import com.simtoo.util.AesUtil;
import com.simtoo.util.Base64Utils;
import com.simtoo.util.Md5Util;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.bind.annotation.RequestMethod;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.Principal;
import java.util.*;
/**
* @author Administrator
*/
@Slf4j
public class TokenRequestWrapper extends HttpServletRequestWrapper {
public HttpServletRequest originalRequest;
public Map decryptParameterMap;
public boolean isOk;
TokenRequestWrapper(HttpServletRequest request) {
super(request);
// 请求方法
String method = request.getMethod();
// 获取请求的输入流
// 请求地址
log.info(String.format("%s >>> %s", request.getMethod(), request.getRequestURL().toString()));
try {
if (RequestMethod.GET.name().equals(method)) {
/*data = request.getParameter("data");
data = decode(data);
// 验证签名
if (isVerfiy(data)) {
final String s = removeSignAndTimestamp(data);
addFormData(s, request, ctx);
return null;
}*/
} else if (RequestMethod.POST.name().equals(method)) {
originalRequest = request;
decryptParameterMap = new HashMap();
try {
request.setCharacterEncoding("UTF-8");
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
Map<String, String[]> properties = request.getParameterMap();
Map<String, String> returnMap = new HashMap<String, String>();
Iterator<Map.Entry<String, String[]>> entries = properties.entrySet().iterator();
Map.Entry<String, String[]> entry;
//String key = "";
String value = "";
while (entries.hasNext()) {
entry = (Map.Entry<String, String[]>) entries.next();
//key = (String) entry.getKey();
Object valueObj = entry.getValue();
if (null == valueObj) {
value = "";
} else if (valueObj instanceof String[]) {
String[] values = (String[]) valueObj;
for (int i = 0; i < values.length; i++) {
value = values[i] + ",";
}
value = value.substring(0, value.length() - 1);
//在这里给参数解密
value = value.replace("data=", "");
value = decode(value);
if (!isVerfiy(value)) {
isOk = false;
return;
}
if (("null").equals(value)) {
value = "";
}
} else {
value = valueObj.toString();
}
returnMap = formToIdentityHashMap(value);
}
isOk = true;
decryptParameterMap.putAll(returnMap);
}
}catch (Exception e){
isOk = false;
e.printStackTrace();
}
}
/**
* 解密
*
* @param data 请求数据密文
* @return --
*/
private String decode(String data) {
try {
// 先进行url解码
data = java.net.URLDecoder.decode(data, "UTF-8");
// 移除加密数据里面的换行符
data = data.replaceAll("[\\s*\t\n\r]", "");
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
// 解码:
String data1 = Base64Utils.decryptBase64(data);
// 解密
data1 = AesUtil.decryptFromBase64(data1, AesUtil.KEY);
log.info("解密数据是:" + data1);
return data1;
}
/**
* 表单数据转IdentityHashMap
* IdentityHashMap 可以转 重复key的数据
*
* @param data 表单数据
* @return --
*/
private static IdentityHashMap<String, String> formToIdentityHashMap(String data) {
IdentityHashMap<String, String> map = new IdentityHashMap<>();
final String[] keyAndValue = data.split("&");
for (String s : keyAndValue) {
final String[] split = s.split("=");
if (2==split.length){
map.put(new String(split[0]), split[1]);
}
}
return map;
}
/**
* 验证签名
*
* @param data 签名数据
* @return --
*/
private boolean isVerfiy(String data) {
// 签名的键值对 sign
final String substring = data.substring(data.indexOf("&sign=") + 1);
final String[] split2 = substring.split("=");
// 获取签名值:
String sign = split2[1];
//移除签名字段和签名值
String data1 = data.replace("&" + substring, "");
final String newSign = Md5Util.getMd5Str(data1 + Md5Util.MD5_KEY);
// 获取时间戳
final String substring1 = data1.substring(data1.indexOf("×tamp=") + 1);
final String[] split3 = substring1.split("=");
// 时间戳值:
String timestamp = split3[1];
if (ifTimestamp(Long.valueOf(timestamp))) {
return false;
}
int indexType = data1.indexOf("&reqType=") + 1;
final String substring4 = data1.substring(indexType,indexType+9);
final String[] split4 = substring4.split("=");
// 验证签名
return sign.equals(newSign);
}
/**
* 判断签名时间
*
* @param timestamp 请求时间戳,毫秒
* @return true, 超过有效时间,false:有效范围内
*/
private static boolean ifTimestamp(Long timestamp) {
