日本免费高清视频-国产福利视频导航-黄色在线播放国产-天天操天天操天天操天天操|www.shdianci.com

學無先后,達者為師

網站首頁 編程語言 正文

Springboot實現接口傳輸加解密

作者:qq243920161 更新時間: 2024-03-21 編程語言

前言

先給大家看下效果,原本我們的請求是這樣子的

?加密后的數據傳輸是這樣子的

如果這是你想要的效果,那么請繼續往下看

加解密步驟:

1.前端請求前進行加密,然后發送到后端

2.后端收到請求后解密

3.后端返回數據前進行加密

4.前端拿到加密串后,解密數據

加解密算法:

本文用的是國密算法作為參考,當然大家也可以用其它算法進行加解密

國密算法加解密可參照:java/vue使用國密sm2進行數據加密_vue sm2_qq243920161的博客-CSDN博客java/vue使用國密sm2https://blog.csdn.net/qq243920161/article/details/127865091

一、前端請求前進行加密,然后發送到后端

import axios from 'axios';
import { sm2 } from 'sm-crypto';

axios.interceptors.request.use(config => {
	// form-data傳參方式不加密
	if (config.headers['Content-Type'] === 'application/x-www-form-urlencoded') {
		return;
	}

	// 非body方式傳參,不加密
	if (config.data) {
		return;
	}

	// 使用國密算法進行加密
	let encryptData = sm2.doEncrypt(JSON.stringify(config.data), '加密公鑰,請提前生成好');
	config.data = {
		data: encryptData
	}
});

以上代碼使用了axios攔截器,對所有請求進行攔截,攔截器里,使用config.data獲取到請求的body進行加密,加密后,把加密后的數據重新賦值到config.data,sm-crypto是國密算法的依賴,使用前npm install?sm-crypto即可

請確保config.data是一個對象或者數組,不要是一個字符串,否則后端獲取body時會失敗

加密成功后,從network就能看到加密的數據了

二、后端收到請求后解密

這里有兩個類直接復制粘貼即可,一個是RequestWrapper,這個類是用來讀取body的,一個是BodyRequestWrapper,這個類是用來解密后,將解密后的數據封裝到request,供Controller層使用,這里直接上代碼了

import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.*;


/**
 * 用來讀取body
 */
public class RequestWrapper extends HttpServletRequestWrapper {
    private final String body;

    public RequestWrapper(HttpServletRequest request) {
        super(request);
        StringBuilder stringBuilder = new StringBuilder();
        BufferedReader bufferedReader = null;
        InputStream inputStream = null;
        try {
            inputStream = request.getInputStream();
            if (inputStream != null) {
                bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
                char[] charBuffer = new char[128];
                int bytesRead = -1;
                while ((bytesRead = bufferedReader.read(charBuffer)) > 0) {
                    stringBuilder.append(charBuffer, 0, bytesRead);
                }
            } else {
                stringBuilder.append("");
            }
        } catch (IOException ex) {

        } finally {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
        }
        body = stringBuilder.toString();
    }

    @Override
    public ServletInputStream getInputStream() throws IOException {
        final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(body.getBytes());
        ServletInputStream servletInputStream = new ServletInputStream() {
            @Override
            public boolean isFinished() {
                return false;
            }

            @Override
            public boolean isReady() {
                return false;
            }

            @Override
            public void setReadListener(ReadListener readListener) {
            }

            @Override
            public int read() throws IOException {
                return byteArrayInputStream.read();
            }
        };
        return servletInputStream;

    }

    @Override
    public BufferedReader getReader() throws IOException {
        return new BufferedReader(new InputStreamReader(this.getInputStream()));
    }

    public String getBody() {
        return this.body;
    }
}

import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;

/**
 * 用來重新封裝request
 */
public class BodyRequestWrapper extends HttpServletRequestWrapper {

    /**
     * 存放JSON數據主體
     */
    private String body;

    public BodyRequestWrapper(HttpServletRequest request, String context) {
        super(request);
        body = context;
    }

    @Override
    public ServletInputStream getInputStream() throws IOException {
        final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(body.getBytes("UTF-8"));
        return new ServletInputStream() {
            @Override
            public int read() throws IOException {
                return byteArrayInputStream.read();
            }

            @Override
            public boolean isFinished() {
                return false;
            }

