1、vue请求传值为:时间戳(timeStamp)、随机数(nonce)、sign(url+params参数排序并进行加密)
2、后台获取请求内容,
a、先验证访问时间戳是否超出请求范围
b、验证随机数(nonce)是否已经使用过
c、后台对获取的参数进行排序并加密,验证获取的标签是否与sign是否同一值
注:传参模式vue传参模式为params
@PostMapping("/add")
public AjaxResult add(ServletRequest req) throws IOException, ParseException {HttpServletRequest request = (HttpServletRequest)req;
HttpServletRequest requestWrapper = new BodyReaderHttpServletRequestWrapper(request);
SortedMap allParams = HttpUtils.getAllParams(requestWrapper);
String timeStamp = StringUtils.getString(allParams, "timeStamp");
String nonce = StringUtils.getString(allParams, "nonce");
Long validateTime = DateUtil.stampToDate(timeStamp);
if (validateTime < StringConstants.BALIDATETIME) {
Object obj = redisService.getCacheObject(nonce);
if (StringUtils.isNull(obj)) {
redisService.setCacheObject(nonce, nonce);
boolean isSigned = SignUtil.verifySign(allParams);
if (isSigned) {
return toAjax(countService.insertAccount(allParams));
} else {
return AjaxResult.error();
}
} else {
return AjaxResult.error();
}
} else {
return AjaxResult.error();
}
}