目录

• springboot清除字符串前后空格与防xss攻击
• 一、查看WebMvcAutoConfiguration.class中的方法源码
• 二、自定义属性编辑器
• 三、创建WebBindingInitializerConfiguration类
• springboot去除参数中前后空格说明
• 一、 需求
• 二、 解决方法
• 三、 完美解决

springboot清除字符串前后空格与防xss攻击
一、查看WebMvcAutoConfiguration.class中的方法源码

protected ConfigurableWebBindingInitializer getConfigurableWebBindingInitializer() {try {//从容器中获取return (ConfigurableWebBindingInitializer)this.beanFactory.getBean(ConfigurableWebBindingInitializer.class); } catch (NoSuchBeanDefinitionException ex) {return super.getConfigurableWebBindingInitializer(); }

可以发现ConfigurableWebBindingInitializer是从容器（beanFactory）中获取到的，所以我们可以配置一个
ConfigurableWebBindingInitializer来替换默认的，只需要在容器中添加一个我们自定义的转换器即可。
当我们创建了自己的ConfigurableWebBindingInitializer这个Bean，Spring boot就会自动使用它来配置Spring MVC实现参数的类型转换。

二、自定义属性编辑器

/**** @description 与spring mvc的@InitBinder结合 用于防止XSS攻击*/class StringEscapeEditor extends PropertyEditorSupport {/** 转义HTML */private boolean escapeHTML; /** 转义javascript */private boolean escapeJavaScript; /** 是否将空字符串转换为null */private final boolean emptyAsNull; /** 是否去掉前后空格 */private final boolean trimmed; public StringEscapeEditor() {this(true,true,false,true); }public StringEscapeEditor(boolean escapeHTML, boolean escapeJavaScript) {this(true,true,escapeHTML,escapeJavaScript); }public StringEscapeEditor(boolean emptyAsNull,boolean trimmed, boolean escapeHTML, boolean escapeJavaScript) {super(); this.emptyAsNull = emptyAsNull; this.trimmed = trimmed; this.escapeHTML = escapeHTML; this.escapeJavaScript = escapeJavaScript; }@Overridepublic String getAsText() {Object value = https://www.it610.com/article/getValue(); if(Objects.nonNull(value)){return value.toString(); }return value != null ? value.toString() : null; }@Overridepublic void setAsText(String text) throws IllegalArgumentException {String value = text; if (value == null || emptyAsNull && text.isEmpty()) {//do nothing} else if (trimmed) {//去字符传参数前后空格value = value.trim(); }if (escapeHTML) {//HTML转义（防止XSS攻击）//HtmlUtils.htmlEscape 默认的是ISO-8859-1编码格式，会将中文的某些符号进行转义。//如果不想让中文符号进行转义请使用UTF-8的编码格式。例如：HtmlUtils.htmlEscape(text,"UTF-8")value = https://www.it610.com/article/HtmlUtils.htmlEscape(value,"UTF-8"); }if (escapeJavaScript) {//javascript转义（防止XSS攻击）value = https://www.it610.com/article/JavaScriptUtils.javaScriptEscape(value); }setValue(value); }}

三、创建WebBindingInitializerConfiguration类
加上@Bean注解，交给spring容器管理。

@Configurationpublic class WebBindingInitializerConfiguration {@Beanpublic ConfigurableWebBindingInitializer getConfigurableWebBindingInitializer() {ConfigurableWebBindingInitializer initializer = new ConfigurableWebBindingInitializer(); FormattingConversionService conversionService = new DefaultFormattingConversionService(); //we can add our custom converters and formatters//conversionService.addConverter(...); //conversionService.addFormatter(...); initializer.setConversionService(conversionService); //we can set our custom validator//initializer.setValidator(....); //here we are setting a custom PropertyEditorinitializer.setPropertyEditorRegistrar(propertyEditorRegistry -> {propertyEditorRegistry.registerCustomEditor(String.class,new StringEscapeEditor()); }); return initializer; }}

springboot去除参数中前后空格说明
一、 需求
使用SpringBoot使用过滤器去除@RequestBody参数两端的空格；一般我们去普通的请求我们都会对请求参数进行验证。
Java也提供了@notNull和@notBlank这种验证方式，但是对@RequestBody 这种只能验证是不是非空，对数据两端的空格未进行处理，同时大家也不想遍历一遍参数然后再处理再封装到对象中，正好项目中有这个需要，所以就参考别的做了Post请求中针对application/json格式的有@RequestBody注解的参数进行了去空格处理

二、 解决方法
2.1 新建一个过滤器

@Component@WebFilter(urlPatterns = "/**", filterName = "ParamsFilter", dispatcherTypes = DispatcherType.REQUEST)public class ParamsFilter implements Filter {@Overridepublic void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)throws IOException, ServletException {ParameterRequestWrapper parmsRequest = new ParameterRequestWrapper((HttpServletRequest) request); chain.doFilter(parmsRequest, response); }@Overridepublic void init(FilterConfig filterConfig) throws ServletException {}@Overridepublic void destroy() {}}

2.2 实现ParameterRequestWrapper

import java.io.ByteArrayInputStream; import java.io.IOException; import java.util.ArrayList; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Set; import javax.servlet.ReadListener; import javax.servlet.ServletInputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; import com.alibaba.fastjson.JSONArray; import com.alibaba.fastjson.JSONObject; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; import com.alibaba.fastjson.JSON; /** * @author : * @description * @date : 2021/4/22 */public class ParameterRequestWrapper extends HttpServletRequestWrapper {private Map params = new HashMap<>(); public ParameterRequestWrapper(HttpServletRequest request) {super(request); Map requestMap=request.getParameterMap(); this.params.putAll(requestMap); this.modifyParameterValues(); }@Overridepublic ServletInputStream getInputStream() throws IOException {if(!super.getHeader(HttpHeaders.CONTENT_TYPE).equalsIgnoreCase(MediaType.APPLICATION_JSON_VALUE)){return super.getInputStream(); }String json = IOUtils.toString(super.getInputStream(), "utf-8"); if (StringUtils.isEmpty(json)) {return super.getInputStream(); }Map map= jsonStringToMap(json); ByteArrayInputStream bis = new ByteArrayInputStream(JSON.toJSONString(map).getBytes("utf-8")); return new MyServletInputStream(bis); }public void modifyParameterValues(){Set set = params.keySet(); Iterator it = set.iterator(); while(it.hasNext()){String key= it.next(); String[] values = params.get(key); values[0] = values[0].trim(); params.put(key, values); }}@Overridepublic String getParameter(String name) {String[]values = params.get(name); if(values == null || values.length == 0) {return null; }return values[0]; }@Overridepublic String[] getParameterValues(String name) {return params.get(name); }class MyServletInputStream extends ServletInputStream {private ByteArrayInputStream bis; public MyServletInputStream(ByteArrayInputStream bis){this.bis=bis; }@Overridepublic boolean isFinished() {return true; }@Overridepublic boolean isReady() {return true; }@Overridepublic void setReadListener(ReadListener listener) {}@Overridepublic int read(){return bis.read(); }}public static Map jsonStringToMap(String jsonString) {Map map = new HashMap<>(); JSONObject jsonObject = JSONObject.parseObject(jsonString); for (Object k : jsonObject.keySet()) {Object o = jsonObject.get(k); if (o instanceof JSONArray) {List