// 验证时间,时间范围在一天,毫秒
Long validTime = 864000L;
// 一天,签名有效时间,验证签名有效时间,单位毫秒
final Long nowTime = System.currentTimeMillis() / 1000;
// 绝对值,一定要取绝对值,如果请求的时间戳大于当前时间戳,那么得到的是负数,
final Long l1 = Math.abs((nowTime - timestamp));
return l1 > validTime;
}
@Override
public Object getAttribute(String s) {
return originalRequest.getAttribute(s);
}
@Override
public Enumeration getAttributeNames() {
return originalRequest.getAttributeNames();
}
@Override
public String getCharacterEncoding() {
return originalRequest.getCharacterEncoding();
}
@Override
public void setCharacterEncoding(String s)
throws UnsupportedEncodingException {
originalRequest.setCharacterEncoding(s);
}
@Override
public int getContentLength() {
return originalRequest.getContentLength();
}
@Override
public long getContentLengthLong() {
return originalRequest.getContentLengthLong();
}
@Override
public String getContentType() {
return originalRequest.getContentType();
}
@Override
public ServletInputStream getInputStream()
throws IOException {
return originalRequest.getInputStream();
}
@Override
public String getParameter(String s) {
// 返回解密后的参数
return String.valueOf(decryptParameterMap.get(s));
}
@Override
public Enumeration getParameterNames() {
// 这里是通过实体类注入参数
return Collections.enumeration(decryptParameterMap.keySet());
}
@Override
public String[] getParameterValues(String s) {
// 这里是注入参数
Object o = decryptParameterMap.get(s);
if (o == null) {
return null;
} else {
return new String[]{String.valueOf(o)};
}
}
@Override
public Map getParameterMap() {
return originalRequest.getParameterMap();
}
@Override
public String getProtocol() {
return originalRequest.getProtocol();
}
@Override
public String getScheme() {
return originalRequest.getScheme();
}
@Override
public String getServerName() {
return originalRequest.getServerName();
}
@Override
public int getServerPort() {
return originalRequest.getServerPort();
}
@Override
public BufferedReader getReader()
throws IOException {
return originalRequest.getReader();
}
@Override
public String getRemoteAddr() {
return originalRequest.getRemoteAddr();
}
@Override
public String getRemoteHost() {
return originalRequest.getRemoteHost();
}
@Override
public void setAttribute(String s, Object obj) {
originalRequest.setAttribute(s, obj);
}
@Override
public void removeAttribute(String s) {
originalRequest.removeAttribute(s);
}
@Override
public Locale getLocale() {
return originalRequest.getLocale();
}
@Override
public Enumeration<Locale> getLocales() {
return originalRequest.getLocales();
}
@Override
public boolean isSecure() {
return originalRequest.isSecure();
}
@Override
public RequestDispatcher getRequestDispatcher(String s) {
return originalRequest.getRequestDispatcher(s);
}
@Override
public String getRealPath(String s) {
return originalRequest.getRealPath(s);
}
@Override
public int getRemotePort() {
return originalRequest.getRemotePort();
}
@Override
public String getLocalName() {
return originalRequest.getLocalName();
}
@Override
public String getLocalAddr() {
return originalRequest.getLocalAddr();
}
@Override
public int getLocalPort() {
return originalRequest.getLocalPort();
}
@Override
public ServletContext getServletContext() {
return originalRequest.getServletContext();
}
@Override
public AsyncContext startAsync()
throws IllegalStateException {
return originalRequest.startAsync();
}
@Override
public AsyncContext startAsync(ServletRequest servletrequest, ServletResponse servletresponse)
throws IllegalStateException {
return originalRequest.startAsync(servletrequest, servletresponse);
}
@Override
public boolean isAsyncStarted() {
return originalRequest.isAsyncStarted();
}
@Override
public boolean isAsyncSupported() {
return originalRequest.isAsyncSupported();
}
@Override
public AsyncContext getAsyncContext() {
return originalRequest.getAsyncContext();
}
@Override
public DispatcherType getDispatcherType() {
return originalRequest.getDispatcherType();
}
@Override
public boolean authenticate(HttpServletResponse httpservletresponse)
