模拟项目中使用RequestBodyAdvice对前端传入的数据进行解密(入参),请求成功之后使用ResponseBodyAdvice对返回值进行加密处理
注意点:分别需要实现接口
RequestBodyAdvice 和 ResponseBodyAdvice,需要配合注解@ControllerAdvice使用
特别需要注意的是,针对RequestBodyAdvice仅作用在请求参数有注解@RequestBody的,同样的ResponseBodyAdvice仅对有注解@ResponseBody生效
下面的代码演示:
新建requestBody和responseBody拦截类:
package com.wm.mi.config;
import com.wm.mi.exception.MyException;
import com.wm.mi.util.HttpInputMessageUtil;
import com.wm.mi.util.Md5Tool;
import com.wm.mi.util.RequestUtil;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.MethodParameter;
import org.springframework.http.HttpInputMessage;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Type;
import java.util.List;
/***
* @ClassName: DecodeRequestBody
* @Description: 请求解密 注意:RequestBodyAdvice仅针对打上@RequestBody的注解生效
* @Author: wm_yu
* @Create_time: 14:43 2019-11-11
*/
@Slf4j
@Component
@ControllerAdvice("com.wm.mi.controller")
public class DecodeRequestBody implements RequestBodyAdvice {
@Value("${enctry.secret}")
private String SECRET;
private static final String SECRET_KEY = "SECRET_KEY";
/**
* 设置条件,这个条件为true才会执行下面的beforeBodyRead方法
* @param methodParameter
* @param type
* @param aClass
* @return
*/
@Override
public boolean supports(MethodParameter methodParameter, Type type, Class<? extends HttpMessageConverter<?>> aClass) {
return true;
}
@Override
public HttpInputMessage beforeBodyRead(HttpInputMessage request, MethodParameter methodParameter, Type type, Class<? extends HttpMessageConverter<?>> aClass) throws IOException {
List<String> headerList = request.getHeaders().get(SECRET_KEY);
if(CollectionUtils.isEmpty(headerList) || StringUtils.isEmpty(headerList.get(0)) || !SECRET.equals(headerList.get(0))){
throw new MyException("request header no access key....");
}
InputStream inputStream = request.getBody();
String requestBodyStr = RequestUtil.getRequestBodyStr(inputStream);
log.info("start decode request body:{}",requestBodyStr);
if(StringUtils.isEmpty(requestBodyStr)){
return request;
}
String decodeStr = null;
try {
decodeStr = Md5Tool.md5Decode(requestBodyStr, SECRET);
log.info("end decode request body:{}",decodeStr);
} catch (Exception e) {
throw