Spring?Boot?接口加解密功能實(shí)現(xiàn)

更新時(shí)間：2023年04月29日 09:06:51 作者：mry6

在我們?nèi)粘５腏ava開(kāi)發(fā)中，免不了和其他系統(tǒng)的業(yè)務(wù)交互，或者微服務(wù)之間的接口調(diào)用;如果我們想保證數(shù)據(jù)傳輸?shù)陌踩?，?duì)接口出參加密，入?yún)⒔饷?，這篇文章主要介紹了Spring?Boot?接口加解密功能實(shí)現(xiàn),需要的朋友可以參考下

介紹

在我們?nèi)粘５腏ava開(kāi)發(fā)中，免不了和其他系統(tǒng)的業(yè)務(wù)交互，或者微服務(wù)之間的接口調(diào)用;如果我們想保證數(shù)據(jù)傳輸?shù)陌踩?，?duì)接口出參加密，入?yún)⒔饷?。但是不想?xiě)重復(fù)代碼，我們可以提供一個(gè)通用starter，提供通用加密解密功能。

基礎(chǔ)知識(shí)

hutool-crypto加密解密工具

hutool-crypto提供了很多加密解密工具，包括對(duì)稱(chēng)加密，非對(duì)稱(chēng)加密，摘要加密等等，這不做詳細(xì)介紹。

request流只能讀取一次的問(wèn)題

問(wèn)題描述

在接口調(diào)用鏈中，request的請(qǐng)求流只能調(diào)用一次，處理之后，如果之后還需要用到請(qǐng)求流獲取數(shù)據(jù)，就會(huì)發(fā)現(xiàn)數(shù)據(jù)為空。

比如使用了filter或者aop在接口處理之前，獲取了request中的數(shù)據(jù)，對(duì)參數(shù)進(jìn)行了校驗(yàn)，那么之后就不能在獲取request請(qǐng)求流了。

解決辦法

繼承HttpServletRequestWrapper，將請(qǐng)求中的流copy一份，復(fù)寫(xiě)getInputStream和getReader方法供外部使用。每次調(diào)用后的getInputStream方法都是從復(fù)制出來(lái)的二進(jìn)制數(shù)組中進(jìn)行獲取，這個(gè)二進(jìn)制數(shù)組在對(duì)象存在期間一致存在。

使用Filter過(guò)濾器，在一開(kāi)始，替換request為自己定義的可以多次讀取流的request。

下面這樣就實(shí)現(xiàn)了流的重復(fù)獲取:
工具類(lèi)(InputStreamHttpServletRequestWrapper)：

package com.mry.springboottools.validation;
import org.apache.commons.io.IOUtils;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
/**
 * 請(qǐng)求流支持多次獲取
 */
public class InputStreamHttpServletRequestWrapper extends HttpServletRequestWrapper {
    /**
     * 用于緩存輸入流
     */
    private ByteArrayOutputStream cachedBytes;
    public InputStreamHttpServletRequestWrapper(HttpServletRequest request) {
        super(request);
    }
    @Override
    public ServletInputStream getInputStream() throws IOException {
        if (cachedBytes == null) {
            // 首次獲取流時(shí)，將流放入 緩存輸入流 中
            cacheInputStream();
        }
        // 從 緩存輸入流 中獲取流并返回
        return new CachedServletInputStream(cachedBytes.toByteArray());
    }
    @Override
    public BufferedReader getReader() throws IOException {
        return new BufferedReader(new InputStreamReader(getInputStream()));
    }
    /**
     * 首次獲取流時(shí)，將流放入 緩存輸入流 中
     */
    private void cacheInputStream() throws IOException {
        // 緩存輸入流以便多次讀取。為了方便, 我使用 org.apache.commons IOUtils
        cachedBytes = new ByteArrayOutputStream();
        IOUtils.copy(super.getInputStream(), cachedBytes);
    }
    /**
     * 讀取緩存的請(qǐng)求正文的輸入流
     * <p>
     * 用于根據(jù) 緩存輸入流 創(chuàng)建一個(gè)可返回的
     */
    public static class CachedServletInputStream extends ServletInputStream {
        private final ByteArrayInputStream input;
        public CachedServletInputStream(byte[] buf) {
            // 從緩存的請(qǐng)求正文創(chuàng)建一個(gè)新的輸入流
            input = new ByteArrayInputStream(buf);
        }
        @Override
        public boolean isFinished() {
            return false;
        }
        @Override
        public boolean isReady() {
            return false;
        }
        @Override
        public void setReadListener(ReadListener listener) {
        }
        @Override
        public int read() throws IOException {
            return input.read();
        }
    }
}