throws IOException, ServletException {
return originalRequest.authenticate(httpservletresponse);
}
@Override
public String changeSessionId() {
return originalRequest.changeSessionId();
}
@Override
public String getAuthType() {
return originalRequest.getAuthType();
}
@Override
public String getContextPath() {
return originalRequest.getContextPath();
}
@Override
public Cookie[] getCookies() {
return originalRequest.getCookies();
}
@Override
public long getDateHeader(String s) {
return originalRequest.getDateHeader(s);
}
@Override
public String getHeader(String s) {
return originalRequest.getHeader(s);
}
@Override
public Enumeration getHeaderNames() {
return originalRequest.getHeaderNames();
}
@Override
public Enumeration getHeaders(String s) {
return originalRequest.getHeaders(s);
}
@Override
public int getIntHeader(String s) {
return originalRequest.getIntHeader(s);
}
@Override
public String getMethod() {
return originalRequest.getMethod();
}
@Override
public Part getPart(String s)
throws IOException, ServletException {
return originalRequest.getPart(s);
}
@Override
public Collection<Part> getParts() throws IOException, ServletException {
return originalRequest.getParts();
}
@Override
public String getPathInfo() {
return originalRequest.getPathInfo();
}
@Override
public String getPathTranslated() {
return originalRequest.getPathTranslated();
}
@Override
public String getQueryString() {
return originalRequest.getQueryString();
}
@Override
public String getRemoteUser() {
return originalRequest.getRemoteUser();
}
@Override
public String getRequestURI() {
return originalRequest.getRequestURI();
}
@Override
public StringBuffer getRequestURL() {
return originalRequest.getRequestURL();
}
@Override
public String getRequestedSessionId() {
return originalRequest.getRequestedSessionId();
}
@Override
public String getServletPath() {
return originalRequest.getServletPath();
}
@Override
public HttpSession getSession() {
return originalRequest.getSession();
}
@Override
public HttpSession getSession(boolean flag) {
return originalRequest.getSession(flag);
}
@Override
public Principal getUserPrincipal() {
return originalRequest.getUserPrincipal();
}
@Override
public boolean isRequestedSessionIdFromCookie() {
return originalRequest.isRequestedSessionIdFromCookie();
}
@Override
public boolean isRequestedSessionIdFromURL() {
return originalRequest.isRequestedSessionIdFromURL();
}
@Override
public boolean isRequestedSessionIdFromUrl() {
return originalRequest.isRequestedSessionIdFromUrl();
}
@Override
public boolean isRequestedSessionIdValid() {
return originalRequest.isRequestedSessionIdValid();
}
@Override
public boolean isUserInRole(String s) {
return originalRequest.isUserInRole(s);
}
@Override
public void login(String s, String s1) throws ServletException {
originalRequest.login(s, s1);
}
@Override
public void logout() throws ServletException {
originalRequest.logout();
}
@Override
public <T extends HttpUpgradeHandler> T upgrade(Class<T> class1) throws IOException, ServletException {
return originalRequest.upgrade(class1);
}
}
import com.fasterxml.jackson.databind.ObjectMapper;
import com.simtoo.common.ResponseCode;
import com.simtoo.common.ServerResponse;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
/**
* @ClassName ControllerFileter
* @Description 介绍
* @Author hh
* @Date 2019/11/13 0013 14:50
* @Version 1.0
**/
@WebFilter(urlPatterns = "/*")
public class ControllerFileter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
TokenRequestWrapper tokenRequestWrapper = new TokenRequestWrapper((HttpServletRequest) servletRequest);
if (tokenRequestWrapper.isOk) {
filterChain.doFilter(tokenRequestWrapper, servletResponse);
}else{
ObjectMapper mapper = new ObjectMapper();
servletResponse.setContentType("application/json;charset=utf-8");
mapper.writeValue(servletResponse.getOutputStream(),
ServerResponse.cretateByErrorCodeMessage(ResponseCode.SERVER_ERROR.getCode(),ResponseCode.SERVER_ERROR.getDesc())
);
}
}
}