HashMap<String,String> map=new HashMap<>();
map.put("usercode","123");
map.put("timestamp","123");
map.put("sign","123");
String signResult=SignatureService.sign(map); if(!signResult.equal(sign)){
log.error("签名错误");
}1.为了避免在每个对接的方法中都进行上面重复的签名校验
为了避免之后参数有改动,而要修改逻辑代码(map.put()),所以需要实现参数的动态验证(即:动态读取请求的参数进行参数的加密校验)
解决方案:采用spring HandlerInterceptor对请求进行拦截
SpringBoot (v2.0.5.RELEASE)
定义需要进行参数加密校验的标记注解
package com.futao.springmvcdemo.annotation;import java.lang.annotation.*;/**
* @author futao
* Created on 2018/9/18-14:46.
* 需要验证签名的注解
*/@Target(value = {
ElementType.TYPE,
ElementType.METHOD
})@Retention(RetentionPolicy.RUNTIME)@Documentedpublic @interface Sign {
}定义拦截被标注了该注解的拦截器
package com.futao.springmvcdemo.annotation.impl;import com.futao.springmvcdemo.annotation.Sign;import org.apache.commons.lang3.ObjectUtils;import org.springframework.stereotype.Component;import org.springframework.web.method.HandlerMethod;import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;/**
* @author futao
* Created on 2018/9/18-14:49.
* springmvc拦截器适配器,或者实现HandlerInterceptor
*/@Componentpublic class SignInterceptor extends HandlerInterceptorAdapter { /**
* 请求到达controller之前
*
* @param request
* @param response
* @param handler
* @return true继续执行controller,false不执行controller
* @throws Exception
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { if (handler instanceof HandlerMethod) {
Sign signAnnotation = ((HandlerMethod) handler).getMethodAnnotation(Sign.class); //获取请求数据
String queryString = request.getQueryString(); //请求的方法被标记了@Sign注解,并且请求的参数不为空
if (ObjectUtils.allNotNull(signAnnotation) && ObjectUtils.allNotNull(queryString)) {//需要对参数进行加密校验
for (String kv : queryString.split("&")) { int charIndex = kv.indexOf("=");
System.out.println("key: " + kv.substring(0, charIndex));
System.out.println("value: " + kv.substring(charIndex));
}
}
} return true;
}
}注册该拦截器
package com.futao.springmvcdemo.annotation;import com.futao.springmvcdemo.annotation.impl.SignInterceptor;import org.springframework.boot.SpringBootConfiguration;import org.springframework.web.servlet.config.annotation.InterceptorRegistry;import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;import javax.annotation.Resource;/**
* @author futao
* Created on 2018/9/18-15:15.
*/@SpringBootConfigurationpublic class WebMvcConfiguration implements WebMvcConfigurer { @Resource
private SignInterceptor signInterceptor; @Override
public void addInterceptors(InterceptorRegistry registry) { // "/**"和"/*"是有区别的
registry.addInterceptor(signInterceptor).addPathPatterns("/**");
}
}4.在controller中使用该注解
package com.futao.springmvcdemo.controller;import com.alibaba.fastjson.JSONObject;import com.futao.springmvcdemo.annotation.Sign;import org.springframework.http.MediaType;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RequestMethod;import org.springframework.web.bind.annotation.RequestParam;import org.springframework.web.bind.annotation.RestController;/**
* @author futao
* Created on 2018/9/18-17:15.
*/@RestController@RequestMapping(path = "World", produces = MediaType.APPLICATION_JSON_UTF8_VALUE)public class WorldController { @Sign
@RequestMapping(value = "post", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_UTF8_VALUE) public JSONObject post(
@RequestParam("name") String name,
@RequestParam("password") String password,
@RequestParam("timestamp") String timestamp,
@RequestParam("appkey") String appkey,
@RequestParam("sign") String sign
) {
JSONObject object = new JSONObject();
object.put("code", 0);
object.put("result", "请求成功"); return object;
}
}
作者:FutaoSmile丶
链接:https://www.jianshu.com/p/0eb11ac73e4e
点击查看更多内容
为 TA 点赞
评论
共同学习,写下你的评论
评论加载中...
作者其他优质文章
正在加载中
感谢您的支持,我会继续努力的~
扫码打赏,你说多少就多少
赞赏金额会直接到老师账户
支付方式
打开微信扫一扫,即可进行扫码打赏哦