            @Override
            public boolean isReady() {
                return false;
            }

            @Override
            public void setReadListener(ReadListener listener) {

            }
        };
    }

    @Override
    public BufferedReader getReader() throws IOException {
        return new BufferedReader(new InputStreamReader(this.getInputStream()));
    }
}

然后我們需要寫一個請求過濾器,繼承Filter,對所有請求接口進行過濾

import com.alibaba.fastjson2.JSON;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;

import javax.annotation.Resource;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;

/**
 * 請求加解密過濾器
 *
 * @author 猴哥
 */
@Component
public class RequestHandler implements Filter {
	/**
	 * 進行請求加密
	 */
	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
		// form-data不校驗
		if ("application/x-www-form-urlencoded".equals(request.getContentType())) {
			chain.doFilter(request, response);
			return;
		}

		// 拿到加密串
		String data = new RequestWrapper((HttpServletRequest) request).getBody();
		if (StringUtils.isEmpty(data)) {
			chain.doFilter(request, response);
			return;
		}

		// 解析
		String body = Sm2Util.decrypt("解密私鑰", data);
		request = new BodyRequestWrapper((HttpServletRequest) request, body);
		chain.doFilter(request, response);
	}
}

Sm2Util是國密的解密方式,工具類在之前分享的帖子里有,當然,大家可以用自己喜歡的方式進行加解密

java/vue使用國密sm2進行數據加密_vue sm2_qq243920161的博客-CSDN博客java/vue使用國密sm2https://blog.csdn.net/qq243920161/article/details/127865091

這樣就能拿到加密串了

但是有個問題就是,這樣寫的話,所有請求都會走Filter,但是我們只想讓部分請求走Filter怎么辦呢,寫一個配置類就可以了,這樣就可以將url進行過濾

import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

/**
 * @author 猴哥
 */
@Configuration
public class EncryptionConfiguration {
	/**
	 * 過濾器配置
	 */
	@Bean
	public FilterRegistrationBean<RequestHandler> filterRegistration(RequestHandler requestHandler) {
		FilterRegistrationBean<RequestHandler> registration = new FilterRegistrationBean<>();
		registration.setFilter(requestHandler);
		registration.addUrlPatterns("/plugin/*");
		registration.setName("encryptionFilter");
		//設置優先級別
		registration.setOrder(1);
		return registration;
	}
}

以上代碼就是將/plugin開頭的url進行攔截,代碼不難,就不用過多解釋了吧

三、后端返回數據前進行加密

代碼如下

import com.alibaba.fastjson.JSON;
import org.springframework.core.MethodParameter;
import org.springframework.http.MediaType;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.server.ServerHttpRequest;
import org.springframework.http.server.ServerHttpResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;

import javax.annotation.Resource;
import java.util.ArrayList;
import java.util.List;

/**
 * 響應加解密攔截器
 *
 * @author 猴哥
 */
@Component
@ControllerAdvice
public class ResponseHandler implements ResponseBodyAdvice<Object> {
	/**
	 * 返回true,才會走beforeBodyWrite方法
	 */
	@Override
	public boolean supports(MethodParameter methodParameter, Class<? extends HttpMessageConverter<?>> aClass) {
		return true;
	}

	/**
	 * 響應加密
	 */
	@Override
	public Object beforeBodyWrite(Object body, MethodParameter methodParameter, MediaType mediaType, Class<? extends HttpMessageConverter<?>> aClass, ServerHttpRequest request, ServerHttpResponse serverHttpResponse) {
		// 拿到響應的數據
		String json = JSON.toJSONString(body);
		// 進行加密
		return Sm2Util.encrypt("加密公鑰", json);
	}
}

前端即可拿到這樣一個加密數據

四、前端拿到加密串后,解密數據

需要再axios中添加一個響應攔截器,代碼如下

import axios from 'axios';
import { sm2 } from 'sm-crypto';

// 響應攔截器
axios.interceptors.response.use(res => {
	res.data = JSON.parse(sm2.doDecrypt(res.data, '解密私鑰'));
	console.log('解密出來的數據', res.data);
});

打印如圖所示

原文鏈接:https://blog.csdn.net/qq243920161/article/details/131261863

  • 上一篇:沒有了
  • 下一篇:沒有了
欄目分類
最近更新