Tomcat过滤器对请求输入流产生不利影响（输入流为空）

Question

我在我的应用程序中添加了一个过滤器，它只记录有关请求的某些内容。我的一些 servlet 读取自 ServletRequest#getInputStream。由于添加了这个过滤器，那些从ServletRequest#getInputStream 读取的servlet 不再工作，因为输入流是空的。通过简单地从我的web.xml 中注释掉过滤器来禁用过滤器即可解决问题。

为什么会发生这种情况？有没有办法使用过滤器而不弄乱ServletRequest#getInputStream？

过滤器实际上是 Tomcat 的 RequestDumperFilter，包含在其示例 Web 应用程序之一中。我将只包括doFilter 方法，因为这是重要的部分。如果你想看整个事情，我已经把它放在PasteBin。

/**
 * Time the processing that is performed by all subsequent filters in the
 * current filter stack, including the ultimately invoked servlet.
 *
 * @param request The servlet request we are processing
 * @param result The servlet response we are creating
 * @param chain The filter chain we are processing
 *
 * @exception IOException if an input/output error occurs
 * @exception ServletException if a servlet error occurs
 */
public void doFilter(ServletRequest request, ServletResponse response,
                     FilterChain chain)
throws IOException, ServletException {

    if (filterConfig == null)
    return;

// Render the generic servlet request properties
StringWriter sw = new StringWriter();
PrintWriter writer = new PrintWriter(sw);
writer.println("Request Received at " +
           (new Timestamp(System.currentTimeMillis())));
writer.println(" characterEncoding=" + request.getCharacterEncoding());
writer.println("     contentLength=" + request.getContentLength());
writer.println("       contentType=" + request.getContentType());
writer.println("            locale=" + request.getLocale());
writer.print("           locales=");
Enumeration locales = request.getLocales();
boolean first = true;
while (locales.hasMoreElements()) {
    Locale locale = (Locale) locales.nextElement();
    if (first)
        first = false;
    else
        writer.print(", ");
    writer.print(locale.toString());
}
writer.println();
Enumeration names = request.getParameterNames();
while (names.hasMoreElements()) {
    String name = (String) names.nextElement();
    writer.print("         parameter=" + name + "=");
    String values[] = request.getParameterValues(name);
    for (int i = 0; i < values.length; i++) {
        if (i > 0)
        writer.print(", ");
    writer.print(values[i]);
    }
    writer.println();
}
writer.println("          protocol=" + request.getProtocol());
writer.println("        remoteAddr=" + request.getRemoteAddr());
writer.println("        remoteHost=" + request.getRemoteHost());
writer.println("            scheme=" + request.getScheme());
writer.println("        serverName=" + request.getServerName());
writer.println("        serverPort=" + request.getServerPort());
writer.println("          isSecure=" + request.isSecure());

// Render the HTTP servlet request properties
if (request instanceof HttpServletRequest) {
    writer.println("---------------------------------------------");
    HttpServletRequest hrequest = (HttpServletRequest) request;
    writer.println("       contextPath=" + hrequest.getContextPath());
    Cookie cookies[] = hrequest.getCookies();
        if (cookies == null)
            cookies = new Cookie[0];
    for (int i = 0; i < cookies.length; i++) {
        writer.println("            cookie=" + cookies[i].getName() +
               "=" + cookies[i].getValue());
    }
    names = hrequest.getHeaderNames();
    while (names.hasMoreElements()) {
        String name = (String) names.nextElement();
    String value = hrequest.getHeader(name);
        writer.println("            header=" + name + "=" + value);
    }
    writer.println("            method=" + hrequest.getMethod());
    writer.println("          pathInfo=" + hrequest.getPathInfo());
    writer.println("       queryString=" + hrequest.getQueryString());
    writer.println("        remoteUser=" + hrequest.getRemoteUser());
    writer.println("requestedSessionId=" +
           hrequest.getRequestedSessionId());
    writer.println("        requestURI=" + hrequest.getRequestURI());
    writer.println("       servletPath=" + hrequest.getServletPath());
}
writer.println("=============================================");

// Log the resulting string
writer.flush();
filterConfig.getServletContext().log(sw.getBuffer().toString());

// Pass control on to the next filter
    chain.doFilter(request, response);

}

结论

根据我从Googling 阅读的内容，如果首先调用，以下任何方法都会使getInputStream 为空：

• getParameter
• getParameterNames
• getParameterValues
• getParameterMap

感谢 SimoneGianni 为我指明了正确的方向：

这里有一些来源

• http://www.xyzws.com/Servletfaq/what-is-the-getinputstream-of-servletrequest-for/23
• http://davidhuo.blogspot.com/2006/05/be-careful-with-httpservletrequestgeti.html
• https://issues.apache.org/bugzilla/show_bug.cgi?id=47410

这个人实际上遇到了类似的问题，并创建了自己的包装类作为解决方法。

• Modify HttpServletRequest body

Answer 1

如果您调用 getParameters、getParameterNames 和类似方法，您可能会干扰 getInputStream 或 getReader。这在 servlet 文档中没有明确说明，但在官方 servlet javadocs（从 1.3 开始，请参阅 http://download.oracle.com/javaee/1.3/api/javax/servlet/ServletRequest.html#getParameter(java.lang.String）中有一些相反的警告（getInputStream 干扰 getParameter）

您在 POST 上看到这个问题了吗？由于 POST 请求将参数编码为请求正文，因此要读取您实际必须使用的参数（容器为您执行此操作）输入流。

Answer 2

哇。这是一个很好的。我打赌 RequestDumper 必须解析整个 InputStream 以转储请求，这就是 InputStream 为空的原因。我认为您不能在任何计划执行 getInputStream 的 Servlet 前面使用 RequestDumper。不过，从这一点来看，我不知道你的选择是什么。也许在 chain.doFilter(request, response); 之后直接从 HttpRequest 中转储您感兴趣的参数。打电话。