springboot版本 2.4.9
话不多说,直接上代码
代码中的json工具和加密工具均是使用的hutool包中的
依赖
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-all</artifactId>
<version>5.7.11</version>
</dependency>
先来自定义一个注解
@Target({ElementType.METHOD,ElementType.PARAMETER})
@Retention(RetentionPolicy.RUNTIME)
public @interface ParamsAESAnno {
}
使用@Target注解标明此注解能用在方法和参数上面
使用@Retention注解标明此注解作用在运行阶段
然后我们要处理接口参数的话,需要自定义参数解析器,实现springMvc的
HandlerMethodArgumentResolver
@Log4j2
public class AESDecodeResolver implements HandlerMethodArgumentResolver {
/*
秘钥
*/
public static final String KEY = "vhukzevhukze1234";
/*
json参数的key
*/
private static final String NAME = "str";
/**
* 如果接口或者接口参数有解密注解,就解析
*/
@Override
public boolean supportsParameter(MethodParameter parameter) {
return parameter.hasMethodAnnotation((ParamsAESAnno.class)) || parameter.hasParameterAnnotation(ParamsAESAnno.class);
}
@Override
public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer modelAndViewContainer,
NativeWebRequest webRequest, WebDataBinderFactory webDataBinderFactory) throws Exception {
//AES
AES aes = SecureUtil.aes(KEY.getBytes(StandardCharsets.UTF_8));
//如果是实体类参数,把请求参数封装
if (BaseReq.class.isAssignableFrom(parameter.getParameterType())) {
//获取加密的请求数据并解密
String beforeParam = webRequest.getParameter(NAME);
String afterParam = aes.decryptStr(beforeParam, CharsetUtil.CHARSET_UTF_8);
//json转对象 // 这里的return就会把转化过的参数赋给控制器的方法参数
return JSONUtil.toBean(afterParam, parameter.getParameterType());
// 如果是非集合类,就直接解码返回
} else if (!Iterable.class.isAssignableFrom(parameter.getParameterType())) {
String decryptStr = aes.decryptStr(webRequest.getParameter(parameter.getParameterName()), CharsetUtil.CHARSET_UTF_8);
return Integer.class.isAssignableFrom(parameter.getParameterType()) ? Integer.parseInt(decryptStr) : decryptStr;
//如果是集合类
} else {
//获取加密的请求数据并解密
String beforeParam = webRequest.getParameter(NAME);
String afterParam = aes.decryptStr(beforeParam, CharsetUtil.CHARSET_UTF_8);
//转成对象数组
JSONArray jsonArray = JSONUtil.parseArray(afterParam);
return jsonArray.stream()
.map(json -> JSONUtil.toBean(json.toString(), parameter.getParameterType()))
.collect(Collectors.toList());
}
}
}
但是现在post请求都是用json提交,不用表单提交了,如果是json提交的话,改成下面这样
import cn.hutool.core.util.CharsetUtil;
import cn.hutool.crypto.symmetric.AES;
import cn.hutool.json.JSONArray;
import cn.hutool.json.JSONUtil;
import com.gt.SPYZT.annotation.ParamsAESAnno;
import com.gt.SPYZT.entity.dto.BaseReq;
import com.gt.SPYZT.utils.AESUtil;
import lombok.extern.log4j.Log4j2;
import org.springframework.core.MethodParameter;
import org.springframework.web.bind.support.WebDataBinderFactory;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.Arrays;
import java.util.stream.Collectors;
/**
* 解析加密注解
*
* @author vhukze
* @date 2021/9/8 11:14
*/
@Log4j2
public class AESDecodeResolver implements HandlerMethodArgumentResolver {
/*
json参数的key
*/
private static final String NAME = "str";
/**
* 如果接口或者接口参数有解密注解,就解析
*/
@Override
public boolean supportsParameter(MethodParameter parameter) {
return parameter.hasMethodAnnotation((ParamsAESAnno.class)) || parameter.hasParameterAnnotation(ParamsAESAnno.class);
}
@Override
public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer modelAndViewContainer,
NativeWebRequest webRequest, WebDataBinderFactory webDataBinderFactory) throws IOException {
//aes
AES aes = AESUtil.aes;
//获取post请求的json数据
HttpServletRequest request = (HttpServletRequest) webRequest.getNativeRequest();
int contentLength = request.getContentLength();
if (contentLength < 0) {
return null;
}
byte[] buffer = new byte[contentLength];
for (int i = 0; i < contentLength; ) {
int readlen = request.getInputStream().read(buffer, i,
contentLength - i);
if (readlen == -1) {
break;
}
i += readlen;
}
String str = new String(buffer,CharsetUtil.CHARSET_UTF_8);
StringBuilder sb = new StringBuilder();
for (char c : str.toCharArray()) {
//去掉json中的空格 换行符 制表符
if(c != 32 && c != 13 && c != 10){
sb.append(c);
}
}
//如果是实体类参数,把请求参数封装
if (BaseReq.class.isAssignableFrom(parameter.getParameterType())) {
//获取加密的请求数据并解密
// String beforeParam = webRequest.getParameter(NAME);
String afterParam = aes.decryptStr(JSONUtil.parseObj(sb.toString()).get(NAME).toString(), CharsetUtil.CHARSET_UTF_8);
//json转对象 // 这里的return就会把转化过的参数赋给控制器的方法参数
return JSONUtil.toBean(afterParam, parameter.getParameterType());
// 如果是非集合类,就直接解码返回
} else if (!Iterable.class.isAssignableFrom(parameter.getParameterType())) {
String decryptStr = aes.decryptStr(webRequest.getParameter(parameter.getParameterName()), CharsetUtil.CHARSET_UTF_8);
return Integer.class.isAssignableFrom(parameter.getParameterType()) ? Integer.parseInt(decryptStr) : decryptStr;
//如果是集合类
} else if(Iterable.class.isAssignableFrom(parameter.getParameterType())){
//获取加密的请求数据并解密
// String beforeParam = webRequest.getParameter(NAME);
String afterParam = aes.decryptStr(sb.toString(), CharsetUtil.CHARSET_UTF_8);
//转成对象数组
JSONArray jsonArray = JSONUtil.parseArray(afterParam);
return jsonArray.stream()
.map(json -> JSONUtil.toBean(JSONUtil.parseObj(sb.toString()).get(NAME).toString(), parameter.getParameterType()))
.collect(Collectors.toList());
}
return null;
}
}
注册自定义解析器
@Configuration
public class WebConfig extends WebMvcConfigurationSupport {
//region 注册自定义HandlerMethodArgumentResolver
@Override
public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers) {
resolvers.add(aesDecodeResolver());
}
@Bean
public AESDecodeResolver aesDecodeResolver() {
return new AESDecodeResolver();
}
//endregion
}
接下来就可以直接使用注解了
@RestController
@RequestMapping("test")
public class TestController {
@ParamsAESAnno
@GetMapping
public RestfulResp<?> test(String str,Integer type) {
return new RestfulResp<>().success();
}
@ParamsAESAnno
@PostMapping("json")
public RestfulResp<?> jsonTest(BaseReq baseReq){
return new RestfulResp<>().success();
}
@ParamsAESAnno
@PostMapping("jsonList")
public RestfulResp<?> jsonTest(List<BaseReq> list){
return new RestfulResp<>().success();
}
}
效果图就不贴了,测试没有问题
如果想使用Validation包里面注解校验参数,请看我的另一篇博文:
本文参考博文:SpringBoot使用自定义注解实现简单参数加密解密(注解+HandlerMethodArgumentResolver) - yellowgg - 博客园