【笔记】Spring MVC拦截入参、出参实现入参解密，出参加密统一管理

需求：为提高接口的安全性，对数据传输加密。
前提：Controller层使用@RequestBody接收入参，@ResponseBody出参

入参解密

package com.sep6th.base.core.advice;import java.lang.reflect.Type;import org.springframework.core.MethodParameter;
import org.springframework.http.HttpInputMessage;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.converter.StringHttpMessageConverter;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdviceAdapter;import com.sep6th.common.constant.BaseConstant;
import com.sep6th.common.util.AESUtil;/** * 对加密的请求参数，解密** @date 2018/10/10 11:35*/
@ControllerAdvice
public class RequestBodyDecryptAdvice extends RequestBodyAdviceAdapter  {/*** 前置拦截匹配操作(定义自己业务相关的拦截匹配规则)* 满足为true的才会执行下面的方法* * @date 2018/10/10 11:43*/@Overridepublic boolean supports(MethodParameter methodParameter, Type targetType,Class<? extends HttpMessageConverter<?>> converterType) {return StringHttpMessageConverter.class.isAssignableFrom(converterType);}/*** 对加密的请求参数，解密* * @date 2018/10/10 12:55*/@Overridepublic Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType,Class<? extends HttpMessageConverter<?>> converterType) {//对加密的请求参数，解密String jsonStrDecrypt = AESUtil.AES_Decrypt(BaseConstant.AES_KEY, String.valueOf(body));System.out.println("对加密的请求参数，解密："+ jsonStrDecrypt);return jsonStrDecrypt;}
}

出参加密

package com.sep6th.base.core.advice;import org.springframework.core.MethodParameter;
import org.springframework.http.MediaType;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.server.ServerHttpRequest;
import org.springframework.http.server.ServerHttpResponse;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;import com.sep6th.common.constant.BaseConstant;
import com.sep6th.common.util.AESUtil;
import com.sep6th.common.util.JsonUtils;
import com.sep6th.common.util.SysResult;
/** * 对Controller层方法，返回类型是SysResult的返回数据加密* 注意：定义自己业务相关的拦截匹配规则。* 		直接return true;是对所有返回数据加密。* * @date 2018/10/10 10:30*/
@ControllerAdvice
public class ResponseBodyEncryptAdvice implements ResponseBodyAdvice<Object> {/*** 前置拦截匹配操作(定义自己业务相关的拦截匹配规则)* true:就执行下面的beforeBodyWrite方法。* * @date 2018/10/10 11:27*/@Overridepublic boolean supports(MethodParameter methodParameter, Class<? extends HttpMessageConverter<?>> converterType) {// 拦截Controller层返回类型是SysResult的方法return methodParameter.getMethod().getReturnType().isAssignableFrom(SysResult.class);}/*** 对返回值进行加密* * @date 2018/10/10 11:18*/@Overridepublic Object beforeBodyWrite(Object body, MethodParameter methodParameter, MediaType selectedContentType,Class<? extends HttpMessageConverter<?>> selectedConverterType, ServerHttpRequest request,ServerHttpResponse response) {String jsonStr = JsonUtils.toFastJson(body);System.out.println("获取ResponseBody里的内容："+ jsonStr);String jsonStrEncrypt = AESUtil.AES_Encrypt(BaseConstant.AES_KEY, jsonStr);System.out.println("返回数据加密："+ jsonStrEncrypt);String jsonStrDecrypt = AESUtil.AES_Decrypt(BaseConstant.AES_KEY, jsonStrEncrypt);System.out.println("对返回的加密数据解密："+ jsonStrDecrypt);return jsonStrEncrypt; }
}

本文来自互联网用户投稿，文章观点仅代表作者本人，不代表本站立场，不承担相关法律责任。如若转载，请注明出处。 如若内容造成侵权/违法违规/事实不符，请点击【内容举报】进行投诉反馈！