k
/
spring-boot-base-api
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update > optimize sign validate code & annotation

Browse Source
master
lihengming 8 years ago
parent c2787f4731
commit ac667efa44
1 changed files with 22 additions and 24 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 46
      src/main/java/com/company/project/configurer/WebMvcConfigurer.java

46
src/main/java/com/company/project/configurer/WebMvcConfigurer.java
Unescape View File

@ -101,15 +101,14 @@ public class WebMvcConfigurer extends WebMvcConfigurerAdapter {
//添加拦截器 //添加拦截器
@Override @Override
public void addInterceptors(InterceptorRegistry registry) { public void addInterceptors(InterceptorRegistry registry) {
//接口签名认证拦截器,该签名认证比较简单,实际项目中建议使用Json Web Token代替 //接口签名认证拦截器,该签名认证比较简单,实际项目中可以使用Json Web Token或其他更好的方式替代
if (!StringUtils.contains(env, "dev")) { //开发环境忽略签名认证 if (!StringUtils.contains(env, "dev")) { //开发环境忽略签名认证
registry.addInterceptor(new HandlerInterceptorAdapter() { registry.addInterceptor(new HandlerInterceptorAdapter() {
@Override @Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String sign = request.getParameter("sign");
//验证签名 //验证签名
if (StringUtils.isNotEmpty(sign) && validateSign(request, sign)) { boolean pass = validateSign(request);
if (pass) {
return true; return true;
} else { } else {
logger.warn("签名认证失败,请求接口:{},请求IP:{},请求参数:{}", logger.warn("签名认证失败,请求接口:{},请求IP:{},请求参数:{}",
@ -137,32 +136,31 @@ public class WebMvcConfigurer extends WebMvcConfigurerAdapter {
} }
/** /**
* 一个简单的签名认证规则请求参数按ASCII码排序后拼接为a=value&b=value...这样的字符串后进行MD5 * 一个简单的签名认证规则
* * 1. 将请求参数按ascii码排序
* @param request * 2. 拼接为a=value&b=value...这样的字符串不包含sign
* @param requestSign * 3. 混合密钥secret进行md5获得签名与请求的签名进行比较
* @return
*/ */
private boolean validateSign(HttpServletRequest request, String requestSign) { private boolean validateSign(HttpServletRequest request) {
String requestSign = request.getParameter("sign");//获得请求签名,如sign=19e907700db7ad91318424a97c54ed57
if (StringUtils.isEmpty(requestSign)) {
return false;
}
List<String> keys = new ArrayList<String>(request.getParameterMap().keySet()); List<String> keys = new ArrayList<String>(request.getParameterMap().keySet());
Collections.sort(keys); keys.remove("sign");//排除sign参数
Collections.sort(keys);//排序
String linkString = "";
StringBuilder sb = new StringBuilder();
for (String key : keys) { for (String key : keys) {
if (!"sign".equals(key)) { sb.append(key).append("=").append(request.getParameter(key)).append("&");//拼接字符串
linkString += key + "=" + request.getParameter(key) + "&";
}
} }
if (StringUtils.isEmpty(linkString)) String linkString = sb.toString();
return false; linkString = StringUtils.substring(linkString, 0, linkString.length() - 1);//去除最后一个'&'
linkString = linkString.substring(0, linkString.length() - 1);
String key = "Potato";//自己修改
String sign = DigestUtils.md5Hex(linkString + key);
return StringUtils.equals(sign, requestSign); String secret = "Potato";//密钥,自己修改
String sign = DigestUtils.md5Hex(linkString + secret);//混合密钥md5
return StringUtils.equals(sign, requestSign);//比较
} }
private String getIpAddress(HttpServletRequest request) { private String getIpAddress(HttpServletRequest request) {
@ -182,7 +180,7 @@ public class WebMvcConfigurer extends WebMvcConfigurerAdapter {
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr(); ip = request.getRemoteAddr();
} }
// 如果是多级代理,那么取第一个ip为客户ip // 如果是多级代理,那么取第一个ip为客户ip
if (ip != null && ip.indexOf(",") != -1) { if (ip != null && ip.indexOf(",") != -1) {
ip = ip.substring(0, ip.indexOf(",")).trim(); ip = ip.substring(0, ip.indexOf(",")).trim();
} }

Write Preview
Loading…
Cancel
Save