需要对请求进行拦截校验,验证时间戳签名等
写一个校验注释
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* 权限校验
*
*/
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.METHOD})
@Documented
public @interface CheckPermission {
}
校验类
import com.baijia.medusa.follower.common.exception.NoPermissionException;
import com.baijia.medusa.follower.web.config.ApolloConfig;
import com.baijia.medusa.follower.web.config.Monitor;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.logging.log4j.core.config.Order;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import java.util.Map;
/**
* @author
*/
@Aspect
@Order(-100)
@Component
public class PermissionAspectHandler {
private static final Logger LOG = LoggerFactory.getLogger(PermissionAspectHandler.class);
private static final String REQUEST_HEADER_SIGN = "sign";
private static final String REQUEST_HEADER_TIME = "time";
public static final String REQUEST_HEADER_APPID = "appId";
@Autowired
private ApolloConfig apolloConfig;
@Resource
private Monitor monitor;
@Before("@annotation(xxx.xxx.xxx.CheckPermission)")
public void doBefore(JoinPoint joinPoint) {
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
String requestUrl = request.getRequestURI();
// get request header param
String appId = request.getHeader(REQUEST_HEADER_APPID);
String time = request.getHeader(REQUEST_HEADER_TIME);
String sign = request.getHeader(REQUEST_HEADER_SIGN);
monitor.monitorAppidRequest(appId, requestUrl);
LOG.info("the permission param, appId:{},time:{},sign:{}", appId, time, sign);
if (StringUtils.isEmpty(appId) || StringUtils.isEmpty(time) || StringUtils.isEmpty(sign)) {
throw new NoPermissionException("miss appId time sign permission param. your app no permission, please checked and try again later");
}
if (!this.checkAppIdPermission(appId, requestUrl)) {
throw new NoPermissionException("sorry. your app no permission, please checked and try again later");
}
this.checkSignPermission(appId, time, sign);
}
/**
* check sign
*
* @param appId
* @param time
* @param sign
*/
private void checkSignPermission(String appId, String time, String sign) {
Map<String, String> appIdSecretKeyMap = apolloConfig.getAppIdSecretKeyMap();
String secretKey = appIdSecretKeyMap.get(appId);
String mySign = DigestUtils.md5Hex(time + secretKey);
if (!mySign.equals(sign)) {
LOG.info("mySign:{}", mySign);
throw new NoPermissionException("the sign is error. please check");
}
}
/**
* check AppId Permission main function
*
* @return
*/
private Boolean checkAppIdPermission(String appId, String requestUrl) {
if (apolloConfig.getAdminAppIds().contains(appId)) {
return true;
}
return false;
}
}
哪个接口需要校验就加上@CheckPermission
@PostMapping("/accountSyncRetry")
@CheckPermission
public Response<Boolean> employeeDispatchRetry(@RequestBody @Valid AccountRetryParam param){
Boolean result = accountRetryService.accountSyncRetry(AccountSystemEnum.valueOf(param.getAccountSystemType()),param.getDisplayNumber());
return Response.SUCCESS(ResponseCode.SUCCESS, result);
}