版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/Jul_11th/article/details/82997046
需求:为提高接口的安全性,对数据传输加密。
前提:Controller层使用@RequestBody接收入参,@ResponseBody出参
入参解密
package com.sep6th.base.core.advice;
import java.lang.reflect.Type;
import org.springframework.core.MethodParameter;
import org.springframework.http.HttpInputMessage;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.converter.StringHttpMessageConverter;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdviceAdapter;
import com.sep6th.common.constant.BaseConstant;
import com.sep6th.common.util.AESUtil;
/**
* 对加密的请求参数,解密
*
* @date 2018/10/10 11:35
*/
@ControllerAdvice
public class RequestBodyDecryptAdvice extends RequestBodyAdviceAdapter {
/**
* 前置拦截匹配操作(定义自己业务相关的拦截匹配规则)
* 满足为true的才会执行下面的方法
*
* @date 2018/10/10 11:43
*/
@Override
public boolean supports(MethodParameter methodParameter, Type targetType,
Class<? extends HttpMessageConverter<?>> converterType) {
return StringHttpMessageConverter.class.isAssignableFrom(converterType);
}
/**
* 对加密的请求参数,解密
*
* @date 2018/10/10 12:55
*/
@Override
public Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType,
Class<? extends HttpMessageConverter<?>> converterType) {
//对加密的请求参数,解密
String jsonStrDecrypt = AESUtil.AES_Decrypt(BaseConstant.AES_KEY, String.valueOf(body));
System.out.println("对加密的请求参数,解密:"+ jsonStrDecrypt);
return jsonStrDecrypt;
}
}
出参加密
package com.sep6th.base.core.advice;
import org.springframework.core.MethodParameter;
import org.springframework.http.MediaType;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.server.ServerHttpRequest;
import org.springframework.http.server.ServerHttpResponse;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;
import com.sep6th.common.constant.BaseConstant;
import com.sep6th.common.util.AESUtil;
import com.sep6th.common.util.JsonUtils;
import com.sep6th.common.util.SysResult;
/**
* 对Controller层方法,返回类型是SysResult的返回数据加密
* 注意:定义自己业务相关的拦截匹配规则。
* 直接return true;是对所有返回数据加密。
*
* @date 2018/10/10 10:30
*/
@ControllerAdvice
public class ResponseBodyEncryptAdvice implements ResponseBodyAdvice<Object> {
/**
* 前置拦截匹配操作(定义自己业务相关的拦截匹配规则)
* true:就执行下面的beforeBodyWrite方法。
*
* @date 2018/10/10 11:27
*/
@Override
public boolean supports(MethodParameter methodParameter, Class<? extends HttpMessageConverter<?>> converterType) {
// 拦截Controller层返回类型是SysResult的方法
return methodParameter.getMethod().getReturnType().isAssignableFrom(SysResult.class);
}
/**
* 对返回值进行加密
*
* @date 2018/10/10 11:18
*/
@Override
public Object beforeBodyWrite(Object body, MethodParameter methodParameter, MediaType selectedContentType,
Class<? extends HttpMessageConverter<?>> selectedConverterType, ServerHttpRequest request,
ServerHttpResponse response) {
String jsonStr = JsonUtils.toFastJson(body);
System.out.println("获取ResponseBody里的内容:"+ jsonStr);
String jsonStrEncrypt = AESUtil.AES_Encrypt(BaseConstant.AES_KEY, jsonStr);
System.out.println("返回数据加密:"+ jsonStrEncrypt);
String jsonStrDecrypt = AESUtil.AES_Decrypt(BaseConstant.AES_KEY, jsonStrEncrypt);
System.out.println("对返回的加密数据解密:"+ jsonStrDecrypt);
return jsonStrEncrypt;
}
}