背景

在我当前的项目中,有许多接口都需要加解密,保证数据的安全性,为了抽象出这一类接口的共性
而在我们的接口设计中,加密后的参数是以整个body来传送密文的,并非json中的某一个字段,所以本文的方案,也可以用于自定义传输数据类型
本文通过RequestBodyAdvice、ResponseBodyAdvice来实现这一需求。

定义注解,标识请求是否需要加解密

1
2
3
4
5
6
7
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface SecurityInterface {
boolean encryptRequest() default true;

boolean encryptResponse() default true;
}

请求参数解密

拦截请求,对参数解密

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
import org.springframework.core.MethodParameter;
import org.springframework.http.HttpInputMessage;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice;

import java.io.IOException;
import java.lang.reflect.Method;
import java.lang.reflect.Type;

/**
* @author far.liu
*/
@ControllerAdvice
public class DecryptRequestBodyAdvice implements RequestBodyAdvice {
@Override
public boolean supports(MethodParameter methodParameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
Method method = methodParameter.getMethod();
SecurityInterface annotation = method.getAnnotation(SecurityInterface.class);
if (annotation == null) {
annotation = method.getClass().getAnnotation(SecurityInterface.class);
}
if (annotation == null) {
return false;
}
return annotation.encryptRequest();
}

@Override
public HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) throws IOException {
HttpInputMessage returnInputMessage = new DecryptHttpInputMessage(inputMessage.getHeaders(), inputMessage.getBody());
return returnInputMessage;
}

@Override
public Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
return body;
}

@Override
public Object handleEmptyBody(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
return body;
}
}

解密的具体实现

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
import com.guys.txm.core.util.EncryptUtil;
import com.guys.txm.core.util.StreamUtil;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpInputMessage;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;

/**
* @author far.liu
*/
public class DecryptHttpInputMessage implements HttpInputMessage {
private HttpHeaders headers = null;
private InputStream is = null;
private static final String ENC_KEY = "xxxx";
private static final String ENC_E = "xxxx";

public DecryptHttpInputMessage(HttpHeaders headers, InputStream is) {
this.headers = headers;
this.is = is;
}

@Override
public InputStream getBody() throws IOException {
ByteArrayOutputStream out = null;
try {
out = StreamUtil.copy(is);
byte[] temp = EncryptUtil.decodeBase64(out.toByteArray());
byte[] body = EncryptUtil.aesCBCDecrypt(temp, ENC_KEY, ENC_E);
return new ByteArrayInputStream(body);
} catch (Exception e) {
throw new IOException(e.getMessage(), e);
} finally {
StreamUtil.close(is);
StreamUtil.close(out);
}
}

@Override
public HttpHeaders getHeaders() {
return headers;
}
}

返回参数加密

同样的方式,使用ResponseBodyAdvice拦截返回值,在此可以进行数据加密。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
import org.springframework.core.MethodParameter;
import org.springframework.http.MediaType;
import org.springframework.http.server.ServerHttpRequest;
import org.springframework.http.server.ServerHttpResponse;
import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;
import org.springframework.web.bind.annotation.ControllerAdvice;

/**
* @author far.liu
*/
@ControllerAdvice
public class EncryptResponseBodyAdvice implements ResponseBodyAdvice {
@Override
public boolean supports(MethodParameter returnType, Class converterType) {
return false;
}

@Override
public Object beforeBodyWrite(Object body, MethodParameter returnType, MediaType selectedContentType, Class selectedConverterType, ServerHttpRequest request, ServerHttpResponse response) {
return null;
}
}