Filter過(guò)濾器(HttpServletRequestInputStreamFilter)：

package com.mry.springboottools.validation;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import static org.springframework.core.Ordered.HIGHEST_PRECEDENCE;
/**
 * @author
 * @description: 請(qǐng)求流轉(zhuǎn)換為多次讀取的請(qǐng)求流 過(guò)濾器
 */
@Component
@Order(HIGHEST_PRECEDENCE + 1)  // 優(yōu)先級(jí)最高
public class HttpServletRequestInputStreamFilter implements Filter {
    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        // 轉(zhuǎn)換為可以多次獲取流的request
        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
        InputStreamHttpServletRequestWrapper inputStreamHttpServletRequestWrapper = new InputStreamHttpServletRequestWrapper(httpServletRequest);
        // 放行
        chain.doFilter(inputStreamHttpServletRequestWrapper, response);
    }
}

SpringBoot的參數(shù)校驗(yàn)validation

為了減少接口中，業(yè)務(wù)代碼之前的大量冗余的參數(shù)校驗(yàn)代碼

SpringBoot-validation提供了優(yōu)雅的參數(shù)校驗(yàn)，入?yún)⒍际菍?shí)體類(lèi)，在實(shí)體類(lèi)字段上加上對(duì)應(yīng)注解，就可以在進(jìn)入方法之前，進(jìn)行參數(shù)校驗(yàn)，如果參數(shù)錯(cuò)誤，會(huì)拋出錯(cuò)誤BindException，是不會(huì)進(jìn)入方法的。

這種方法，必須要求在接口參數(shù)上加注解@Validated或者是@Valid

但是很多清空下，我們希望在代碼中調(diào)用某個(gè)實(shí)體類(lèi)的校驗(yàn)功能，所以需要如下工具類(lèi)。

package com.mry.springboottools.validation;
import javax.validation.ConstraintViolation;
import javax.validation.Validation;
import javax.validation.Validator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
/**
 * @author
 * @description 驗(yàn)證工具類(lèi)
 */
public class ValidationUtils {
    private static final Validator VALIDATOR = Validation.buildDefaultValidatorFactory().getValidator();
    /**
     * 驗(yàn)證數(shù)據(jù)
     * @param object 數(shù)據(jù)
     */
    public static void validate(Object object) throws CustomizeException {
        Set<ConstraintViolation<Object>> validate = VALIDATOR.validate(object);
        // 驗(yàn)證結(jié)果異常
        throwParamException(validate);
    }
    /**
     * 驗(yàn)證數(shù)據(jù)(分組)
     * @param object 數(shù)據(jù)
     * @param groups 所在組
     */
    public static void validate(Object object, Class<?> ... groups) throws CustomizeException {
        Set<ConstraintViolation<Object>> validate = VALIDATOR.validate(object, groups);
        // 驗(yàn)證結(jié)果異常
        throwParamException(validate);
    }
    /**
     * 驗(yàn)證數(shù)據(jù)中的某個(gè)字段(分組)
     * @param object 數(shù)據(jù)
     * @param propertyName 字段名稱(chēng)
     */
    public static void validate(Object object, String propertyName) throws CustomizeException {
        Set<ConstraintViolation<Object>> validate = VALIDATOR.validateProperty(object, propertyName);
        // 驗(yàn)證結(jié)果異常
        throwParamException(validate);
    }
    /**
     * 驗(yàn)證數(shù)據(jù)中的某個(gè)字段(分組)
     * @param object 數(shù)據(jù)
     * @param propertyName 字段名稱(chēng)
     * @param groups 所在組
     */
    public static void validate(Object object, String propertyName, Class<?> ... groups) throws CustomizeException {
        Set<ConstraintViolation<Object>> validate = VALIDATOR.validateProperty(object, propertyName, groups);
        // 驗(yàn)證結(jié)果異常
        throwParamException(validate);
    }
    /**
     * 驗(yàn)證結(jié)果異常
     * @param validate 驗(yàn)證結(jié)果
     */
    private static void throwParamException(Set<ConstraintViolation<Object>> validate) throws CustomizeException {
        if (validate.size() > 0) {
            List<String> fieldList = new LinkedList<>();
            List<String> msgList = new LinkedList<>();
            for (ConstraintViolation<Object> next : validate) {
                fieldList.add(next.getPropertyPath().toString());
                msgList.add(next.getMessage());
            }
            throw new ParamException(fieldList, msgList);
        }
    }
}

