参考文档:https://blog.csdn.net/zhuocailing3390/article/details/125054315
解决思路:
- 通过实现
RequestBodyAdvice
接口,对前端请求的参数进行解密并且重新让真实结构的数据进入到Controller中; - 通过实现
ResponseBodyAdvice
接口,将响应的参数进行加密,返回到前端;
扩展:可以通过自定义注解,实现对指定接口的请求响应数据加解密
demo
请求数据解密
- 添加注解(这里的注解为排除接口加解密的注解)
import java.lang.annotation.*;/*** 请求加密、响应解密标识*/
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface HttpDataDecrypt {
}
- 添加处理类,通过实现
RequestBodyAdvice
接口,对符合要求的请求解密
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.chinaunicom.common.annotation.ExcludeHttpDataDecrypt;
import com.chinaunicom.common.annotation.HttpSvsSign;
import com.chinaunicom.common.entity.response.CommonCode;
import com.chinaunicom.common.exception.BizException;
import com.chinaunicom.common.util.Sm2Utils;
import com.chinaunicom.common.util.gmgz.GMGZComponent;
import com.chinaunicom.common.util.gmgz.GMGZResult;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.MethodParameter;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpInputMessage;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.web.bind.annotation.RestControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice;import javax.annotation.Nullable;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Type;
import java.nio.charset.StandardCharsets;@RestControllerAdvice
public class GlobalRequestBodyAdvice implements RequestBodyAdvice {@Value("${sm2.httpData.switch}")private boolean SM2Switch;@Value("${sm2.httpData.request.privateKey}")private String SM2ReqPriKey;@Autowiredprivate GMGZComponent gmgzComponent;/*** 该方法用于判断当前请求,是否要执行beforeBodyRead方法 目前所有加HttpBodyDecrypt注解的类或者接口都会做加解密处理* methodParameter方法的参数对象* type方法的参数类型* aClass 将会使用到的Http消息转换器类类型* 注意:此判断方法,会在beforeBodyRead 和 afterBodyRead方法前都触发一次。** @return 返回true则会执行beforeBodyRead,即请求数据解密*/@Overridepublic boolean supports(MethodParameter methodParameter, Type type, Class<? extends HttpMessageConverter<?>> aClass) {//请求、响应加解密注解//判断类上是否有指定注解boolean methodHasHttpBodyDecrypt = methodParameter.hasMethodAnnotation(HttpBodyDecrypt.class);if (methodHasHttpBodyDecrypt) {return true;}//判断方法上是否有指定注解boolean classHasHttpBodyDecrypt = methodParameter.getDeclaringClass().getAnnotation(HttpBodyDecrypt.class) != null;if (classHasHttpBodyDecrypt) {return true;}return true;}/*** 在Http消息转换器执转换,之前执行* inputMessage 客户端的请求数据* parameter方法的参数对象* targetType方法的参数类型* converterType 将会使用到的Http消息转换器类类型* @return 返回 一个自定义的HttpInputMessage*/@Overridepublic HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) throws IOException {if (inputMessage.getBody().available()<=0) {return inputMessage;}byte[] requestDataByte=new byte[inputMessage.getBody().available()];inputMessage.getBody().read(requestDataByte);byte[] requestDataByteNew=null;try {// 解密具体实现requestDataByteNew = this.decryptHandler(requestDataByte);} catch (Exception e) {throw e;}// 使用解密后的数据,构造新的读取流InputStream rawInputStream = new ByteArrayInputStream(requestDataByteNew);return new HttpInputMessage() {@Overridepublic HttpHeaders getHeaders() {return inputMessage.getHeaders();}@Overridepublic InputStream getBody() throws IOException {return rawInputStream;}};}/*** 在Http消息转换器执转换,之后执行* body 转换后的对象* inputMessage 客户端的请求数据* parameter handler方法的参数类型* targetType handler方法的参数类型* converterType 使用的Http消息转换器类类型* @return 返回一个新的对象*/@Overridepublic Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {return body;}/*** 参数与afterBodyRead相同,不过这个方法处理的是,body为空的情况*/@Overridepublic Object handleEmptyBody(@Nullable Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {return body;}/*** 解密处理* @param requestBytes* @return*/public byte[] decryptHandler(byte[] requestBytes) throws UnsupportedEncodingException {if (requestBytes.length <= 0) {return new byte[0];}String requestData = new String(requestBytes, StandardCharsets.UTF_8);String decrypt = null;try {JSONObject jsonobj = JSON.parseObject(requestData);//前端将解密结果放在:data字段中,如{"data": "加密结果"}String encrypt= jsonobj.get("data")==null?"":jsonobj.get("data").toString();//解密处理decrypt = Sm2Utils.decryptHttp(SM2ReqPriKey,encrypt);} catch (Exception e) {throw new BizException(CommonCode.REQUEST_DATA_END_ERROR);}//验证通过,返回解密后的参数return decrypt.getBytes(StandardCharsets.UTF_8);}
}
响应加密:
package com.chinaunicom.common.advice;import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.serializer.SerializeConfig; import com.alibaba.fastjson.serializer.SerializerFeature; import com.alibaba.fastjson.serializer.ToStringSerializer; import com.chinaunicom.common.annotation.ExcludeHttpDataDecrypt; import com.chinaunicom.common.entity.response.CommonCode; import com.chinaunicom.common.exception.BizException; import com.chinaunicom.common.util.Sm2Utils; import org.springframework.beans.factory.annotation.Value; import org.springframework.core.MethodParameter; import org.springframework.core.annotation.Order; import org.springframework.http.MediaType; import org.springframework.http.server.ServerHttpRequest; import org.springframework.http.server.ServerHttpResponse; import org.springframework.web.bind.annotation.RestControllerAdvice; import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;import java.math.BigInteger;@RestControllerAdvice(basePackages={"com.chinaunicom.api.controller","com.chinaunicom.admin.controller"}) @Order(Integer.MAX_VALUE-20) public class GlobalResponseBodyAdvice implements ResponseBodyAdvice {@Value("${sm2.httpData.switch}")private boolean SM2Switch;@Value("${sm2.httpData.response.publicKey}")private String SM2RespPubKey;@Overridepublic boolean supports(MethodParameter methodParameter, Class aClass) {if(!SM2Switch){return false;}//排除解密注解boolean methodHasExcludeHttpBodyDecrypt = methodParameter.hasMethodAnnotation(ExcludeHttpDataDecrypt.class);if (methodHasExcludeHttpBodyDecrypt) {return false;}boolean classHasExcludeHttpBodyDecrypt = methodParameter.getDeclaringClass().getAnnotation(ExcludeHttpDataDecrypt.class) != null;if (classHasExcludeHttpBodyDecrypt) {return false;}return true;}@Overridepublic Object beforeBodyWrite(Object body, MethodParameter methodParameter, MediaType mediaType, Class aClass, ServerHttpRequest request, ServerHttpResponse response) {try { // HttpHeaders headers = serverHttpRequest.getHeaders();String result = null;Class<?> dataClass = body.getClass();if (dataClass.isPrimitive() || (body instanceof String)) {result = String.valueOf(body);} else {SerializeConfig serializeConfig = SerializeConfig.globalInstance;serializeConfig.put(BigInteger.class, ToStringSerializer.instance);serializeConfig.put(Long.class, ToStringSerializer.instance);result = JSON.toJSONString(body, serializeConfig, SerializerFeature.WriteNullStringAsEmpty, SerializerFeature.WriteDateUseDateFormat, SerializerFeature.WriteMapNullValue);}// 设置响应的加密key,用于前端解密 // response.getHeaders().add(EncryptionHandler.ENCRYPT_KEY, key);// 对数据加密返回return Sm2Utils.encryptHttp(SM2RespPubKey,result);} catch (Exception e) {e.printStackTrace();throw new BizException(CommonCode.RESPONSE_DATA_END_ERROR);}} }