当前位置：首页 > news >正文

重庆的网站设计公司台州企业网站建设

news 2025/12/19 6:18:47

重庆的网站设计公司,台州企业网站建设,工程建设流程,青岛网站优化公司哪家好java 过滤器接口#xff08;API#xff09;验证入参#xff0c;验签#xff08;sign#xff09; Demo 一、思路 1、配置yml文件; 2、创建加载配置文件类; 3、继承 OncePerRequestFilter 重写方法 doFilterInternal; 4、注册自定义过滤器; 二、步骤 1、配置yml文件; ###系…java 过滤器接口API验证入参验签sign Demo 一、思路 1、配置yml文件; 2、创建加载配置文件类; 3、继承 OncePerRequestFilter 重写方法 doFilterInternal; 4、注册自定义过滤器; 二、步骤 1、配置yml文件; ###系统签名验证配置 biw: ###过滤器开关是否打开 enable: true ###过滤器-验签秘钥自定义一个字符串 securityKey: ccf12f15155c9c564daf1783a6f65f69a4a0 ###过滤器-URL urlPathPatterns: /test/test001/*,/com/baidu006/* 2、创建加载配置文件类; import lombok.Data; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.stereotype.Component;/*** Author * create 2023/07/18*/ Data Component ConfigurationProperties(prefix biw) public class BiwConfig {/*** 系统通讯密钥*/private String securityKey;/*** 签名验证URL路径*/private String urlPathPatterns;/*** 是否开启签名验证*/private Boolean enable;}3、继承 OncePerRequestFilter 重写方法 doFilterInternal; import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSONObject; import com.test.baidu.ResultCodeEnum; import com.test.baidu.config.BiwConfig; import com.test.baidu.common.model.Result; import lombok.extern.slf4j.Slf4j; import org.apache.commons.codec.digest.DigestUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.springframework.web.filter.OncePerRequestFilter;import javax.servlet.FilterChain; import javax.servlet.ServletException; import javax.servlet.ServletOutputStream; import javax.servlet.ServletRequest; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.BufferedReader; import java.io.IOException; import java.io.InputStreamReader; import java.nio.charset.Charset; import java.util.Iterator; import java.util.Map; import java.util.TreeMap;/*** BIW系统接口鉴权过滤器** Author * Date 2023/07/18*/ Slf4j Component public class BiwSignFilter extends OncePerRequestFilter {Autowiredprivate BiwConfig biwConfig;private final String SIGN_FIELD_NAME sign;private final String KEY_FIELD_NAME key;/*** doFilterInternal** param request* param response* param filterChain* throws ServletException* throws IOException*/Overrideprotected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {try {ServletRequest requestWrapper new RequestWrapper((HttpServletRequest) request);// 判断签名验证开关是否开启if (!biwConfig.getEnable()) {filterChain.doFilter(requestWrapper, response);return;}String bodyText this.readHttpBody(requestWrapper);log.info([系统接口鉴权]body内容: {}, bodyText);JSONObject jsonBody JSONObject.parseObject(bodyText);Object signRequest jsonBody.get(SIGN_FIELD_NAME);if (biwConfig.getEnable() null signRequest) {log.error(签名信息不存在);this.doReturn(response, Result.createError(ResultCodeEnum.SIGN_NOT_EXISTS.getCode(), ResultCodeEnum.SIGN_NOT_EXISTS.getMessage()));return;}String sign this.signMD5(jsonBody);// 验证签名if (biwConfig.getEnable() !sign.equals(signRequest)) {log.error(签名验证失败, 签名计算值 {} 签名请求值{} body内容{}, sign, signRequest, bodyText);this.doReturn(response, Result.createError(ResultCodeEnum.SIGN_ERROR.getCode(), ResultCodeEnum.SIGN_ERROR.getMessage()));return;}filterChain.doFilter(requestWrapper, response);} catch (Exception e) {log.error(签名验证异常, e);this.doReturn(response, Result.create500Error(e.getMessage()));return;}}/*** readHttpBody** param requestWrapper* return* throws IOException*/private String readHttpBody(ServletRequest requestWrapper) throws IOException {BufferedReader reader new BufferedReader(new InputStreamReader(requestWrapper.getInputStream(), Charset.forName(UTF-8)));String line ;StringBuilder sb new StringBuilder();while ((line reader.readLine()) ! null) {sb.append(line);}return sb.toString();}/*** doReturn** param response* param result* throws IOException*/private void doReturn(HttpServletResponse response, Result result) throws IOException {ServletOutputStream out