日本免费高清视频-国产福利视频导航-黄色在线播放国产-天天操天天操天天操天天操|www.shdianci.com

學(xué)無先后,達者為師

網(wǎng)站首頁 編程語言 正文

Api接口Sign簽名和驗簽

作者:weixin_42180332 更新時間: 2022-06-08 編程語言

采用Sign =MD5(app_id , app_secret+timestamp+api排序參數(shù))?

請求必帶參數(shù) version+app_id+timestamp+sign

前端請求為Json體

package com.hero.common.utils.signature;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.*;
import java.nio.charset.Charset;

/**
 * 保存過濾器里面的流
 */
public class BodyReaderHttpServletRequestWrapper extends HttpServletRequestWrapper {

    private final byte[] body;

    public BodyReaderHttpServletRequestWrapper(HttpServletRequest request) {

        super(request);
        String sessionStream = getBodyString(request);
        body = sessionStream.getBytes(Charset.forName("UTF-8"));
    }

    /**
     * 獲取請求Body
     *
     * @param request
     * @return
     */
    public String getBodyString(final ServletRequest request) {

        StringBuilder sb = new StringBuilder();
        try (
                InputStream inputStream = cloneInputStream(request.getInputStream());
                BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream, Charset.forName("UTF-8")))
        ) {
            String line;
            while ((line = reader.readLine()) != null) {
                sb.append(line);
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
        return sb.toString();
    }

    /**
     * Description: 復(fù)制輸入流</br>
     *
     * @param inputStream
     * @return</br>
     */
    public InputStream cloneInputStream(ServletInputStream inputStream) {

        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] buffer = new byte[1024];
        int len;
        try {
            while ((len = inputStream.read(buffer)) > -1) {
                byteArrayOutputStream.write(buffer, 0, len);
            }
            byteArrayOutputStream.flush();
        } catch (IOException e) {
            e.printStackTrace();
        }
        return new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
    }

    @Override
    public BufferedReader getReader() {

        return new BufferedReader(new InputStreamReader(getInputStream()));
    }

    @Override
    public ServletInputStream getInputStream() {

        final ByteArrayInputStream bais = new ByteArrayInputStream(body);
        return new ServletInputStream() {

            @Override
            public int read() {

                return bais.read();
            }

            @Override
            public boolean isFinished() {

                return false;
            }

            @Override
            public boolean isReady() {

                return false;
            }

            @Override
            public void setReadListener(ReadListener readListener) {

            }
        };
    }
}
package com.hero.common.utils.signature;
import com.alibaba.fastjson.JSONObject;
import org.springframework.http.HttpMethod;

import javax.servlet.http.HttpServletRequest;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.HashMap;
import java.util.Map;
import java.util.SortedMap;
import java.util.TreeMap;

/**
 * http 工具類 獲取請求中的參數(shù)
 */
public class HttpUtils {
    /**
     * 將URL的參數(shù)和body參數(shù)合并
     * @author show
     * @date 14:24 2019/5/29
     * @param request
     */
    public static SortedMap<String, String> getAllParams(HttpServletRequest request) throws IOException {

        SortedMap<String, String> result = new TreeMap<>();
        //獲取URL上的參數(shù)
        Map<String, String> urlParams = getUrlParams(request);
        for (Map.Entry entry : urlParams.entrySet()) {
            result.put((String) entry.getKey(), (String) entry.getValue());
        }
        Map<String, String> allRequestParam = new HashMap<>(16);
        // get請求不需要拿body參數(shù)
        if (!HttpMethod.GET.name().equals(request.getMethod())) {
            allRequestParam = getAllRequestParam(request);
        }
        //將URL的參數(shù)和body參數(shù)進行合并
        if (allRequestParam != null) {
            for (Map.Entry entry : allRequestParam.entrySet()) {
                result.put(String.valueOf(entry.getKey()) ,  String.valueOf(entry.getValue()));
            }
        }
        return result;
    }

    /**
     * 獲取 Body 參數(shù)
     * @author show
     * @date 15:04 2019/5/30
     * @param request
     */
    public static Map<String, String> getAllRequestParam(final HttpServletRequest request) throws IOException {

        BufferedReader reader = new BufferedReader(new InputStreamReader(request.getInputStream()));
        String str = "";
        StringBuilder wholeStr = new StringBuilder();
        //一行一行的讀取body體里面的內(nèi)容;
        while ((str = reader.readLine()) != null) {
            wholeStr.append(str);
        }
        //轉(zhuǎn)化成json對象
        return JSONObject.parseObject(wholeStr.toString(), Map.class);
    }

    /**
     * 將URL請求參數(shù)轉(zhuǎn)換成Map
     * @author show
     * @param request
     */
    public static Map<String, String> getUrlParams(HttpServletRequest request) {

        String param = "";
        try {
            param = URLDecoder.decode(request.getQueryString(), "utf-8");
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
        Map<String, String> result = new HashMap<>(16);
        String[] params = param.split("&");
        for (String s : params) {
            int index = s.indexOf("=");
            result.put(s.substring(0, index), s.substring(index + 1));
        }
        return result;
    }
}
package com.hero.common.utils.signature;

import com.alibaba.fastjson.JSONObject;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Component;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.SortedMap;

