自定义注解验证参数
**问题1:**在开发的时候需要对前端传过来的参数进行参数校验,防止参数被别人串改而发起的恶意请求,校验简单举例如下:
前端多传个校验字段,然后后台去判断需要校验的字段值和其中校验参数是否一样,当然你也可以进行加密校验,这里我简单判断是否相等进行校验,比如前端传一个手机号phone,然后需要前端再传一个code值,然后我去判断这两个值是否相等去判断请求是否合法
代码:
注解类:
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface Md5Validation {
String fieldName() default "";
}
@Aspect
@Component
@Slf4j
public class Md5ValidationAspect {
@Before("@annotation(md5Validation)")
public void customMd5Validation(JoinPoint joinPoint, Md5Validation md5Validation) {
String fieldName = md5Validation.fieldName();
Object[] args = joinPoint.getArgs();
if (args.length > 0 && args[0] != null) {
Object object = args[0];
String code = getFieldValue(object, "code");
String customParamValue = getFieldValue(object, fieldName);
if (!code.equals(customParamValue)) {
throw new IllegalArgumentException("Custom parameter validation failed");
}
}
}
private String getFieldValue(Object object, String fieldName) {
try {
Field field = object.getClass().getDeclaredField(fieldName);
field.setAccessible(true);
return String.valueOf(field.get(object));
} catch (NoSuchFieldException | IllegalAccessException e) {
log.error("Unable to access field value: {}", e.getMessage());
throw new RuntimeException("Failed to access field value");
}
}
}
接口使用:
@GetMapping("test3")
@Md5Validation(fieldName = "phone")
public String test(Md5Req md5Req){
return "successsssss";
}
**问题2:**在开发的时候需要对返回的参数进行加密处理,需要开发一个自定义注解,只要接口上加上自定义注解,就能将返回的参数进行加密处理,一般我们在开发的时候都有封装一个统一的返回类,我的统一返回类里面包含了:code、msg、data,这里我只对data进行加密
代码:
注解类:
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface AESEncryption {
}
@Aspect
@Component
@Slf4j
public class AESEncryptionAspect {
private static final String AES_KEY = ""; //key根据自己的填写
@Around("@annotation(AESEncryption)")
public Object encryptResponse(ProceedingJoinPoint joinPoint) throws Throwable {
// 执行原始方法,获取返回结果
Object result = joinPoint.proceed();
// 对返回结果进行加密
Result responseEntity = null;
if (result instanceof Result) {
responseEntity = (Result) result;
Object responseBody = responseEntity.getData();
if (!Objects.isNull(responseBody)) {
String jsonString = JSON.toJSONString(responseBody);
log.info("jsonString===>{}", jsonString);
AES aes = SecureUtil.aes(AES_KEY.getBytes());
String ciphertext = aes.encryptBase64(jsonString);
responseEntity.setData(null);
responseEntity.put("encrypt", ciphertext);
}
}
return responseEntity;
}
}
接口使用:
@RequestMapping("/get")
@AESEncryption
public Result getHikPlayUrl(@Valid PlayUrlReq playUrlReq){
return Service.getHikPlayUrl(playUrlReq);
}