标签:
1,伪造请求
package com.sxb.web.v2.wh.unittest;
import java.io.BufferedReader;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import net.sf.jmimemagic.Magic;
import net.sf.jmimemagic.MagicMatch;
public class HttpPostUploadUtil {
/**
* @param args
* @throws FileNotFoundException
*/
public static void main(String[] args) throws FileNotFoundException {
String filepath = "C:\\Users\\Administrator\\Desktop\\xx.png";
String urlStr = "http://192.168.0.98:8086/app/wh/test/image.json";
Map<String, String> textMap = new HashMap<String, String>();
textMap.put("name1", "testname1");
Map<String, InputStream> fileMap = new HashMap<String, InputStream>();
fileMap.put("userfile", new FileInputStream(new File(filepath)) );
String ret = HttpPostUploadUtil.formUpload(urlStr, textMap, fileMap);
System.out.println(ret);
}
/**
* 上传图片
* @param urlStr
* @param textMap
* @param fileMap
* @return
*/
public static String formUpload(String urlStr, Map<String, String> textMap, Map<String, InputStream> fileMap) {
String res = "";
HttpURLConnection conn = null;
String BOUNDARY = "---------------------------123821742118716"; //boundary就是request头和上传文件内容的分隔符
try {
URL url = new URL(urlStr);
conn = (HttpURLConnection) url.openConnection();
conn.setConnectTimeout(5000);
conn.setReadTimeout(30000);
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setUseCaches(false);
conn.setRequestMethod("POST");
conn.setRequestProperty("Connection", "Keep-Alive");
conn.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.6)");
conn.setRequestProperty("Content-Type", "multipart/form-data; boundary=" + BOUNDARY);
OutputStream out = new DataOutputStream(conn.getOutputStream());
// text
if (textMap != null) {
StringBuffer strBuf = new StringBuffer();
Iterator<Map.Entry<String, String>> iter = textMap.entrySet().iterator();
while (iter.hasNext()) {
Map.Entry<String, String> entry = iter.next();
String inputName = (String) entry.getKey();
String inputValue = (String) entry.getValue();
if (inputValue == null) {
continue;
}
strBuf.append("\r\n").append("--").append(BOUNDARY).append("\r\n");
strBuf.append("Content-Disposition: form-data; name=\"" + inputName + "\"\r\n\r\n");
strBuf.append(inputValue);
}
out.write(strBuf.toString().getBytes());
}
// file
if (fileMap != null) {
Iterator<Map.Entry<String, InputStream>> iter = fileMap.entrySet().iterator();
while (iter.hasNext()) {
Map.Entry<String, InputStream> entry = iter.next();
String inputName = (String) entry.getKey();
FileInputStream inputValue = (FileInputStream) entry.getValue();
if (inputValue == null) {
continue;
}
String filename = System.currentTimeMillis()+".png";
String contentType = "image/png";
StringBuffer strBuf = new StringBuffer();
strBuf.append("\r\n").append("--").append(BOUNDARY).append("\r\n");
strBuf.append("Content-Disposition: form-data; name=\"" + inputName + "\"; filename=\"" + filename + "\"\r\n");
strBuf.append("Content-Type:" + contentType + "\r\n\r\n");
out.write(strBuf.toString().getBytes());
DataInputStream in = new DataInputStream(inputValue);
int bytes = 0;
byte[] bufferOut = new byte[1024];
while ((bytes = in.read(bufferOut)) != -1) {
out.write(bufferOut, 0, bytes);
}
in.close();
}
}
byte[] endData = ("\r\n--" + BOUNDARY + "--\r\n").getBytes();
out.write(endData);
out.flush();
out.close();
// 读取返回数据
StringBuffer strBuf = new StringBuffer();
BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream()));
String line = null;
while ((line = reader.readLine()) != null) {
strBuf.append(line).append("\n");
}
res = strBuf.toString();
reader.close();
reader = null;
} catch (Exception e) {
System.out.println("发送POST请求出错。" + urlStr);
e.printStackTrace();
} finally {
if (conn != null) {
conn.disconnect();
conn = null;
}
}
return res;
}
}
2,接收伪造请求的数据
@Controller
@RequestMapping("/wh/test")
public class TestController {
/**
*
*
* ***/
@RequestMapping("/image")
public void image(HttpServletRequest request,HttpServletResponse response,@RequestParam(value="userfile",required=false) CommonsMultipartFile[] images) throws IOException{
Map<String, Object> retMp = null;
try {
System.out.println("--images:"+images[0].getInputStream());
} catch (Exception e) {
retMp = RetUtil.getRetValue(false, "{}", "服务器异常", 500);
e.printStackTrace();
}finally{
response.setContentType("application/json; charset=UTF-8");
response.getWriter().print(new Gson().toJson("--xx-:"+images[0].getInputStream().toString()));
}
}
}
标签:
原文地址:http://my.oschina.net/tinglanrmb32/blog/491901