/**
 * 簽名過濾器
 */
@Slf4j
@Component
public class SignAuthFilter implements Filter {
    static final String FAVICON = "/favicon.ico";

    @Override
    public void init(FilterConfig filterConfig) {

        log.info("初始化 SignAuthFilter");
    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {

        HttpServletResponse response = (HttpServletResponse) res;
        // 防止流讀取一次后就沒有了, 所以需要將流繼續(xù)寫出去
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletRequest requestWrapper = new BodyReaderHttpServletRequestWrapper(request);
        //獲取圖標(biāo)不需要驗證簽名
        if (FAVICON.equals(requestWrapper.getRequestURI())) {
            chain.doFilter(request, response);
        } else {
            //獲取全部參數(shù)(包括URL和body上的)
            SortedMap<String, String> allParams = HttpUtils.getAllParams(requestWrapper);
            //對參數(shù)進行簽名驗證
            boolean isSigned = SignUtil.verifySign(allParams);
            if (isSigned) {
                log.info("簽名通過");
                chain.doFilter(request, response);
            } else {
                log.info("參數(shù)校驗出錯");
                //校驗失敗返回前端
                response.setCharacterEncoding("UTF-8");
                response.setContentType("application/json; charset=utf-8");
                PrintWriter out = response.getWriter();
                JSONObject resParam = new JSONObject();
                resParam.put("msg", "參數(shù)校驗出錯");
                resParam.put("success", "false");
                out.append(resParam.toJSONString());
            }
        }
    }

    @Override
    public void destroy() {

        log.info("銷毀 SignAuthFilter");
    }
}
package com.hero.common.utils.signature;

import com.alibaba.fastjson.JSONObject;
import lombok.extern.slf4j.Slf4j;
import org.springframework.util.DigestUtils;
import org.springframework.util.StringUtils;

import java.util.SortedMap;

/**
 * 簽名工具類
 */
@Slf4j
public class SignUtil {
    static final  String app_id="hero";
    static final String app_secret="ceshi";
    /**
     * @param params 所有的請求參數(shù)都會在這里進行排序加密
     * @return 驗證簽名結(jié)果
     */
    public static boolean verifySign(SortedMap<String, String> params) {

        String urlSign = params.get("sign");
        String urlTimestamp=params.get("timestamp");//獲取時間戳
        log.info("Url Sign : {}", urlSign);
        if (params == null || StringUtils.isEmpty(urlSign)) {
            return false;
        }
        //把參數(shù)加密
        String paramsSign = getParamsSign(params,urlTimestamp,app_id,app_secret);
        log.info("Param Sign : {}", paramsSign);
        return !StringUtils.isEmpty(paramsSign) && urlSign.equals(paramsSign);
    }

    /**
     * @param params 所有的請求參數(shù)都會在這里進行排序加密
     * @return 得到簽名
     */
    public static String getParamsSign(SortedMap<String, String> params,String urlTimestamp,String app_id,String app_secret) {
         //要先去掉 Url 里的 Sign
        params.remove("sign");
        Set<Map.Entry<String, String>> entries = params.entrySet();
        Iterator<Map.Entry<String, String>> iterator = entries.iterator();

        StringBuilder valueStr = new StringBuilder();
        valueStr.append(app_id);
        valueStr.append(urlTimestamp);
        valueStr.append(app_secret);
        while (iterator.hasNext()) {
            Map.Entry<String, String> entry = iterator.next();
            // 簽名結(jié)果字段不處理
            if (org.apache.commons.lang3.StringUtils.equalsAnyIgnoreCase(entry.getKey(), new String[]{"sign", "appId", "timestamp"})) {
                continue;
            }
            String value = org.apache.commons.lang3.StringUtils.trimToEmpty(entry.getValue());
            log.info("value={}", value);
            if (value == null) {
                value = "";
            }
            if (org.apache.commons.lang3.StringUtils.isNotEmpty(value)) {
                valueStr.append(value);
            }
        }

        String md5Result = md5FromString(valueStr.toString()).toUpperCase();
        log.info("MD5結(jié)果數(shù)據(jù)={}, 待MD5源數(shù)據(jù)={},待加密對象={}", md5Result, valueStr, JSON.toJSONString(params));
        return md5Result;
    }
}
package com.hero.common.utils.signature;

import com.alibaba.fastjson.JSON;
import org.apache.commons.beanutils.BeanUtils;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.io.UnsupportedEncodingException;
import java.util.*;

/**
 * 
 *
 * @author yaotao
 */
public class MD5Utils {
    private final static Logger LOG = LoggerFactory.getLogger(MD5Utils.class);

   
    /**
     * MD5簽名
     *
     * @param data
     * @return
     */
    public static String md5FromString(final String data) {
        try {
            return DigestUtils.md5Hex(data.getBytes("UTF-8"));
        } catch (UnsupportedEncodingException e) {
            LOG.error("Md5Util exception: data=" + data, e);
            throw new RuntimeException("Md5Util exception: data=" + data);
        }
    }

}

Spring攔截器配置

在filter攔截器添加注解

@WebFilter(urlPatterns={"/api/*"})對指定url進行攔截 @Component是對所有請求進行攔截

在啟動類添加注解

@ServletComponentScan

原文鏈接:https://blog.csdn.net/weixin_42180332/article/details/106789721

欄目分類
最近更新