自定義參數(shù)異常:

package com.mry.springboottools.validation;
import lombok.Getter;
import org.springframework.util.CollectionUtils;
import java.util.List;
/**
 * @author
 * @description 自定義參數(shù)異常
 */
@Getter
public class ParamException extends CustomizeException {
    private List<String> fieldList;
    private List<String> msgList;
    public ParamException(String message) {
        super(message);
    }
    public ParamException(String message, Throwable cause) {
        super(message, cause);
    }
    public ParamException(List<String> fieldList, List<String> msgList) throws CustomizeException {
        super(generatorMessage(fieldList, msgList));
        this.fieldList = fieldList;
        this.msgList = msgList;
    }
    public ParamException(List<String> fieldList, List<String> msgList, Exception ex) throws CustomizeException {
        super(generatorMessage(fieldList, msgList), ex);
        this.fieldList = fieldList;
        this.msgList = msgList;
    }
    private static String generatorMessage(List<String> fieldList, List<String> msgList) throws CustomizeException {
        if (CollectionUtils.isEmpty(fieldList) || CollectionUtils.isEmpty(msgList) || fieldList.size() != msgList.size()) {
            return "參數(shù)錯(cuò)誤";
        }
        StringBuilder message = new StringBuilder();
        for (int i = 0; i < fieldList.size(); i++) {
            String field = fieldList.get(i);
            String msg = msgList.get(i);
            if (i == fieldList.size() - 1) {
                message.append(field).append(":").append(msg);
            } else {
                message.append(field).append(":").append(msg).append(",");
            }
        }
        return message.toString();
    }
}

自定義異常:

package com.mry.springboottools.validation;
/**
 * @author
 * @description: 自定義異常
 */
public class CustomizeException extends Exception {
    public CustomizeException(String message, Throwable cause) {
        super(message, cause);
    }
    public CustomizeException(String message) {
        super(message);
    }
}

自定義starter

自定義starter步驟:
1.創(chuàng)建工廠，編寫(xiě)功能代碼;
2.聲明自動(dòng)配置類(lèi)，把需要對(duì)外提供的對(duì)象創(chuàng)建好，通過(guò)配置類(lèi)統(tǒng)一向外暴露;
3.在resource目錄下準(zhǔn)備一個(gè)名為spring/spring.factories的文件，以org.springframework.boot.autoconfigure.EnableAutoConfiguration為key，自動(dòng)配置類(lèi)為value列表，進(jìn)行注冊(cè);

RequestBodyAdvice和ResponseBodyAdvice

1.RequestBodyAdvice是對(duì)請(qǐng)求的json串進(jìn)行處理，一般使用環(huán)境是處理接口參數(shù)的自動(dòng)解密;
2.ResponseBodyAdvice是對(duì)請(qǐng)求響應(yīng)的json傳進(jìn)行處理，一般用于相應(yīng)結(jié)果的加密;

功能介紹

接口數(shù)據(jù)的時(shí)候，返回的是加密之后的數(shù)據(jù) 接口入?yún)⒌臅r(shí)候，接收的是解密之后的數(shù)據(jù)，但是在進(jìn)入接口之前，加密的會(huì)自動(dòng)解密，取得對(duì)應(yīng)的數(shù)據(jù)。

功能細(xì)節(jié)

