使用注解+RequestBodyAdvice实现http请求内容加解密方式
注解主要用来指定那些需要加解密的controller方法
【使用注解+RequestBodyAdvice实现http请求内容加解密方式】实现比较简单
@Target({ElementType.METHOD})@Retention(RetentionPolicy.RUNTIME)public @interface SecretAnnotation {boolean encode() default false; boolean decode() default false; }
使用时添加注解在controller的方法上
@PostMapping("/preview")@SecretAnnotation(decode = true)public ResponseVOpreviewContract(@RequestBody FillContractDTO fillContractDTO){return contractSignService.previewContract(fillContractDTO); }
请求数据由二进制流转为类对象数据,对于加密过的数据,需要在二进制流被处理之前进行解密,否则在转为类对象时会因为数据格式不匹配而报错。
因此使用RequestBodyAdvice的beforeBodyRead方法来处理。
@Slf4j@RestControllerAdvicepublic class MyRequestControllerAdvice implements RequestBodyAdvice {@Overridepublic boolean supports(MethodParameter methodParameter, Type type, Class extends HttpMessageConverter>> aClass) {return methodParameter.hasParameterAnnotation(RequestBody.class); }@Overridepublic Object handleEmptyBody(Object o, HttpInputMessage httpInputMessage, MethodParameter methodParameter, Type type, Class extends HttpMessageConverter>> aClass) {return o; }@Autowiredprivate MySecretUtil mySecretUtil; @Overridepublic HttpInputMessage beforeBodyRead(HttpInputMessage httpInputMessage, MethodParameter methodParameter, Type type, Class extends HttpMessageConverter>> aClass) throws IOException {if (methodParameter.getMethod().isAnnotationPresent(SecretAnnotation.class)) {SecretAnnotation secretAnnotation = methodParameter.getMethod().getAnnotation(SecretAnnotation.class); if (secretAnnotation.decode()) {return new HttpInputMessage() {@Overridepublic InputStream getBody() throws IOException {List appIdList = httpInputMessage.getHeaders().get("appId"); if (appIdList.isEmpty()){throw new RuntimeException("请求头缺少appID"); }String appId = appIdList.get(0); String bodyStr = IOUtils.toString(httpInputMessage.getBody(),"utf-8"); bodyStr = mySecretUtil.decode(bodyStr,appId); returnIOUtils.toInputStream(bodyStr,"utf-8"); }@Overridepublic HttpHeaders getHeaders() {return httpInputMessage.getHeaders(); }}; }}return httpInputMessage; }@Overridepublic Object afterBodyRead(Object o, HttpInputMessage httpInputMessage, MethodParameter methodParameter, Type type, Class extends HttpMessageConverter>> aClass) {return o; }}
mySecretUtil.decode(bodyStr,appId)的内容是,通过请求头中的AppID去数据库中查找对于的秘钥,之后进行解密,返回解密后的字符串。
再通过common.io包中提供的工具类IOUtils将字符串转为inputstream流,替换HttpInputMessage,返回一个body数据为解密后的二进制流的HttpInputMessage。
Stringboot RequestBodyAdvice接口如何实现请求响应加解密 在实际项目中,我们常常需要在请求前后进行一些操作,比如:参数解密/返回结果加密,打印请求参数和返回结果的日志等。这些与业务无关的东西,我们不希望写在controller方法中,造成代码重复可读性变差。这里,我们讲讲使用@ControllerAdvice和RequestBodyAdvice、ResponseBodyAdvice来对请求前后进行处理(本质上就是AOP),来实现日志记录每一个请求的参数和返回结果。
1.加解密工具类
package com.linkus.common.utils; import java.security.Key; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.Security; import javax.annotation.PostConstruct; import javax.crypto.Cipher; import javax.crypto.NoSuchPaddingException; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.util.encoders.Hex; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; @Componentpublic class Aes {/**** @author ngh* AES128 算法** CBC 模式** PKCS7Padding 填充模式** CBC模式需要添加偏移量参数iv,必须16位* 密钥 sessionKey,必须16位** 介于java 不支持PKCS7Padding,只支持PKCS5Padding 但是PKCS7Padding 和 PKCS5Padding 没有什么区别* 要实现在java端用PKCS7Padding填充,需要用到bouncycastle组件来实现*/private String sessionKey="加解密密钥"; // 偏移量 16位private staticString iv="偏移量"; // 算法名称final String KEY_ALGORITHM = "AES"; // 加解密算法/模式/填充方式final String algorithmStr = "AES/CBC/PKCS7Padding"; // 加解密 密钥 16位byte[] ivByte; byte[] keybytes; private Key key; private Cipher cipher; boolean isInited = false; public void init() {// 如果密钥不足16位,那么就补足.