对请求进行拦截校验

需要对请求进行拦截校验,验证时间戳签名等

写一个校验注释

import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

/**
 * 权限校验
 * 
 */
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.METHOD})
@Documented
public @interface CheckPermission {

}

校验类

import com.baijia.medusa.follower.common.exception.NoPermissionException;
import com.baijia.medusa.follower.web.config.ApolloConfig;
import com.baijia.medusa.follower.web.config.Monitor;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.logging.log4j.core.config.Order;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import java.util.Map;


/**
 * @author 
 */
@Aspect
@Order(-100)
@Component
public class PermissionAspectHandler {

    private static final Logger LOG = LoggerFactory.getLogger(PermissionAspectHandler.class);

    private static final String REQUEST_HEADER_SIGN = "sign";

    private static final String REQUEST_HEADER_TIME = "time";

    public static final String REQUEST_HEADER_APPID = "appId";

    @Autowired
    private ApolloConfig apolloConfig;

    @Resource
    private Monitor monitor;

    @Before("@annotation(xxx.xxx.xxx.CheckPermission)")
    public void doBefore(JoinPoint joinPoint) {

        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
        String requestUrl = request.getRequestURI();
        // get request header param
        String appId = request.getHeader(REQUEST_HEADER_APPID);
        String time = request.getHeader(REQUEST_HEADER_TIME);
        String sign = request.getHeader(REQUEST_HEADER_SIGN);

        monitor.monitorAppidRequest(appId, requestUrl);

        LOG.info("the permission param, appId:{},time:{},sign:{}", appId, time, sign);
        if (StringUtils.isEmpty(appId) || StringUtils.isEmpty(time) || StringUtils.isEmpty(sign)) {
            throw new NoPermissionException("miss appId time sign permission param. your app no permission, please checked and try again later");
        }
        if (!this.checkAppIdPermission(appId, requestUrl)) {
            throw new NoPermissionException("sorry. your app no permission, please checked and try again later");
        }
        this.checkSignPermission(appId, time, sign);
    }

    /**
     * check sign
     *
     * @param appId
     * @param time
     * @param sign
     */
    private void checkSignPermission(String appId, String time, String sign) {
        Map<String, String> appIdSecretKeyMap = apolloConfig.getAppIdSecretKeyMap();
        String secretKey = appIdSecretKeyMap.get(appId);
        String mySign = DigestUtils.md5Hex(time + secretKey);
        if (!mySign.equals(sign)) {
            LOG.info("mySign:{}", mySign);
            throw new NoPermissionException("the sign is error. please check");
        }
    }

    /**
     * check AppId Permission main function
     *
     * @return
     */
    private Boolean checkAppIdPermission(String appId, String requestUrl) {
        if (apolloConfig.getAdminAppIds().contains(appId)) {
            return true;
        }
        return false;
    }
}

哪个接口需要校验就加上@CheckPermission

@PostMapping("/accountSyncRetry")
    @CheckPermission
    public Response<Boolean> employeeDispatchRetry(@RequestBody @Valid AccountRetryParam param){
        Boolean result =  accountRetryService.accountSyncRetry(AccountSystemEnum.valueOf(param.getAccountSystemType()),param.getDisplayNumber());
        return Response.SUCCESS(ResponseCode.SUCCESS, result);
    }

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值