使用utils.java文件

发布于 2025-01-22 07:10:35 字数 1566 浏览 0 评论 0原文

我有这个Java Servlet API文件，其中是一个名为utils.java的类。我无法弄清楚此代码在API中的用途是什么。这是我第一次从事API，因此任何帮助理解这一点的帮助都将不胜感激。

package implementation;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;

import javax.servlet.http.HttpServletRequest;

public class Utils {
    
    public static String getBody(HttpServletRequest request) throws IOException {

        String body = null;
        StringBuilder stringBuilder = new StringBuilder();
        BufferedReader bufferedReader = null;

        try {
            InputStream inputStream = request.getInputStream();
            if (inputStream != null) {
                bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
                char[] charBuffer = new char[128];
                int bytesRead = -1;
                while ((bytesRead = bufferedReader.read(charBuffer)) > 0) {
                    stringBuilder.append(charBuffer, 0, bytesRead);
                }
            } else {
                stringBuilder.append("");
            }
        } catch (IOException ex) {
            throw ex;
        } finally {
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (IOException ex) {
                    throw ex;
                }
            }
        }

        body = stringBuilder.toString();
        return body;
    }
}

然后在其他servlet中被称为：string req = utils.getBody（request）;

有人可以解释工作吗？

原文

I have this Java servlet API file and in it is a class called utils.java . I can't quite figure out what the use of this piece of code is in the API. This is my first time working on APIs so any help in understanding this would be appreciated.

package implementation;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;

import javax.servlet.http.HttpServletRequest;

public class Utils {
    
    public static String getBody(HttpServletRequest request) throws IOException {

        String body = null;
        StringBuilder stringBuilder = new StringBuilder();
        BufferedReader bufferedReader = null;

        try {
            InputStream inputStream = request.getInputStream();
            if (inputStream != null) {
                bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
                char[] charBuffer = new char[128];
                int bytesRead = -1;
                while ((bytesRead = bufferedReader.read(charBuffer)) > 0) {
                    stringBuilder.append(charBuffer, 0, bytesRead);
                }
            } else {
                stringBuilder.append("");
            }
        } catch (IOException ex) {
            throw ex;
        } finally {
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (IOException ex) {
                    throw ex;
                }
            }
        }

        body = stringBuilder.toString();
        return body;
    }
}

And then in other servlets it has been called like this: String req = Utils.getBody(request);

Can someone please explain the working?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

一向肩并 2025-01-29 07:10:35

此方法的目的是读取请求正文并将其返回为String。基本上，它掌握了请求的输入流，将其包裹为读者（转换为字符），从中读取字符并将其附加到stringBuilder。当它到达流的末端时，它将关闭它，并将构建器的内容返回为String。

代码可以简化一点。实际上，在Java 8+中，

return bufferedReader.lines().collect(Collectors.joining("\n"))

可以使用Resources 尝试使用Java 7+ 来简化流的核心代码。

该方法简化了这一点：

public static String getBody(HttpServletRequest request) throws IOException {
    try (InputStream is = request.getInputStream();
         BufferedReader br = new BufferedReader(new InputStreamReader(is))) {
        return br.lines().collect(Collectors.joining(System.lineSeparator()));
    }
}

有几个问题：

它使用平台默认字符集来解码输入，而不是http中指定的 may 的字符集请求标题。可以通过使用request.getReader（）而不是request.getInputStream（）。
它将原始末端序列转换为平台的标准末端序列。
如果请求的主体非常大，则将其转换为字符串可以填充堆并导致OOMES。这可以用作拒绝服务攻击。如果这是一个问题，则代码需要更具防御力...或者您需要在Web容器级别设置请求尺寸限制。

The purpose of this method is to read the request body and return it as a String. Basically, it gets hold of the request's input stream, wraps it as a reader (which converts to characters), reads characters from it and appends them to StringBuilder. When it reaches the end of the stream it closes it, and returns the builder's contents as a String.

The code could be simplified a bit. Indeed, in Java 8+, the core code could be replaced with

return bufferedReader.lines().collect(Collectors.joining("\n"))

The clunky handling of the streams could be simplified using Java 7+ try with resources.

The method simplifies to this:

public static String getBody(HttpServletRequest request) throws IOException {
    try (InputStream is = request.getInputStream();
         BufferedReader br = new BufferedReader(new InputStreamReader(is))) {
        return br.lines().collect(Collectors.joining(System.lineSeparator()));
    }
}

There are a couple of issues with this:

It is using the platform default character set to decode the input rather than the character set that may have been specified in the HTTP request header. That problem can be solved by using request.getReader() instead of request.getInputStream().
It is converting the original end-of-line sequences into the platform's standard end-of-line sequences.
If the request's body is extremely large, converting it into a String could fill up the heap, and lead to OOMEs. That could be used as a Denial of Service attack. If this is a concern, the code needs to be more defensive ... or you need to set a request size limit at the web container level.

回复收藏 0 原文

~没有更多了~