对请求进行拦截校验

需要对请求进行拦截校验,验证时间戳签名等

写一个校验注释

import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

/**
 * 权限校验
 * 
 */
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.METHOD})
@Documented
public @interface CheckPermission {

}

校验类

import com.baijia.medusa.follower.common.exception.NoPermissionException;
import com.baijia.medusa.follower.web.config.ApolloConfig;
import com.baijia.medusa.follower.web.config.Monitor;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.logging.log4j.core.config.Order;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import java.util.Map;


/**
 * @author 
 */
@Aspect
@Order(-100)
@Component
public class PermissionAspectHandler {

    private static final Logger LOG = LoggerFactory.getLogger(PermissionAspectHandler.class);

    private static final String REQUEST_HEADER_SIGN = "sign";

    private static final String REQUEST_HEADER_TIME = "time";

    public static final String REQUEST_HEADER_APPID = "appId";

    @Autowired
    private ApolloConfig apolloConfig;

    @Resource
    private Monitor monitor;

    @Before("@annotation(xxx.xxx.xxx.CheckPermission)")
    public void doBefore(JoinPoint joinPoint) {

        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
        String requestUrl = request.getRequestURI();
        // get request header param
        String appId = request.getHeader(REQUEST_HEADER_APPID);
        String time = request.getHeader(REQUEST_HEADER_TIME);
        String sign = request.getHeader(REQUEST_HEADER_SIGN);

        monitor.monitorAppidRequest(appId, requestUrl);

        LOG.info("the permission param, appId:{},time:{},sign:{}", appId, time, sign);
        if (StringUtils.isEmpty(appId) || StringUtils.isEmpty(time) || StringUtils.isEmpty(sign)) {
            throw new NoPermissionException("miss appId time sign permission param. your app no permission, please checked and try again later");
        }
        if (!this.checkAppIdPermission(appId, requestUrl)) {
            throw new NoPermissionException("sorry. your app no permission, please checked and try again later");
        }
        this.checkSignPermission(appId, time, sign);
    }

    /**
     * check sign
     *
     * @param appId
     * @param time
     * @param sign
     */
    private void checkSignPermission(String appId, String time, String sign) {
        Map<String, String> appIdSecretKeyMap = apolloConfig.getAppIdSecretKeyMap();
        String secretKey = appIdSecretKeyMap.get(appId);
        String mySign = DigestUtils.md5Hex(time + secretKey);
        if (!mySign.equals(sign)) {
            LOG.info("mySign:{}", mySign);
            throw new NoPermissionException("the sign is error. please check");
        }
    }

    /**
     * check AppId Permission main function
     *
     * @return
     */
    private Boolean checkAppIdPermission(String appId, String requestUrl) {
        if (apolloConfig.getAdminAppIds().contains(appId)) {
            return true;
        }
        return false;
    }
}

哪个接口需要校验就加上@CheckPermission

@PostMapping("/accountSyncRetry")
    @CheckPermission
    public Response<Boolean> employeeDispatchRetry(@RequestBody @Valid AccountRetryParam param){
        Boolean result =  accountRetryService.accountSyncRetry(AccountSystemEnum.valueOf(param.getAccountSystemType()),param.getDisplayNumber());
        return Response.SUCCESS(ResponseCode.SUCCESS, result);
    }

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
在Lua中实现拦截请求校验sign可以通过OpenResty来实现。OpenResty是一个基于Nginx的Web应用开发框架,支持使用Lua脚本进行二次开发。以下是一个简单的示例,实现了拦截请求校验sign的功能: ``` -- 导入OpenResty的http库 local http = require "resty.http" -- 获取请求的URI和query参数 local uri = ngx.var.uri local args = ngx.req.get_uri_args() -- 获取请求头中的sign参数 local sign = ngx.req.get_headers()["sign"] -- 根据请求参数生成待校验的签名 local signParam = "" for k, v in pairs(args) do signParam = signParam .. k .. "=" .. v .. "&" end signParam = string.sub(signParam, 1, -2) local signToCheck = ngx.md5(signParam) -- 校验签名是否正确 if sign ~= signToCheck then ngx.exit(ngx.HTTP_FORBIDDEN) end -- 发送请求到后端服务 local httpc = http.new() local res, err = httpc:request_uri("http://backend_service" .. uri, { method = ngx.req.get_method(), headers = ngx.req.get_headers(), body = ngx.req.get_body_data(), keepalive_timeout = 60000, keepalive_pool = 10 }) -- 将后端服务的响应返回给客户端 ngx.status = res.status ngx.say(res.body) ngx.exit(ngx.HTTP_OK) ``` 以上代码中,首先获取请求的URI和query参数,并获取请求头中的sign参数。然后根据请求参数生成待校验的签名,使用ngx.md5函数计算签名的MD5值。最后,校验签名是否正确,如果不正确则直接返回HTTP_FORBIDDEN状态码。如果签名校验通过,则使用resty.http库发送请求到后端服务,并将响应返回给客户端。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值