请求参数统一加密解密
入参数解密
package org.cango.mid.dtsweb.config.crypt;
import com.alibaba.fastjson.JSONObject;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.cango.mid.dtsweb.model.RequestModel;
import org.cango.mid.dtsweb.utils.AESUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.MethodParameter;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpInputMessage;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdviceAdapter;
import java.io.*;
import java.lang.reflect.Type;
import java.nio.charset.StandardCharsets;
/**
* @description: 入参数解密
* @author: TheOne
* @create: 2021-07-09 10:45
**/
@ControllerAdvice
@Slf4j
public class DecryptRequest extends RequestBodyAdviceAdapter {
@Autowired
private Environment env;
@Override
public boolean supports(MethodParameter methodParameter, Type type, Class<? extends HttpMessageConverter<?>> aClass) {
if (StringUtils.isNotEmpty(env.getProperty("skipEncrypt")) && StringUtils.equals(env.getProperty("skipEncrypt"), "true")) {
return false;
}
if(methodParameter.hasMethodAnnotation(SkipEncrypt.class) || StringUtils.equals(methodParameter.getMethod().getReturnType().getName(),"com.cango.job.vo.JobResult")){
return false;
}
return true;
}
public HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) throws IOException {
ByteArrayOutputStream swapStream = new ByteArrayOutputStream();
InputStream body = inputMessage.getBody();
byte[] b=new byte[1024];
int len = 0;
while(-1!= (len = body.read(b, 0, b.length))) {
swapStream.write(b, 0, len);
}
try {
String requsetBody = swapStream.toString(StandardCharsets.UTF_8.toString());
RequestModel requestModel = JSONObject.parseObject(requsetBody, RequestModel.class);
byte[] decrypt = AESUtils.decryptString(JSONObject.toJSONString(requestModel.getData())).getBytes(StandardCharsets.UTF_8);
final ByteArrayInputStream bais = new ByteArrayInputStream(decrypt);
return new HttpInputMessage() {
@Override
public InputStream getBody() throws IOException {
return bais;
}
@Override
public HttpHeaders getHeaders() {
return inputMessage.getHeaders();
}
};
} catch (Exception e) {
log.info("解密失败,", e);
}finally {
swapStream.close();
}
return super.beforeBodyRead(inputMessage, parameter, targetType, converterType);
}
}
加密返回参数
package org.cango.mid.dtsweb.config.crypt;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.serializer.SerializerFeature;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.cango.mid.dtsweb.model.ResultModel;
import org.cango.mid.dtsweb.utils.AESUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.MethodParameter;
import org.springframework.core.env.Environment;
import org.springframework.http.MediaType;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.server.ServerHttpRequest;
import org.springframework.http.server.ServerHttpResponse;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;
/**
* @description: 加密返回参数
* @author: TheOne
* @create: 2021-07-09 10:39
**/
@ControllerAdvice
@Slf4j
public class EncryptResponse implements ResponseBodyAdvice<ResultModel> {
@Autowired
private Environment env;
@Override
public boolean supports(MethodParameter methodParameter, Class<? extends HttpMessageConverter<?>> aClass) {
// methodParameter.hasMethodAnnotation()
if(StringUtils.isNotEmpty(env.getProperty("skipEncrypt")) && StringUtils.equals(env.getProperty("skipEncrypt"),"true")){
return false;
}
if(methodParameter.hasMethodAnnotation(SkipEncrypt.class) || StringUtils.equals(methodParameter.getMethod().getReturnType().getName(),"com.cango.job.vo.JobResult")){
return false;
}
return true;
}
@Override
public ResultModel beforeBodyWrite(ResultModel resultModel, MethodParameter methodParameter, MediaType mediaType, Class<? extends HttpMessageConverter<?>> aClass, ServerHttpRequest serverHttpRequest, ServerHttpResponse serverHttpResponse) {
try {
if(resultModel.getResult() != null){
resultModel.setResult(AESUtils.encryptString(JSONObject.toJSONString(resultModel.getResult(), SerializerFeature.WriteDateUseDateFormat,SerializerFeature.WriteMapNullValue)));
}
} catch (Exception e) {
log.error("加密失败,",e);
}
return resultModel;
}
}
定义不需要参数加解密的请求注解
package org.cango.mid.dtsweb.config.crypt;
import java.lang.annotation.*;
@Target(value = {ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface SkipEncrypt {
}
@SkipEncrypt
@PostMapping("/updateStatus")
public ResultModel updateStatus() {
abnormalActClient.updateStatus();
return ResponseDataUtil.success();
}
不积跬步,无以至千里;不积小流,无以成江海。
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· AI技术革命,工作效率10个最佳AI工具