MD5签名HttpServletResponse [英] MD5 Signing a HttpServletResponse

问题描述

我正在寻找一种方法来检查 HttpServletResponse 的内容，并使用MD5哈希对它们进行签名。

伪代码可能看起来像这样

  process（Response response，请求请求）{
 
 defaultProcessingFor（response，request）; 
 
 dispatcher.handle（response，request）; 
 
 //这里我想读取Response对象的内容（现在用数据填充）以创建一个MD5哈希值并将其添加到头中。 
 
 $ / code> 

这可能吗？


解决方案

是的，这是可能的。您需要在 HttpServletResponseWrapper 其中您将 ServletOutputStream 与一个自定义实现将字节写入MD5摘要和原始输出流。最后提供一个访问器来获得最终的MD5总和。

更新我只是为了好玩而玩了一下，这是一个开创性的例子： / p>

响应包装：

  public class MD5ServletResponse extends HttpServletResponseWrapper {
 
 private final MD5ServletOutputStream输出; 
私人最终PrintWriter作家; 
 
 public MD5ServletResponse（HttpServletResponse响应）抛出IOException {
 super（response）; 
 output = new MD5ServletOutputStream（response.getOutputStream（））; 
 writer = new PrintWriter（output，true）; 
} 
 
 public PrintWriter getWriter（）抛出IOException {
 return writer; 
} 
 
 public ServletOutputStream getOutputStream（）抛出IOException {
 return output; 
} 
 
 public byte [] getHash（）{
 return output.getHash（）; 
} 
 
} 
  

MD5输出流：

  public class MD5ServletOutputStream extends ServletOutputStream {
 
 private final ServletOutputStream output; 
 private final MessageDigest md5; 
 
 {
 try {
 md5 = MessageDigest.getInstance（MD5）; 
} catch（NoSuchAlgorithmException e）{
抛出新的ExceptionInInitializerError（e）; 
 
 
 $ b $ public MD5ServletOutputStream（ServletOutputStream输出）{
 this.output = output; 
} 
 
 public void write（int i）throws IOException {
 byte [] b = {（byte）i}; 
 md5.update（b）; 
 output.write（b，0，1）; 
} 
 
 public byte [] getHash（）{
 return md5.digest（）; 
} 
 
} 
  

如何使用它：

  //使用它包装原始响应：
 MD5ServletResponse md5response = new MD5ServletResponse（response）; 
 
 //现在只需使用md5response来代替或响应，例如：
 dispatcher.handle（request，md5response）; 
 
 //然后得到散列，例如：
 byte [] hash = md5response.getHash（）; 
 StringBuilder hashAsHexString = new StringBuilder（hash.length * 2）; 
 for（byte b：hash）{
 hashAsHexString.append（String.format（％02x，b））; 
} 
 System.out.println（hashAsHexString）; //示例af28cb895a479397f12083d1419d34e7。 
  

I'm looking for a way to inspect the contents of a HttpServletResponse to sign them with a MD5 hash.

The pseudocode might look like this

process(Response response, Request request){

defaultProcessingFor(response,request);

dispatcher.handle(response,request);

// Here I want to read the contents of the Response object (now filled with data) to create a MD5 hash with them and add it to a header.
}

Is that possible?

解决方案

Yes, that's possible. You need to decorate the response with help of HttpServletResponseWrapper wherein you replace the ServletOutputStream with a custom implementation which writes the bytes to both the MD5 digest and the "original" outputstream. Finally provide an accessor to obtain the final MD5 sum.

Update I just for fun played a bit round it, here's a kickoff example:

The response wrapper:

public class MD5ServletResponse extends HttpServletResponseWrapper {

    private final MD5ServletOutputStream output;
    private final PrintWriter writer;

    public MD5ServletResponse(HttpServletResponse response) throws IOException {
        super(response);
        output = new MD5ServletOutputStream(response.getOutputStream());
        writer = new PrintWriter(output, true);
    }

    public PrintWriter getWriter() throws IOException {
        return writer;
    }

    public ServletOutputStream getOutputStream() throws IOException {
        return output;
    }

    public byte[] getHash() {
        return output.getHash();
    }

}

The MD5 outputstream:

public class MD5ServletOutputStream extends ServletOutputStream {

    private final ServletOutputStream output;
    private final MessageDigest md5;

    {
        try {
            md5 = MessageDigest.getInstance("MD5");
        } catch (NoSuchAlgorithmException e) {
            throw new ExceptionInInitializerError(e);
        }
    }

    public MD5ServletOutputStream(ServletOutputStream output) {
        this.output = output;
    }

    public void write(int i) throws IOException {
        byte[] b = { (byte) i };
        md5.update(b);
        output.write(b, 0, 1);
    }

    public byte[] getHash() {
        return md5.digest();
    }

}

How to use it:

// Wrap original response with it:
MD5ServletResponse md5response = new MD5ServletResponse(response);

// Now just use md5response instead or response, e.g.:
dispatcher.handle(request, md5response);

// Then get the hash, e.g.:
byte[] hash = md5response.getHash();
StringBuilder hashAsHexString = new StringBuilder(hash.length * 2);
for (byte b : hash) {
    hashAsHexString.append(String.format("%02x", b));
}
System.out.println(hashAsHexString); // Example af28cb895a479397f12083d1419d34e7.

这篇关于MD5签名HttpServletResponse的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！