加密解密使用對(duì)稱(chēng)加密的AES算法，使用hutool-crypto模塊進(jìn)行實(shí)現(xiàn)

所有的實(shí)體類(lèi)提取一個(gè)公共父類(lèi)，包含屬性時(shí)間戳，用于加密數(shù)據(jù)返回之后的實(shí)效性，如果超過(guò)60分鐘，那么其他接口將不進(jìn)行處理。

如果接口加了加密注解EncryptionAnnotation，并且返回統(tǒng)一的json數(shù)據(jù)Result類(lèi)，則自動(dòng)對(duì)數(shù)據(jù)進(jìn)行加密。如果是繼承了統(tǒng)一父類(lèi)RequestBase的數(shù)據(jù)，自動(dòng)注入時(shí)間戳，確保數(shù)據(jù)的時(shí)效性。

如果接口加了解密注解DecryptionAnnotation，并且參數(shù)使用RequestBody注解標(biāo)注，傳入json使用統(tǒng)一格式RequestData類(lèi)，并且內(nèi)容是繼承了包含時(shí)間長(zhǎng)的父類(lèi)RequestBase，則自動(dòng)解密，并且轉(zhuǎn)為對(duì)應(yīng)的數(shù)據(jù)類(lèi)型。

功能提供Springboot的starter，實(shí)現(xiàn)開(kāi)箱即用。

代碼實(shí)現(xiàn)

項(xiàng)目結(jié)構(gòu)

在這里插入圖片描述

crypto-common

在這里插入圖片描述

crypto-spring-boot-starter 代碼結(jié)構(gòu)

在這里插入圖片描述

核心代碼

crypto.properties AES需要的參數(shù)配置

# \u6A21\u5F0F cn.hutool.crypto.Mode
crypto.mode=CTS
# \u8865\u7801\u65B9\u5F0F cn.hutool.crypto.Mode
crypto.padding=PKCS5Padding
# \u79D8\u94A5
crypto.key=testkey123456789
# \u76D0
crypto.iv=testiv1234567890

spring.factories 自動(dòng)配置文件

org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
com.mry.crypto.config.AppConfig

CryptConfig AES需要的配置參數(shù)

package com.mry.crypto.config;
import cn.hutool.crypto.Mode;
import cn.hutool.crypto.Padding;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import java.io.Serializable;
/**
 * @author
 * @description: AES需要的配置參數(shù)
 */
@Configuration
@ConfigurationProperties(prefix = "crypto")
@PropertySource("classpath:crypto.properties")
@Data
@EqualsAndHashCode
@Getter
public class CryptConfig implements Serializable {
    private Mode mode;
    private Padding padding;
    private String key;
    private String iv;
}

AppConfig 自動(dòng)配置類(lèi)

package com.mry.crypto.config;
import cn.hutool.crypto.symmetric.AES;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import javax.annotation.Resource;
import java.nio.charset.StandardCharsets;
/**
 * @author
 * @description: 自動(dòng)配置類(lèi)
 */
@Configuration
public class AppConfig {
    @Resource
    private CryptConfig cryptConfig;
    @Bean
    public AES aes() {
        return new AES(cryptConfig.getMode(), cryptConfig.getPadding(), cryptConfig.getKey().getBytes(StandardCharsets.UTF_8), cryptConfig.getIv().getBytes(StandardCharsets.UTF_8));
    }
}
package com.mry.crypto.config;
import cn.hutool.crypto.symmetric.AES;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import javax.annotation.Resource;
import java.nio.charset.StandardCharsets;
/**
 * @author
 * @description: 自動(dòng)配置類(lèi)
 */
@Configuration
public class AppConfig {
    @Resource
    private CryptConfig cryptConfig;
    @Bean
    public AES aes() {
        return new AES(cryptConfig.getMode(), cryptConfig.getPadding(), cryptConfig.getKey().getBytes(StandardCharsets.UTF_8), cryptConfig.getIv().getBytes(StandardCharsets.UTF_8));
    }
}