这个if 中的内容很重要keybytes = iv.getBytes(); ivByte = iv.getBytes(); Security.addProvider(new BouncyCastleProvider()); // 转化成JAVA的密钥格式key = new SecretKeySpec(keybytes, KEY_ALGORITHM); try {// 初始化ciphercipher = Cipher.getInstance(algorithmStr, "BC"); } catch (NoSuchAlgorithmException e) {// TODO Auto-generated catch blocke.printStackTrace(); } catch (NoSuchPaddingException e) {// TODO Auto-generated catch blocke.printStackTrace(); } catch (NoSuchProviderException e) {// TODO Auto-generated catch blocke.printStackTrace(); }}/*** 加密方法** @param content*要加密的字符串*加密密钥* @return*/public String encrypt(String content) {byte[] encryptedText = null; byte[] contentByte = content.getBytes(); init(); try {cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivByte)); encryptedText = cipher.doFinal(contentByte); } catch (Exception e) {// TODO Auto-generated catch blocke.printStackTrace(); }return new String(Hex.encode(encryptedText)); }/*** 解密方法** @param encryptedData*要解密的字符串*解密密钥* @return*/public String decrypt(String encryptedData) {byte[] encryptedText = null; byte[] encryptedDataByte = Hex.decode(encryptedData); init(); try {cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(ivByte)); encryptedText = cipher.doFinal(encryptedDataByte); } catch (Exception e) {// TODO Auto-generated catch blocke.printStackTrace(); }return new String(encryptedText); }public static void main(String[] args) {Aes aes = new Aes(); String a="{\n" +"\"distance\":\"1000\",\n" +"\"longitude\":\"28.206471\",\n" +"\"latitude\":\"112.941301\"\n" +"}"; //加密字符串//String content = "孟飞快跑"; // System.out.println("加密前的:" + content); //System.out.println("加密密钥:" + new String(keybytes)); // 加密方法String enc = aes.encrypt(a); System.out.println("加密后的内容:" + enc); String dec=""; // 解密方法try {dec = aes.decrypt(enc); } catch (Exception e) {// TODO Auto-generated catch blocke.printStackTrace(); }System.out.println("解密后的内容:" + dec); }}
2.请求解密
前端页面传过来的是密文,我们需要在Controller获取请求之前对密文解密然后传给Controller
package com.linkus.common.filter; import com.alibaba.fastjson.JSON; import com.linkus.common.constant.KPlatResponseCode; import com.linkus.common.exception.CustomException; import com.linkus.common.exception.JTransException; import com.linkus.common.service.util.MyHttpInputMessage; import com.linkus.common.utils.Aes; import com.linkus.common.utils.http.HttpHelper; import lombok.extern.slf4j.Slf4j; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.core.MethodParameter; import org.springframework.http.HttpInputMessage; import org.springframework.http.converter.HttpMessageConverter; import org.springframework.lang.Nullable; import org.springframework.stereotype.Component; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice; import javax.servlet.http.HttpServletRequest; import java.io.*; import java.lang.reflect.Type; /** * 请求参数 解密操作 * * @Author: Java碎碎念 * @Date: 2019/10/24 21:31 * */@Component//可以配置指定需要解密的包,支持多个@ControllerAdvice(basePackages = {"com.linkus.project"})@Slf4jpublic class DecryptRequestBodyAdvice implements RequestBodyAdvice {Logger log = LoggerFactory.getLogger(getClass()); Aes aes=new Aes(); @Overridepublic boolean supports(MethodParameter methodParameter, Type targetType, Class extends HttpMessageConverter>> converterType) {//true开启功能,false关闭这个功能return true; }//在读取请求之前做处理@Overridepublic HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter