public class SignInterceptor implements HandlerInterceptor {
private static final Logger LOG = LoggerFactory.getLogger(SignInterceptor.class);
private final static String WATCH_WHITE = Config.getGlobal().getValue("watch_white");//eg:*
private final static String WATCH_SERVER_KEY = Config.getGlobal().getValue("watch_server_key");//eg:4731906e3d744891a52357240c8c
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 白名单校验
String reqIp = request.getRemoteHost();
if (!ipCheck(reqIp)) {
request.setAttribute("errorMsg", "IP不在白名单内!");
response.sendRedirect(request.getContextPath() + "/watch/error.action");
return false;
}
// 签名验证
Map<String, String[]> map = request.getParameterMap();
if (!signCheck(map)) {
request.getSession().setAttribute("errorMsg", "签名验证失败!");
response.sendRedirect(request.getContextPath() + "/watch/error.action");
return false;
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
}
private boolean signCheck(Map<String, String[]> content) {
if (!content.containsKey("sign")) {
return false;
}
String sign = content.get("sign")[0];
if (!content.containsKey("reqTime")) {
return false;
}
StringBuffer result = new StringBuffer();
Map<String, String> map = new TreeMap<String, String>(new Comparator<String>() {
public int compare(String obj1, String obj2) {// 升序排序
return obj1.compareTo(obj2);
}
});
for (String key : content.keySet()) {// 复制并排序,值为空或者会空串,不参与排序
String[] value = content.get(key);
if ("sign".equals(key) || null == content.get(key))
continue;
map.put(key, value[0]);
}
for (String key : map.keySet()) {// 输出到StringBuffer
result.append(key).append("=").append(map.get(key)).append("&");
}
String str = result.substring(0, result.length() - 1) + "&key=" + WATCH_SERVER_KEY;
try {
String checkSign = MD5Util.getMD5Code(new String(str.getBytes("utf-8"))).toUpperCase();
LOG.info("远端签名:{},本地签名:{}", sign, checkSign);
return sign.equals(checkSign);
} catch (UnsupportedEncodingException e) {
System.out.println(e.getMessage());
}
return false;
}
private boolean ipCheck(String reqIp) {
LOG.info("请求的IP地址:{}", reqIp);
if (WATCH_WHITE.equals("*")) {
return true;
}
if (WATCH_WHITE.contains(reqIp)) {
return true;
}
return false;
}
}
package com.doctor.manage.interceptor;
import java.io.UnsupportedEncodingException;
import java.util.Comparator;
import java.util.Map;
import java.util.TreeMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.doctor.common.util.MD5Util;
import com.doctor.manage.Config;