequest.updateBody(cleanedBody);
            chain.doFilter(cachedRequest, resp);
        } else {
            chain.doFilter(req, resp);
        }
    }
    private static class CachedBodyHttpServletRequest extends HttpServletRequestWrapper {
        private byte[] cachedBody;
        public CachedBodyHttpServletRequest(HttpServletRequest request) throws IOException {
            super(request);
            InputStream inputStream = request.getInputStream();
            ByteArrayOutputStream baos = new ByteArrayOutputStream();
            byte[] buffer = new byte[1024];
            int len;
            while ((len = inputStream.read(buffer)) != -1) {
                baos.write(buffer, 0, len);
            }
            inputStream.close();
            this.cachedBody = baos.toByteArray();
        }
        public String getBody() {
            return new String(cachedBody, StandardCharsets.UTF_8);
        }
        public void updateBody(String body) {
            this.cachedBody = body.getBytes(StandardCharsets.UTF_8);
        }
        @Override
        public ServletInputStream getInputStream() {
            return new CachedBodyServletInputStream(cachedBody);
        }
        @Override
        public BufferedReader getReader() {
            return new BufferedReader(
                new InputStreamReader(getInputStream(), StandardCharsets.UTF_8)
            );
        }
    }
    private static class CachedBodyServletInputStream extends ServletInputStream {
        private final ByteArrayInputStream delegate;
        public CachedBodyServletInputStream(byte[] body) {
            this.delegate = new ByteArrayInputStream(body);
        }
        @Override
        public boolean isFinished() {
            return delegate.available() == 0;
        }
        @Override
        public boolean isReady() {
            return true;
        }
        @Override
        public void setReadListener(ReadListener listener) {
            // non-blocking read not supported for cached body
        }
        @Override
        public int read() {
            return delegate.read();
        }
    }
 }
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -79,10 +79,6 @@ spring:
    multipart:
      max-file-size: 100MB
      max-request-size: 100MB
  jackson:
    parser:
      # 允许解析未转义的控制字符（解决你那个中文括号/隐形字符报错）
      allow-unquoted-control-chars: true
 restLog:
  ignoreServletPath: /druid,/swagger-resources,/v2/api-docs,/webjars,/user/checkSSOLogin