前端页面:
axios.post("/login2", {
//在data中写入数据
username: "admin",
password: 111111,
}).then(res => {}
自定义拦截器axios
//全局拦截
import axios from "axios";
import Element from 'element-ui'
import store from './store'
import router from './router'
import {JSEncrypt} from "jsencrypt";
import AESECB from "@/common/AESECB";
//提取前缀
axios.defaults.baseURL = "http://localhost:8081"
//前置拦截
axios.interceptors.request.use(config => {
//设置请求的类型
config.headers["Content-Type"] = "application/json"
//加密data数据
config.data = AESECB.Encrypt(JSON.stringify(config.data));
return config
})
//后置拦截
axios.interceptors.response.use(response => {
let res = response.data;
console.log("=====================")
console.log("我是后置拦截", res)
console.log("=====================")
//判断状态码
if (res.code === 200) {
return response
} else {
//提示信息
Element.Message.error(response.data.msg, {duration: 3 * 1000});
//不会进入后面逻辑
return Promise.reject(response.data.msg)
}
}, error => {
//错误信息
console.log(error)
//判断返回数据中data是否有值
if (error.response.data) {
error.message = error.response.data.msg
}
//如果返回是401跳转到登录页面
if (error.response.data.status === 401) {
store.commit("REMOVE_INFO")
router.push("/login3")
}
//提示
Element.Message.error(error.message, {duration: 3 * 1000});
//组织返回
return Promise.reject(error)
})
后端写入java拦截器 2个类
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
@Component
public class AESFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest hsr = (HttpServletRequest) request;
AESRequestWrapper aes_request = new AESRequestWrapper(hsr);
aes_request.setAttribute("body", aes_request.body());
chain.doFilter(aes_request, response);
}
}
import org.apache.commons.io.IOUtils;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.ByteArrayInputStream;
import java.io.IOException;
public class AESRequestWrapper extends HttpServletRequestWrapper {
private String body;
public AESRequestWrapper(HttpServletRequest request) {
super(request);
}
@Override
public ServletInputStream getInputStream() throws IOException {
return new SIS(new ByteArrayInputStream(body.getBytes()));
}
public String body() throws IOException {
try {
//从body中获取data的加密后的值进行解密--这里需要AES或者RSA工具类
body = AES.aesDecrypt(IOUtils.toString(super.getInputStream()), AES.KEY);
} catch (Exception e) {
e.printStackTrace();
}
// body = AESUtil.decrypt(IOUtils.toString(super.getInputStream()));
// body= RSA.decryptByPrivate(IOUtils.toString(super.getInputStream()), Const.privateKey);
return body;
}
class SIS extends ServletInputStream {
private ByteArrayInputStream bais;
public SIS(ByteArrayInputStream bais) {
this.bais = bais;
}
@Override
public boolean isFinished() {
return true;
}
@Override
public boolean isReady() {
return true;
}
@Override
public void setReadListener(ReadListener read_listener) {
}
@Override
public int read() throws IOException {
return bais.read();
}
}
}
这样就实现了自动解密
RSA+AES整合一起用
自定义axios
//前置拦截
axios.interceptors.request.use(config => {
//通过AES加密data数据
//设置请求的类型
config.headers["Content-Type"] = "application/json"
/*---------------我是RSE+AES双重加密的------------*/
//实现RSA
let encryptor = new JSEncrypt() // 新建JSEncrypt对象
//RSA设置加密的方式
encryptor.setPublicKey(store.getters.getPublicKey) // 设置公钥
//加密AES秘钥
const encryptAES = encryptor.encrypt(store.getters.getAESKey);
//把加密的AES秘钥放在请求头里
config.headers["encryptAES"] = encryptAES
//使用AES加密data数据 并且AES秘钥不固定
config.data = AESECB.Encrypt(JSON.stringify(config.data), store.getters.getAESKey);
return config
})
登录页面
methods: {
