假设接口接收的HTTP请求的body的内容是将json字符串AES加密后的base64字符串,例如+m5AMx9/dw5Abazg79+fIgq0i+K/OTI2bitKHQU+Xck=,后端如何统一解密封装成pojo?
思路
- 自定义一个注解@DecryptAndBindPojo,写在controller层的带有@RequestMapping的方法上
- 通过springAOP拦截带有@DecryptAndBindPojo的方法,处理参数
- 带有@DecryptAndBindPojo的方法用一个普通的pojo类接收参数,不影响在方法里使用spring注入ServletRequest 等
package com.aaa.bbb.aspect;
import java.io.BufferedReader;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.http.HttpHeaders;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import com.alibaba.fastjson.JSON;
import com.aaa.bbb.annotation.DecryptAndBindPojo;
import cn.hutool.core.io.IoUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.SecureUtil;
@Aspect
@Component
public class DecryptAndBindPojoAspect {
@Around("@annotation(annotation)")
public Object doBefore(ProceedingJoinPoint joinPoint, DecryptAndBindPojo annotation) throws Throwable {
Object[] obj = joinPoint.getArgs();
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
.getRequest();
BufferedReader utf8Reader = IoUtil.getUtf8Reader(request.getInputStream());
String s = utf8Reader.readLine();
if (StrUtil.isBlank(s) || obj.length == 0) {
return joinPoint.proceed(obj);
}
String decryptStr = SecureUtil.aes(StrUtil.utf8Bytes("passwordpassword")).decryptStr(s);
for (int i = 0; i < obj.length; i++) {
boolean typeArg = obj[i] instanceof ServletRequest == false && obj[i] instanceof ServletResponse == false
&& obj[i] instanceof HttpSession == false && obj[i] instanceof HttpHeaders == false;
if (typeArg) {
Object parseObject = JSON.parseObject(decryptStr, obj[i].getClass());
obj[i] = parseObject;
}
}
return joinPoint.proceed(obj);
}
}
package com.aaa.bbb.annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface DecryptAndBindPojo {
}
@PostMapping("/addRole")
@DecryptAndBindPojo
public RoleVO add(Role role, HttpServletRequest request) {
// 做业务操作
// ...
return null;
}
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:task="http://www.springframework.org/schema/task"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/task
http://www.springframework.org/schema/task/spring-task.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd"
xmlns:tx="http://www.springframework.org/schema/tx">
<aop:aspectj-autoproxy expose-proxy="true"></aop:aspectj-autoproxy>
<context:component-scan base-package="com.aaa.bbb" />
</beans>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>5.2.9.RELEASE</version>
</dependency>
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-all</artifactId>
<version>5.4.4</version>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
<version>1.9.6</version>
</dependency>
<dependency>
<groupId>aopalliance</groupId>
<artifactId>aopalliance</artifactId>
<version>1.0</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.74</version>
</dependency>