methodParameter, Type targetType, Class extends HttpMessageConverter>> selectedConverterType) throws IOException {//获取请求数据String string = ""; BufferedReader bufferedReader = null; InputStream inputStream = inputMessage.getBody(); //这个request其实就是入参 可以从这里获取流//入参放在HttpInputMessage里面这个方法的返回值也是HttpInputMessagetry {string=getRequestBodyStr(inputStream,bufferedReader); } finally {if (bufferedReader != null) {try {bufferedReader.close(); } catch (IOException ex) {throw ex; }}}/*****************进行解密start*******************/String decode = null; if(HttpHelper.isEncrypted(inputMessage.getHeaders())){try {////解密操作//Map dataMap = (Map)body; //log.info("接收到原始请求数据={}", string); // inputData 为待加解密的数据源//解密decode= aes.decrypt(string); //log.info("解密后数据={}",decode); } catch (Exception e ) {log.error("加解密错误:",e); thrownew CustomException(KPlatResponseCode.MSG_DECRYPT_TIMEOUT,KPlatResponseCode.CD_DECRYPT_TIMEOUT); }//把数据放到我们封装的对象中}else{decode = string; }// log.info("接收到请求数据={}", decode); //log.info("接口请求地址{}",((HttpServletRequest)inputMessage).getRequestURI()); return new MyHttpInputMessage(inputMessage.getHeaders(), new ByteArrayInputStream(decode.getBytes("UTF-8"))); }@Overridepublic Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class extends HttpMessageConverter>> converterType) {return body; }@Overridepublic Object handleEmptyBody(@Nullable Object var1, HttpInputMessage var2, MethodParameter var3, Type var4, Class extends HttpMessageConverter>> var5) {return var1; } //自己写的方法,不是接口的方法,处理密文public String getRequestBodyStr( InputStream inputStream,BufferedReader bufferedReader) throws IOException {StringBuilder stringBuilder = new StringBuilder(); if (inputStream != null) {bufferedReader = new BufferedReader(new InputStreamReader(inputStream)); char[] charBuffer = new char[128]; int bytesRead = -1; while ((bytesRead = bufferedReader.read(charBuffer)) > 0) {stringBuilder.append(charBuffer, 0, bytesRead); }} else {stringBuilder.append(""); }String string = stringBuilder.toString(); return string; }}
3.响应加密
将返给前端的响应加密,保证数据的安全性
package com.linkus.common.filter; import com.alibaba.fastjson.JSON; import com.linkus.common.utils.Aes; import com.linkus.common.utils.DesUtil; import com.linkus.common.utils.http.HttpHelper; import io.swagger.models.auth.In; import lombok.experimental.Helper; import lombok.extern.slf4j.Slf4j; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.core.MethodParameter; import org.springframework.http.MediaType; import org.springframework.http.converter.HttpMessageConverter; import org.springframework.http.server.ServerHttpRequest; import org.springframework.http.server.ServerHttpResponse; import org.springframework.stereotype.Component; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice; import java.lang.reflect.Field; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; /** * 请求参数 加密操作 * * @Author: Java碎碎念 * @Date: 2019/10/24 21:31 * */@Component@ControllerAdvice(basePackages = {"com.linkus.project"})@Slf4jpublic class EncryResponseBodyAdvice implements ResponseBodyAdvice
以上为个人经验,希望能给大家一个参考,也希望大家多多支持脚本之家。
推荐阅读
- MyBatis-Plus|MyBatis-Plus 之selectMaps、selectObjs、selectCount、selectOne的使用
- 教你使用zabbix|教你使用zabbix api批量添加数百台监控主机的方法
- Python使用OpenCV对图像进行缩放功能
- GitHub 限制俄罗斯使用代码,开源真的无国界吗()
- 使用ADB工具卸载/停用Android系统应用(无需Root)
- UVM|【UVM避坑】记录UVM/SV使用过程中遇到的问题
- IOT|蓝牙BLE(协议栈、OSAL、手机APP蓝牙工具nrf Connect的使用)
- 技术实践类|BMP280使用指南
- 为什么服务器端都使用Linux系统
- 1000道程序员常见问题解析|高防服务器为什么使用Linux系统(服务器使用Linux系统的好处是?)