submitForm(formName) {
this.$refs[formName].validate((valid) => {
if (valid) {
const _this = this
//随机给AES设置值
_this.$store.commit("SET_AESKey", _this.randomPassword(16))
_this.$axios.post("/login2", {
username: _this.ruleForm.username,
password: _this.ruleForm.password,
}).then(res => {
})
}
});
},
//根据长度随机生成key
randomPassword(length) {
length = Number(length)
// Limit length
if (length < 6) {
length = 6
} else if (length > 16) {
length = 16
}
// let passwordArray = ['ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz', '1234567890', '!@#$%&*.'];
let passwordArray = ['ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz', '1234567890', '随便写8位字面或者数字'];
const password = [];
let n = 0;
for (let i = 0; i < length; i++) {
// 如果密码长度小于 9,则所有值随机
if (password.length < (length - 4)) {
// 获取随机密码数组索引
let arrayRandom = Math.floor(Math.random() * 4);
// 获取密码数组值
let passwordItem = passwordArray[arrayRandom];
//获取密码数组值随机索引
// 获取随机真实值
let item = passwordItem[Math.floor(Math.random() * passwordItem.length)];
password.push(item);
} else {
// 如果密码大于9,则根据随机密码索引推入最后4个密码
// 按顺序获取数组值
let newItem = passwordArray[n];
let lastItem = newItem[Math.floor(Math.random() * newItem.length)];
// 获取数组拼接索引
let spliceIndex = Math.floor(Math.random() * password.length);
password.splice(spliceIndex, 0, lastItem);
n++
}
}
return password.join("");
}
}
java后端拦截器
RSAAESFilter
import com.tjw.util.AES;
import com.tjw.util.RSA;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
/**
* 针对于AES加密 Java+vue前后端分离使用
*/
@Component
public class RSAAESFilter implements Filter {
public String key;
/**
* 使用RSE加密ASE密匙不固定 ASE加密表单数据 传给后端
*
* @param request
* @param response
* @param chain
* @throws IOException
* @throws ServletException
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest hsr = (HttpServletRequest) request;
//获取前端加密的
key = hsr.getHeader("encryptAES");
System.out.println("这是没解密的AES秘钥:" + key);
//重新赋值AES秘钥
AES.KEY = RSA.decryptByPrivate(key, RSA.privateKey);
System.out.println("这是在filter里面解密的AES秘钥:" + AES.KEY);
AESRequestWrapper aes_request = new AESRequestWrapper(hsr);
aes_request.setAttribute("body", aes_request.body());
chain.doFilter(aes_request, response);
}
}
RSAAESRequestWrapper
import com.tjw.util.AES;
import org.apache.commons.io.IOUtils;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.ByteArrayInputStream;
import java.io.IOException;
/**
* 针对于AES加密 Java+vue前后端分离使用
*/
public class AESRequestWrapper extends HttpServletRequestWrapper {
private String body;
public AESRequestWrapper(HttpServletRequest request) {
super(request);
}
@Override
public ServletInputStream getInputStream() throws IOException {
return new SIS(new ByteArrayInputStream(body.getBytes()));
}
public String body() throws IOException {
try {
//从body中获取data的加密后的值进行解密
body = AES.aesDecrypt(IOUtils.toString(super.getInputStream()), AES.KEY);
} catch (Exception e) {
e.printStackTrace();
}
// body = AESUtil.decrypt(IOUtils.toString(super.getInputStream()));
// body= RSA.decryptByPrivate(IOUtils.toString(super.getInputStream()), Const.privateKey);
return body;
}
class SIS extends ServletInputStream {
private ByteArrayInputStream bais;
public SIS(ByteArrayInputStream bais) {
this.bais = bais;
}
@Override
public boolean isFinished() {
return true;
}
@Override
public boolean isReady() {
return true;
}
@Override
public void setReadListener(ReadListener read_listener) {
}
@Override
public int read() throws IOException {
return bais.read();
}
}
}