DecryptRequestBodyAdvice 請(qǐng)求自動(dòng)解密

package com.mry.crypto.advice;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.mry.crypto.annotation.DecryptionAnnotation;
import com.mry.crypto.common.exception.ParamException;
import com.mry.crypto.constant.CryptoConstant;
import com.mry.crypto.entity.RequestBase;
import com.mry.crypto.entity.RequestData;
import com.mry.crypto.util.AESUtil;
import lombok.SneakyThrows;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.MethodParameter;
import org.springframework.http.HttpInputMessage;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.lang.reflect.Type;
/**
 * @author
 * @description: requestBody 自動(dòng)解密
 */
@ControllerAdvice
public class DecryptRequestBodyAdvice implements RequestBodyAdvice {
    @Autowired
    private ObjectMapper objectMapper;
    /**
     * 方法上有DecryptionAnnotation注解的，進(jìn)入此攔截器
     * @param methodParameter 方法參數(shù)對(duì)象
     * @param targetType 參數(shù)的類(lèi)型
     * @param converterType 消息轉(zhuǎn)換器
     * @return true，進(jìn)入，false，跳過(guò)
     */
    @Override
    public boolean supports(MethodParameter methodParameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
        return methodParameter.hasMethodAnnotation(DecryptionAnnotation.class);
    }
    @Override
    public HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) throws IOException {
        return inputMessage;
    }
    /**
     * 轉(zhuǎn)換之后，執(zhí)行此方法，解密，賦值
     * @param body spring解析完的參數(shù)
     * @param inputMessage 輸入?yún)?shù)
     * @param parameter 參數(shù)對(duì)象
     * @param targetType 參數(shù)類(lèi)型
     * @param converterType 消息轉(zhuǎn)換類(lèi)型
     * @return 真實(shí)的參數(shù)
     */
    @SneakyThrows
    @Override
    public Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
        // 獲取request
        RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) requestAttributes;
        if (servletRequestAttributes == null) {
            throw new ParamException("request錯(cuò)誤");
        }
        HttpServletRequest request = servletRequestAttributes.getRequest();
        // 獲取數(shù)據(jù)
        ServletInputStream inputStream = request.getInputStream();
        RequestData requestData = objectMapper.readValue(inputStream, RequestData.class);
        if (requestData == null || StringUtils.isBlank(requestData.getText())) {
            throw new ParamException("參數(shù)錯(cuò)誤");
        }
        // 獲取加密的數(shù)據(jù)
        String text = requestData.getText();
        // 放入解密之前的數(shù)據(jù)
        request.setAttribute(CryptoConstant.INPUT_ORIGINAL_DATA, text);
        // 解密
        String decryptText = null;
        try {
            decryptText = AESUtil.decrypt(text);
        } catch (Exception e) {
            throw new ParamException("解密失敗");
        }
        if (StringUtils.isBlank(decryptText)) {
            throw new ParamException("解密失敗");
        }
        // 放入解密之后的數(shù)據(jù)
        request.setAttribute(CryptoConstant.INPUT_DECRYPT_DATA, decryptText);
        // 獲取結(jié)果
        Object result = objectMapper.readValue(decryptText, body.getClass());
        // 強(qiáng)制所有實(shí)體類(lèi)必須繼承RequestBase類(lèi)，設(shè)置時(shí)間戳
        if (result instanceof RequestBase) {
            // 獲取時(shí)間戳
            Long currentTimeMillis = ((RequestBase) result).getCurrentTimeMillis();
            // 有效期 60秒
            long effective = 60*1000;
            // 時(shí)間差
            long expire = System.currentTimeMillis() - currentTimeMillis;
            // 是否在有效期內(nèi)
            if (Math.abs(expire) > effective) {
                throw new ParamException("時(shí)間戳不合法");
            }
            // 返回解密之后的數(shù)據(jù)
            return result;
        } else {
            throw new ParamException(String.format("請(qǐng)求參數(shù)類(lèi)型：%s 未繼承：%s", result.getClass().getName(), RequestBase.class.getName()));
        }
    }
    /**
     * 如果body為空，轉(zhuǎn)為空對(duì)象
     * @param body spring解析完的參數(shù)
     * @param inputMessage 輸入?yún)?shù)
     * @param parameter 參數(shù)對(duì)象
     * @param targetType 參數(shù)類(lèi)型
     * @param converterType 消息轉(zhuǎn)換類(lèi)型
     * @return 真實(shí)的參數(shù)
     */
    @SneakyThrows
    @Override
    public Object handleEmptyBody(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
        String typeName = targetType.getTypeName();
        Class<?> bodyClass = Class.forName(typeName);
        return bodyClass.newInstance();
    }
}

