介绍
在一些安全性要求较高的项目中,我们希望客户端请求数据可以做到数据加密,服务器端进行解密。(单纯的HTTPS仍难以满足安全需要。)
本文基于SpringBoot针对消息体进行解密,目前仅支持请求消息解密。(响应消息过大情况下,加密会带来严重的性能问题。)
流程如下:
使用DES cbc模式对称加密请求体。要求客户端请求前加对消息体进行加密,服务器端通过SpringMVC Advice拦截请求解密后,传给controller的方法。
@ControllerAdvice与RequestBodyAdviceAdapter
@ControllerAdvice注解可以扫描针对Controller层的扩展组件。通过@Sort注解可以使其支持顺序加载。
RequestBodyAdviceAdapter是RequestBodyAdvice适配器类,可以方便的扩展所需要的方法。
RequestBodyAdvice功能如下:
允许在请求消息体在被读取及调用convert转换成实体之前做一些个人化操作,作用于含有@RequestBody注解的请求。实现此接口的类,需要在RequestMappingHandlerAdapter中配置或通过@ControllerAdvice注解配置。
原文如下:
/**
* Allows customizing the request before its body is read and converted into an
* Object and also allows for processing of the resulting Object before it is
* passed into a controller method as an {@code @RequestBody} or an
* {@code HttpEntity} method argument.
*
*
Implementations of this contract may be registered directly with the
* {@code RequestMappingHandlerAdapter} or more likely annotated with
* {@code @ControllerAdvice} in which case they are auto-detected.
*
* @author Rossen Stoyanchev
* @since 4.2
*/
完整代码如下:
SecretRequestAdvice
@Slf4j
@ControllerAdvice
@ConditionalOnProperty(prefix = "faster.secret", name = "enabled", havingValue = "true")
@EnableConfigurationProperties({SecretProperties.class})
@Order(1)
public class SecretRequestAdvice extends RequestBodyAdviceAd