1.通过AOP在每个接口请求之前将前端传来的加密数据进行解密,将解密后的参数通过反射赋值给接口参数上。将接口返回的结果值进行加密返回个前端。
import com.alibaba.fastjson.JSON;
import com.company.project.common.annotations.InterfaceFace;
import com.company.project.common.enums.Constants;
import com.company.project.common.util.AesUtils;
import com.company.project.common.vo.AppInfo;
import com.company.project.common.vo.ResponseVO;
import com.company.project.manage.dto.BaseParam;
import com.company.project.utils.CommonUtils;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.Map;
@Aspect
@Order(2)
@Component
public class AesAspect {
private Logger logger = LoggerFactory.getLogger(AesAspect.class);
@Value("${TOKEN_DES_KEY}")
private String TOKEN_DES_KEY;
//继承了“BaseController”的RestController控制器方法
@Pointcut("@within(org.springframework.web.bind.annotation.RestController) && within(com.company.project.manage.aop.BaseController+)")
public void restControllerMethodPointcut() {
}
@Around("restControllerMethodPointcut()")
public Object Interceptor(ProceedingJoinPoint pjPoint) throws Throwable {
//interfaceFace为空即默认标准设置
InterfaceFace interfaceFace = null;
boolean flag = false;
try {
MethodSignature msig = (MethodSignature) pjPoint.getSignature();
Method pointMethod = pjPoint.getTarget().getClass().getMethod(msig.getName(), msig.getParameterTypes());
interfaceFace = pointMethod.getAnnotation(InterfaceFace.class);//切点方法上获取注解
if (interfaceFace != null && interfaceFace.requestAes()) {
//设置参数加密
flag = processParameter(pjPoint);
}
} catch (Exception e) {
logger.error("请求解析异常:", e);
return CommonUtils.errorResultObj("请求解析异常");
}
Object response = pjPoint.proceed();
if(interfaceFace == null || interfaceFace.standardResult()){
if (!(response instanceof ResponseVO)) {
return CommonUtils.errorResultObj("返回类型异常");
}else{
if (interfaceFace != null && interfaceFace.requestAes() && flag) {
String data = outputParamter(((ResponseVO) response).getData());
((ResponseVO) response).setData(data);
}
}
}
return response;
}
private String outputParamter(Object object){
String resultStr = null;
try {
String jsonString = JSON.toJSONString(object);
logger.debug("[writeInternal]======>返回明文数据:{}" + jsonString);
//对返回数据进行AES加密
resultStr = AesUtils.encrypt(jsonString, Constants.AES.getDesc());
logger.debug("[writeInternal]======>返回加密数据:{}" + resultStr);
} catch (Exception e) {
e.printStackTrace();
logger.error("[writeInternal]======>", e);
}
return resultStr;
}
private boolean processParameter(ProceedingJoinPoint pjPoint) {
try {
String aesParameter = "";
if(pjPoint.getArgs() != null && pjPoint.getArgs().length > 0){
for (Object o : pjPoint.getArgs()) {
if(o != null && o instanceof BaseParam){
if(StringUtils.isNotBlank(((BaseParam) o).getAesData())){
aesParameter = ((BaseParam) o).getAesData();
break;
}
}
}
}
if (StringUtils.isNotBlank(aesParameter)) {
logger.debug("[request请求的]==========>加密数据是:{}", aesParameter);
String decryptParameter = AesUtils.decrypt(aesParameter, Constants.AES.getDesc());
if(StringUtils.isBlank(decryptParameter)){
logger.debug("解密失败");
return false;
}
logger.debug("[decrypt]==========> 解密数据:{}", decryptParameter);
Map<String, Object> map = JSON.parseObject(decryptParameter);
for(Object param : pjPoint.getArgs()){
if(!(param instanceof AppInfo)){
//基类上注入信息
Field[] fields = param.getClass().getDeclaredFields();
for (Field field : fields) {
field.setAccessible(true);
//遍历keyset
for (String s : map.keySet()) {
//如果有属性名和key相同
if (field.getName().equals(s)){
// 将指定对象变量上 此Field对象表示的字段设置为指定的新值。
field.set(param, map.get(s));
}
}
}
//给父类属性赋值
Field[] fieldParents = param.getClass().getSuperclass().getDeclaredFields();
for (Field parentField : fieldParents) {
parentField.setAccessible(true);
//遍历keyset
for (String s : map.keySet()) {
//如果有属性名和key相同
if (parentField.getName().equals(s)){
// 将指定对象变量 此Field对象表示的字段设置为指定的新值。
parentField.set(param, map.get(s));
}
}
}
break;
}
}
return true;
}
} catch (Exception e) {
logger.error("请求参数解密异常:", e);
}
return false;
}
}
2.增加InterfaceFace注解,用于区分哪些接口需要进行加密传参。
import java.lang.annotation.*; @Target({ElementType.PARAMETER, ElementType.METHOD}) @Retention(RetentionPolicy.RUNTIME) @Documented public @interface InterfaceFace { //是否进行身份认证 boolean identityAuth() default true; //是否使用标准请求(要求Header信息) boolean standardRequest() default true; //是否返回标准结果 boolean standardResult() default true; //请求参数和返回结果是否加密 boolean requestAes() default false; }
3.加密工具类
import lombok.AllArgsConstructor; import lombok.Getter; import lombok.ToString; @Getter @ToString @AllArgsConstructor public enum Constants { AES_DATA("aesData","指定参数"), AES("AES_KEY","36CAA1C88F7F8D1D"), IV("AES_IV","31129048100F0494"); private String code; private String desc; }
import com.company.project.common.enums.Constants; import org.bouncycastle.jce.provider.BouncyCastleProvider; import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import javax.validation.constraints.NotNull; import java.security.Security; import java.security.spec.AlgorithmParameterSpec; import java.util.Objects; /** * Describe:AES 加密 * Created by 徐川江 on 2018-08-03 17:47 **/ public class AesUtils { private static final String CHARSET_NAME = "UTF-8"; private static final String AES_NAME = "AES"; private static final String ALGORITHM = "AES/CBC/PKCS7Padding"; private static final String IV = Constants.IV.getDesc(); static { Security.addProvider(new BouncyCastleProvider()); } /** * 加密 */ public static String encrypt(@NotNull String content, @NotNull String key) throws Exception { try { Cipher cipher = Cipher.getInstance(ALGORITHM); SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(CHARSET_NAME), AES_NAME); AlgorithmParameterSpec paramSpec = new IvParameterSpec(IV.getBytes()); cipher.init(Cipher.ENCRYPT_MODE, keySpec, paramSpec); return ParseSystemUtil.parseByte2HexStr(cipher.doFinal(content.getBytes(CHARSET_NAME))); } catch (Exception ex) { ex.printStackTrace(); throw new Exception("加密失败"); } } /** * 解密 */ public static String decrypt(@NotNull String content, @NotNull String key) throws Exception { try { Cipher cipher = Cipher.getInstance(ALGORITHM); SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(CHARSET_NAME), AES_NAME); AlgorithmParameterSpec paramSpec = new IvParameterSpec(IV.getBytes()); cipher.init(Cipher.DECRYPT_MODE, keySpec, paramSpec); return new String(cipher.doFinal(Objects.requireNonNull(ParseSystemUtil.parseHexStr2Byte(content))), CHARSET_NAME); } catch (Exception ex) { throw new Exception("解密失败"); } } }
4.request请求接收到加密参数后,待完善的是参数解密给解密后的json对象赋值给方法上的参数,该参数需要是string类型。