EncryptResponseBodyAdvice 相應(yīng)自動(dòng)加密

package com.mry.crypto.advice;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.mry.crypto.annotation.DecryptionAnnotation;
import com.mry.crypto.common.exception.ParamException;
import com.mry.crypto.constant.CryptoConstant;
import com.mry.crypto.entity.RequestBase;
import com.mry.crypto.entity.RequestData;
import com.mry.crypto.util.AESUtil;
import lombok.SneakyThrows;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.MethodParameter;
import org.springframework.http.HttpInputMessage;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.lang.reflect.Type;
/**
 * @author
 * @description: requestBody 自動(dòng)解密
 */
@ControllerAdvice
public class DecryptRequestBodyAdvice implements RequestBodyAdvice {
    @Autowired
    private ObjectMapper objectMapper;
    /**
     * 方法上有DecryptionAnnotation注解的，進(jìn)入此攔截器
     * @param methodParameter 方法參數(shù)對(duì)象
     * @param targetType 參數(shù)的類(lèi)型
     * @param converterType 消息轉(zhuǎn)換器
     * @return true，進(jìn)入，false，跳過(guò)
     */
    @Override
    public boolean supports(MethodParameter methodParameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
        return methodParameter.hasMethodAnnotation(DecryptionAnnotation.class);
    }
    @Override
    public HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) throws IOException {
        return inputMessage;
    }
    /**
     * 轉(zhuǎn)換之后，執(zhí)行此方法，解密，賦值
     * @param body spring解析完的參數(shù)
     * @param inputMessage 輸入?yún)?shù)
     * @param parameter 參數(shù)對(duì)象
     * @param targetType 參數(shù)類(lèi)型
     * @param converterType 消息轉(zhuǎn)換類(lèi)型
     * @return 真實(shí)的參數(shù)
     */
    @SneakyThrows
    @Override
    public Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
        // 獲取request
        RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) requestAttributes;
        if (servletRequestAttributes == null) {
            throw new ParamException("request錯(cuò)誤");
        }
        HttpServletRequest request = servletRequestAttributes.getRequest();
        // 獲取數(shù)據(jù)
        ServletInputStream inputStream = request.getInputStream();
        RequestData requestData = objectMapper.readValue(inputStream, RequestData.class);
        if (requestData == null || StringUtils.isBlank(requestData.getText())) {
            throw new ParamException("參數(shù)錯(cuò)誤");
        }
        // 獲取加密的數(shù)據(jù)
        String text = requestData.getText();
        // 放入解密之前的數(shù)據(jù)
        request.setAttribute(CryptoConstant.INPUT_ORIGINAL_DATA, text);
        // 解密
        String decryptText = null;
        try {
            decryptText = AESUtil.decrypt(text);
        } catch (Exception e) {
            throw new ParamException("解密失敗");
        }
        if (StringUtils.isBlank(decryptText)) {
            throw new ParamException("解密失敗");
        }
        // 放入解密之后的數(shù)據(jù)
        request.setAttribute(CryptoConstant.INPUT_DECRYPT_DATA, decryptText);
        // 獲取結(jié)果
        Object result = objectMapper.readValue(decryptText, body.getClass());
        // 強(qiáng)制所有實(shí)體類(lèi)必須繼承RequestBase類(lèi)，設(shè)置時(shí)間戳
        if (result instanceof RequestBase) {
            // 獲取時(shí)間戳
            Long currentTimeMillis = ((RequestBase) result).getCurrentTimeMillis();
            // 有效期 60秒
            long effective = 60*1000;
            // 時(shí)間差
            long expire = System.currentTimeMillis() - currentTimeMillis;
            // 是否在有效期內(nèi)
            if (Math.abs(expire) > effective) {
                throw new ParamException("時(shí)間戳不合法");
            }
            // 返回解密之后的數(shù)據(jù)
            return result;
        } else {
            throw new ParamException(String.format("請(qǐng)求參數(shù)類(lèi)型：%s 未繼承：%s", result.getClass().getName(), RequestBase.class.getName()));
        }
    }
    /**
     * 如果body為空，轉(zhuǎn)為空對(duì)象
     * @param body spring解析完的參數(shù)
     * @param inputMessage 輸入?yún)?shù)
     * @param parameter 參數(shù)對(duì)象
     * @param targetType 參數(shù)類(lèi)型
     * @param converterType 消息轉(zhuǎn)換類(lèi)型
     * @return 真實(shí)的參數(shù)
     */
    @SneakyThrows
    @Override
    public Object handleEmptyBody(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
        String typeName = targetType.getTypeName();
        Class<?> bodyClass = Class.forName(typeName);
        return bodyClass.newInstance();
    }
}