response.getOutputStream();out.write(JSON.toJSONString(result).getBytes());out.flush();}/*** signMD5 : MD5签名加密** param jsonObject* return*/public String signMD5(JSONObject jsonObject) {Iterator it jsonObject.getInnerMap().keySet().iterator();MapString, Object map new TreeMapString, Object();StringBuilder signSb new StringBuilder();while (it.hasNext()) {Object key it.next();Object value jsonObject.get(key);if (SIGN_FIELD_NAME.equals(key)) {continue;}map.put(key.toString(), value);}for (Map.EntryString, Object entry : map.entrySet()) {signSb.append(entry.getKey());signSb.append();signSb.append(entry.getValue());signSb.append();}signSb.append(KEY_FIELD_NAME).append().append(biwConfig.getSecurityKey());String sign DigestUtils.md5Hex(signSb.toString()).toUpperCase();return sign;}/*** 生成签名*/public static void main(String[] args) {String json {\endTime\:\2023-07-01 08:00:00\,\startTime\:\2023-07-01 00:00:00\,\pageNum\:1,\pageSize\:50,\requestId\:\test001\};JSONObject jsonObject JSON.parseObject(json);Iterator it jsonObject.getInnerMap().keySet().iterator();MapString, Object map new TreeMapString, Object();StringBuilder signSb new StringBuilder();while (it.hasNext()) {Object key it.next();Object value jsonObject.get(key);if (sign.equals(key)) {continue;}map.put(key.toString(), value);}for (Map.EntryString, Object entry : map.entrySet()) {signSb.append(entry.getKey());signSb.append();signSb.append(entry.getValue());signSb.append();}signSb.append(key).append().append(ccf12f15155c9c564daf1783a6f65f69a4a0);String sign DigestUtils.md5Hex(signSb.toString()).toUpperCase();System.out.println(sign);}}4、注册自定义过滤器; import com.test.baidu.config.BiwConfig; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration;/*** Author * date 2023/07/18* description: 系统过滤配置*/ Configuration public class BiwFilterConfig {Autowiredprivate BiwSignFilter biwSignFilter;Autowiredprivate BiwConfig biwConfig;/*** biwBillPullFilterConfig* 数据-签名过滤** return*/Beanpublic FilterRegistrationBeanBiwSignFilter biwBillPullFilterConfig() {FilterRegistrationBeanBiwSignFilter registration new FilterRegistrationBean();// 注册自定义过滤器registration.setFilter(biwSignFilter);// 过滤所有路径// registration.addUrlPatterns(biwConfig.getUrlPathPatterns().split(,));registration.addUrlPatterns(biwConfig.getUrlPathPatterns());// 过滤器名称registration.setName(biwParametersFilter);// 优先级越低越优先registration.setOrder(1);return registration;}}5、每次调用此方法时将数据流中的数据读取出来然后再回填到InputStream之中解决通过RequestBody和RequestParamPOST方式读取一次后控制器拿不到参数问题 import org.apache.commons.io.IOUtils;import javax.servlet.ReadListener; import javax.servlet.ServletInputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; import java.io.*;/*** Author * create 2023/07/18*/ public class RequestWrapper extends HttpServletRequestWrapper {private byte[] requestBody;private HttpServletRequest request;public RequestWrapper(HttpServletRequest request) throws IOException {super(request);this.request request;}Overridepublic ServletInputStream getInputStream() throws IOException {/*** 每次调用此方法时将数据流中的数据读取出来然后再回填到InputStream之中* 解决通过RequestBody和RequestParamPOST方式读取一次后控制器拿不到参数问题*/if (null this.requestBody) {ByteArrayOutputStream baos new ByteArrayOutputStream();IOUtils.copy(request.getInputStream(), baos);this.requestBody baos.toByteArray();}final ByteArrayInputStream bais new ByteArrayInputStream(requestBody);return new ServletInputStream() {Overridepublic boolean isFinished() {return false;}Overridepublic boolean isReady() {return false;}Overridepublic void setReadListener(ReadListener listener) {}Overridepublic int read() {return bais.read();}};}public byte[] getRequestBody() {return requestBody;}Overridepublic BufferedReader getReader() throws IOException {return new BufferedReader(new InputStreamReader(this.getInputStream()));} }

查看全文

http://www.w-s-a.com/news/918550/