update > optimize sign validate code & annotation

master
lihengming 8 years ago
parent c2787f4731
commit ac667efa44
  1. 46
      src/main/java/com/company/project/configurer/WebMvcConfigurer.java

@ -101,15 +101,14 @@ public class WebMvcConfigurer extends WebMvcConfigurerAdapter {
//添加拦截器 //添加拦截器
@Override @Override
public void addInterceptors(InterceptorRegistry registry) { public void addInterceptors(InterceptorRegistry registry) {
//接口签名认证拦截器,该签名认证比较简单,实际项目中建议使用Json Web Token代替 //接口签名认证拦截器,该签名认证比较简单,实际项目中可以使用Json Web Token或其他更好的方式替代
if (!StringUtils.contains(env, "dev")) { //开发环境忽略签名认证 if (!StringUtils.contains(env, "dev")) { //开发环境忽略签名认证
registry.addInterceptor(new HandlerInterceptorAdapter() { registry.addInterceptor(new HandlerInterceptorAdapter() {
@Override @Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String sign = request.getParameter("sign");
//验证签名 //验证签名
if (StringUtils.isNotEmpty(sign) && validateSign(request, sign)) { boolean pass = validateSign(request);
if (pass) {
return true; return true;
} else { } else {
logger.warn("签名认证失败,请求接口:{},请求IP:{},请求参数:{}", logger.warn("签名认证失败,请求接口:{},请求IP:{},请求参数:{}",
@ -137,32 +136,31 @@ public class WebMvcConfigurer extends WebMvcConfigurerAdapter {
} }
/** /**
* 一个简单的签名认证规则请求参数按ASCII码排序后拼接为a=value&b=value...这样的字符串后进行MD5 * 一个简单的签名认证规则
* * 1. 将请求参数按ascii码排序
* @param request * 2. 拼接为a=value&b=value...这样的字符串不包含sign
* @param requestSign * 3. 混合密钥secret进行md5获得签名与请求的签名进行比较
* @return
*/ */
private boolean validateSign(HttpServletRequest request, String requestSign) { private boolean validateSign(HttpServletRequest request) {
String requestSign = request.getParameter("sign");//获得请求签名,如sign=19e907700db7ad91318424a97c54ed57
if (StringUtils.isEmpty(requestSign)) {
return false;
}
List<String> keys = new ArrayList<String>(request.getParameterMap().keySet()); List<String> keys = new ArrayList<String>(request.getParameterMap().keySet());
Collections.sort(keys); keys.remove("sign");//排除sign参数
Collections.sort(keys);//排序
String linkString = "";
StringBuilder sb = new StringBuilder();
for (String key : keys) { for (String key : keys) {
if (!"sign".equals(key)) { sb.append(key).append("=").append(request.getParameter(key)).append("&");//拼接字符串
linkString += key + "=" + request.getParameter(key) + "&";
} }
} String linkString = sb.toString();
if (StringUtils.isEmpty(linkString)) linkString = StringUtils.substring(linkString, 0, linkString.length() - 1);//去除最后一个'&'
return false;
linkString = linkString.substring(0, linkString.length() - 1);
String key = "Potato";//自己修改
String sign = DigestUtils.md5Hex(linkString + key);
return StringUtils.equals(sign, requestSign); String secret = "Potato";//密钥,自己修改
String sign = DigestUtils.md5Hex(linkString + secret);//混合密钥md5
return StringUtils.equals(sign, requestSign);//比较
} }
private String getIpAddress(HttpServletRequest request) { private String getIpAddress(HttpServletRequest request) {
@ -182,7 +180,7 @@ public class WebMvcConfigurer extends WebMvcConfigurerAdapter {
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr(); ip = request.getRemoteAddr();
} }
// 如果是多级代理,那么取第一个ip为客户ip // 如果是多级代理,那么取第一个ip为客户ip
if (ip != null && ip.indexOf(",") != -1) { if (ip != null && ip.indexOf(",") != -1) {
ip = ip.substring(0, ip.indexOf(",")).trim(); ip = ip.substring(0, ip.indexOf(",")).trim();
} }

Loading…
Cancel
Save