crypto-test 代碼結(jié)構(gòu)

在這里插入圖片描述

核心代碼

application.yml 配置文件

spring:
  mvc:
    format:
      date-time: yyyy-MM-dd HH:mm:ss
      date: yyyy-MM-dd
  # 日期格式化
  jackson:
    date-format: yyyy-MM-dd HH:mm:ss
    time-zone: GMT+8
server:
  port: 9999

Teacher 實(shí)體類(lèi)

package com.mry.crypto.entity;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.NoArgsConstructor;
import org.hibernate.validator.constraints.Range;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.NotNull;
import java.io.Serializable;
import java.util.Date;
/**
 * @author
 * @description: Teacher實(shí)體類(lèi)，使用SpringBoot的validation校驗(yàn)
 */
@Data
@NoArgsConstructor
@AllArgsConstructor
@EqualsAndHashCode(callSuper = true)
public class Teacher extends RequestBase implements Serializable {
    @NotBlank(message = "姓名不能為空")
    private String name;
    @NotNull(message = "年齡不能為空")
    @Range(min = 0, max = 150, message = "年齡不合法")
    private Integer age;
    @NotNull(message = "生日不能為空")
    private Date birthday;
}

TestController 測(cè)試Controller

package com.mry.crypto.controller;
import com.mry.crypto.annotation.DecryptionAnnotation;
import com.mry.crypto.annotation.EncryptionAnnotation;
import com.mry.crypto.common.entity.Result;
import com.mry.crypto.common.entity.ResultBuilder;
import com.mry.crypto.entity.Teacher;
import org.springframework.http.ResponseEntity;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
/**
 * @author
 * @description: 測(cè)試Controller
 */
@RestController
public class TestController implements ResultBuilder {
    /**
     * 直接返回對(duì)象，不加密
     * @param teacher Teacher對(duì)象
     * @return 不加密的對(duì)象
     */
    @PostMapping("/get")
    public ResponseEntity<Result<?>> get(@Validated @RequestBody Teacher teacher) {
        return success(teacher);
    }
    /**
     * 返回加密后的數(shù)據(jù)
     * @param teacher Teacher對(duì)象
     * @return 返回加密后的數(shù)據(jù) ResponseBody<Result>格式
     */
    @PostMapping("/encrypt")
    @EncryptionAnnotation
    public ResponseEntity<Result<?>> encrypt(@Validated @RequestBody Teacher teacher) {
        return success(teacher);
    }
    /**
     * 返回加密后的數(shù)據(jù)
     * @param teacher Teacher對(duì)象
     * @return 返回加密后的數(shù)據(jù) Result格式
     */
    @PostMapping("/encrypt1")
    @EncryptionAnnotation
    public Result<?> encrypt1(@Validated @RequestBody Teacher teacher) {
        return success(teacher).getBody();
    }
    /**
     * 返回解密后的數(shù)據(jù)
     * @param teacher Teacher對(duì)象
     * @return 返回解密后的數(shù)據(jù)
     */
    @PostMapping("/decrypt")
    @DecryptionAnnotation
    public ResponseEntity<Result<?>> decrypt(@Validated @RequestBody Teacher teacher) {
        return success(teacher);
    }
}

驗(yàn)證

加密：

在這里插入圖片描述