1.通過AOP在每個接口請求之前將前端傳來的加密數據進行解密,將解密後的參數通過反射賦值給接口參數上。將接口返回的結果值進行加密返回個前端。
import com.alibaba.fastjson.JSON;
import com.company.project.common.annotations.InterfaceFace;
import com.company.project.common.enums.Constants;
import com.company.project.common.util.AesUtils;
import com.company.project.common.vo.AppInfo;
import com.company.project.common.vo.ResponseVO;
import com.company.project.manage.dto.BaseParam;
import com.company.project.utils.CommonUtils;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.Map;
@Aspect
@Order(2)
@Component
public class AesAspect {
private Logger logger = LoggerFactory.getLogger(AesAspect.class);
@Value("${TOKEN_DES_KEY}")
private String TOKEN_DES_KEY;
//繼承了“BaseController”的RestController控制器方法
@Pointcut("@within(org.springframework.web.bind.annotation.RestController) && within(com.company.project.manage.aop.BaseController+)")
public void restControllerMethodPointcut() {
}
@Around("restControllerMethodPointcut()")
public Object Interceptor(ProceedingJoinPoint pjPoint) throws Throwable {
//interfaceFace爲空即默認標準設置
InterfaceFace interfaceFace = null;
boolean flag = false;
try {
MethodSignature msig = (MethodSignature) pjPoint.getSignature();
Method pointMethod = pjPoint.getTarget().getClass().getMethod(msig.getName(), msig.getParameterTypes());
interfaceFace = pointMethod.getAnnotation(InterfaceFace.class);//切點方法上獲取註解
if (interfaceFace != null && interfaceFace.requestAes()) {
//設置參數加密
flag = processParameter(pjPoint);
}
} catch (Exception e) {
logger.error("請求解析異常:", e);
return CommonUtils.errorResultObj("請求解析異常");
}
Object response = pjPoint.proceed();
if(interfaceFace == null || interfaceFace.standardResult()){
if (!(response instanceof ResponseVO)) {
return CommonUtils.errorResultObj("返回類型異常");
}else{
if (interfaceFace != null && interfaceFace.requestAes() && flag) {
String data = outputParamter(((ResponseVO) response).getData());
((ResponseVO) response).setData(data);
}
}
}
return response;
}
private String outputParamter(Object object){
String resultStr = null;
try {
String jsonString = JSON.toJSONString(object);
logger.debug("[writeInternal]======>返回明文數據:{}" + jsonString);
//對返回數據進行AES加密
resultStr = AesUtils.encrypt(jsonString, Constants.AES.getDesc());
logger.debug("[writeInternal]======>返回加密數據:{}" + resultStr);
} catch (Exception e) {
e.printStackTrace();
logger.error("[writeInternal]======>", e);
}
return resultStr;
}
private boolean processParameter(ProceedingJoinPoint pjPoint) {
try {
String aesParameter = "";
if(pjPoint.getArgs() != null && pjPoint.getArgs().length > 0){
for (Object o : pjPoint.getArgs()) {
if(o != null && o instanceof BaseParam){
if(StringUtils.isNotBlank(((BaseParam) o).getAesData())){
aesParameter = ((BaseParam) o).getAesData();
break;
}
}
}
}
if (StringUtils.isNotBlank(aesParameter)) {
logger.debug("[request請求的]==========>加密數據是:{}", aesParameter);
String decryptParameter = AesUtils.decrypt(aesParameter, Constants.AES.getDesc());
if(StringUtils.isBlank(decryptParameter)){
logger.debug("解密失敗");
return false;
}
logger.debug("[decrypt]==========> 解密數據:{}", decryptParameter);
Map<String, Object> map = JSON.parseObject(decryptParameter);
for(Object param : pjPoint.getArgs()){
if(!(param instanceof AppInfo)){
//基類上注入信息
Field[] fields = param.getClass().getDeclaredFields();
for (Field field : fields) {
field.setAccessible(true);
//遍歷keyset
for (String s : map.keySet()) {
//如果有屬性名和key相同
if (field.getName().equals(s)){
// 將指定對象變量上 此Field對象表示的字段設置爲指定的新值。
field.set(param, map.get(s));
}
}
}
//給父類屬性賦值
Field[] fieldParents = param.getClass().getSuperclass().getDeclaredFields();
for (Field parentField : fieldParents) {
parentField.setAccessible(true);
//遍歷keyset
for (String s : map.keySet()) {
//如果有屬性名和key相同
if (parentField.getName().equals(s)){
// 將指定對象變量 此Field對象表示的字段設置爲指定的新值。
parentField.set(param, map.get(s));
}
}
}
break;
}
}
return true;
}
} catch (Exception e) {
logger.error("請求參數解密異常:", e);
}
return false;
}
}
2.增加InterfaceFace註解,用於區分哪些接口需要進行加密傳參。
import java.lang.annotation.*; @Target({ElementType.PARAMETER, ElementType.METHOD}) @Retention(RetentionPolicy.RUNTIME) @Documented public @interface InterfaceFace { //是否進行身份認證 boolean identityAuth() default true; //是否使用標準請求(要求Header信息) boolean standardRequest() default true; //是否返回標準結果 boolean standardResult() default true; //請求參數和返回結果是否加密 boolean requestAes() default false; }
3.加密工具類
import lombok.AllArgsConstructor; import lombok.Getter; import lombok.ToString; @Getter @ToString @AllArgsConstructor public enum Constants { AES_DATA("aesData","指定參數"), AES("AES_KEY","36CAA1C88F7F8D1D"), IV("AES_IV","31129048100F0494"); private String code; private String desc; }
import com.company.project.common.enums.Constants; import org.bouncycastle.jce.provider.BouncyCastleProvider; import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import javax.validation.constraints.NotNull; import java.security.Security; import java.security.spec.AlgorithmParameterSpec; import java.util.Objects; /** * Describe:AES 加密 * Created by 徐川江 on 2018-08-03 17:47 **/ public class AesUtils { private static final String CHARSET_NAME = "UTF-8"; private static final String AES_NAME = "AES"; private static final String ALGORITHM = "AES/CBC/PKCS7Padding"; private static final String IV = Constants.IV.getDesc(); static { Security.addProvider(new BouncyCastleProvider()); } /** * 加密 */ public static String encrypt(@NotNull String content, @NotNull String key) throws Exception { try { Cipher cipher = Cipher.getInstance(ALGORITHM); SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(CHARSET_NAME), AES_NAME); AlgorithmParameterSpec paramSpec = new IvParameterSpec(IV.getBytes()); cipher.init(Cipher.ENCRYPT_MODE, keySpec, paramSpec); return ParseSystemUtil.parseByte2HexStr(cipher.doFinal(content.getBytes(CHARSET_NAME))); } catch (Exception ex) { ex.printStackTrace(); throw new Exception("加密失敗"); } } /** * 解密 */ public static String decrypt(@NotNull String content, @NotNull String key) throws Exception { try { Cipher cipher = Cipher.getInstance(ALGORITHM); SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(CHARSET_NAME), AES_NAME); AlgorithmParameterSpec paramSpec = new IvParameterSpec(IV.getBytes()); cipher.init(Cipher.DECRYPT_MODE, keySpec, paramSpec); return new String(cipher.doFinal(Objects.requireNonNull(ParseSystemUtil.parseHexStr2Byte(content))), CHARSET_NAME); } catch (Exception ex) { throw new Exception("解密失敗"); } } }
4.request請求接收到加密參數後,待完善的是參數解密給解密後的json對象賦值給方法上的參數,該參數需要是string類型。