1. 对于第三方引用我们的接口,按照一切不信任原则,我们都要进行加密校验。
2.考虑到密文验证的通用性,将此方法从controller剥离出来,放到拦截器实现。
step1 : 注册拦截器
<mvc:interceptors>
<!-- 外部接口拦截器 -->
<mvc:interceptor>
<mvc:mapping path="/junjin/api/outSideInterface.do" /><!-- 如果不配置或/*,将拦截所有的Controller -->
<bean class="com.junjin.interceptor.OutSideInterfaceInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
step2 : 继承HandlerInterceptor
<span style="font-size:12px;"><span style="font-family:SimSun;font-size:10px;">//在实际的handler被执行前被调用
</span>public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 读取配置文件中的密钥
ConstPropertiesReader propertiesReader = ConstPropertiesReader.getInstance();
String key = propertiesReader.get("key").toString();
// 获得客户端密文(token是第三方放在url后面的请求数据)
String token = request.getParameter("token");
// request获取post请求的数据 :
String postContent = RequestUtil.getJSONStringAsciiCode(request);
// 对传送的数据进行加密
String tokenCheck = TokenUtil.generateToken(key, postContent);
logger.info(tokenCheck);
if (tokenCheck.equals(token)) {
//将数据返回到controller层面
<span style="color:#FF0000;">request.setAttribute("postContent", postContent);</span>
return true;
} else {
FjsCallBackObject obj = new FjsCallBackObject();
obj.setStatus(1);
obj.setMsg("密文不匹配,请重新提交");
response.setCharacterEncoding("UTF-8");
response.setHeader("Content-Type", "text/plain;charset=UTF-8");
response.getWriter().write(FastJsonUtil.toJSONString(obj));
return false;
}
}</span>
<span style="font-size:12px;"><span style="font-family:SimSun;font-size:10px;">//在实际的handler被执行前被调用
</span>public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 读取配置文件中的密钥
ConstPropertiesReader propertiesReader = ConstPropertiesReader.getInstance();
String key = propertiesReader.get("key").toString();
// 获得客户端密文(token是第三方放在url后面的请求数据)
String token = request.getParameter("token");
// request获取post请求的数据 :
String postContent = RequestUtil.getJSONStringAsciiCode(request);
// 对传送的数据进行加密
String tokenCheck = TokenUtil.generateToken(key, postContent);
logger.info(tokenCheck);
if (tokenCheck.equals(token)) {
//将数据返回到controller层面
<span style="color:#FF0000;">request.setAttribute("postContent", postContent);</span>
return true;
} else {
FjsCallBackObject obj = new FjsCallBackObject();
obj.setStatus(1);
obj.setMsg("密文不匹配,请重新提交");
response.setCharacterEncoding("UTF-8");
response.setHeader("Content-Type", "text/plain;charset=UTF-8");
response.getWriter().write(FastJsonUtil.toJSONString(obj));
return false;
}
}</span>
step2_1 : 从request中读取post请求的数据
<span style="font-size:12px;"><span style="color:#FF0000;">import org.apache.commons.io.IOUtils;</span>
public static String CHARSET = "UTF-8";
public static Stirng getJsonStringAsciiCode(HttpServletRequest request){
String json = "";
try{
ServletInputStream in = request.getInputStream();
String content = <span style="color:#FF0000;">IOUtils</span>.toString(in,CHARSET);
json = URLDecoder.decode(content,CHARSET);
}catch(IOException e){
e.printStackTrace();
}
return json;
} </span>
<span style="font-size:12px;"><span style="color:#FF0000;">import org.apache.commons.io.IOUtils;</span>
public static String CHARSET = "UTF-8";
public static Stirng getJsonStringAsciiCode(HttpServletRequest request){
String json = "";
try{
ServletInputStream in = request.getInputStream();
String content = <span style="color:#FF0000;">IOUtils</span>.toString(in,CHARSET);
json = URLDecoder.decode(content,CHARSET);
}catch(IOException e){
e.printStackTrace();
}
return json;
} </span>