springboot加解密
ldcaws 人气:0在系统开发中,需要对请求和响应分别拦截下来进行解密和加密处理,在springboot中提供了RequestBodyAdviceAdapter和ResponseBodyAdvice,利用这两个工具可以非常方便的对请求和响应进行预处理。
1、新建一个springboot工程,pom依赖如下
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <optional>true</optional> </dependency>
2、自定义加密、解密的注解
@Retention(RetentionPolicy.RUNTIME) @Target(ElementType.METHOD) public @interface Encrypt { } @Retention(RetentionPolicy.RUNTIME) @Target({ElementType.METHOD, ElementType.PARAMETER}) public @interface Decrypt { }
其中加密注解放在方法上,解密注解可以放在方法上,也可以放在参数上。
3、加密算法
定义一个加密工具类,加密算法分为对称加密和非对称加密,本次使用java自带的Ciphor来实现对称加密,使用AES算法,如下
public class AESUtils { private static final String AES_ALGORITHM = "AES/ECB/PKCS5Padding"; private static final String key = "1234567890abcdef"; /** * 获取 cipher * @param key * @param model * @return * @throws Exception */ private static Cipher getCipher(byte[] key, int model) throws Exception { SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance(AES_ALGORITHM); cipher.init(model, secretKeySpec); return cipher; } /** * AES加密 * @param data * @param key * @return * @throws Exception */ public static String encrypt(byte[] data, byte[] key) throws Exception { Cipher cipher = getCipher(key, Cipher.ENCRYPT_MODE); return Base64.getEncoder().encodeToString(cipher.doFinal(data)); } /** * AES解密 * @param data * @param key * @return * @throws Exception */ public static byte[] decrypt(byte[] data, byte[] key) throws Exception { Cipher cipher = getCipher(key, Cipher.DECRYPT_MODE); return cipher.doFinal(Base64.getDecoder().decode(data)); } }
其中加密后的数据使用Base64算法进行编码,获取可读字符串;解密的输入也是一个Base64编码之后的字符串,先进行解码再进行解密。
4、对请求数据进行解密处理
@EnableConfigurationProperties(KeyProperties.class) @ControllerAdvice public class DecryptRequest extends RequestBodyAdviceAdapter { @Autowired private KeyProperties keyProperties; /** * 该方法用于判断当前请求,是否要执行beforeBodyRead方法 * * @param methodParameter handler方法的参数对象 * @param targetType handler方法的参数类型 * @param converterType 将会使用到的Http消息转换器类类型 * @return 返回true则会执行beforeBodyRead */ @Override public boolean supports(MethodParameter methodParameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) { return methodParameter.hasMethodAnnotation(Decrypt.class) || methodParameter.hasParameterAnnotation(Decrypt.class); } /** * 在Http消息转换器执转换,之前执行 * @param inputMessage * @param parameter * @param targetType * @param converterType * @return 返回 一个自定义的HttpInputMessage * @throws IOException */ @Override public HttpInputMessage beforeBodyRead(final HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) throws IOException { byte[] body = new byte[inputMessage.getBody().available()]; inputMessage.getBody().read(body); try { byte[] keyBytes = keyProperties.getKey().getBytes(); byte[] decrypt = AESUtils.decrypt(body, keyBytes); final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decrypt); return new HttpInputMessage() { @Override public InputStream getBody() throws IOException { return byteArrayInputStream; } @Override public HttpHeaders getHeaders() { return inputMessage.getHeaders(); } }; } catch (Exception e) { e.printStackTrace(); } return super.beforeBodyRead(inputMessage, parameter, targetType, converterType); } }
5、对响应数据进行加密处理
@EnableConfigurationProperties(KeyProperties.class) @ControllerAdvice public class EncryptResponse implements ResponseBodyAdvice<RespBean> { private ObjectMapper objectMapper = new ObjectMapper(); @Autowired private KeyProperties keyProperties; /** * 该方法用于判断当前请求的返回值,是否要执行beforeBodyWrite方法 * * @param methodParameter handler方法的参数对象 * @param converterType 将会使用到的Http消息转换器类类型 * @return 返回true则会执行beforeBodyWrite */ @Override public boolean supports(MethodParameter methodParameter, Class<? extends HttpMessageConverter<?>> converterType) { return methodParameter.hasMethodAnnotation(Encrypt.class); } /** * 在Http消息转换器执转换,之前执行 * @param body * @param returnType * @param selectedContentType * @param selectedConverterType * @param request * @param response * @return 返回 一个自定义的HttpInputMessage,可以为null,表示没有任何响应 */ @Override public RespBean beforeBodyWrite(RespBean body, MethodParameter returnType, MediaType selectedContentType, Class<? extends HttpMessageConverter<?>> selectedConverterType, ServerHttpRequest request, ServerHttpResponse response) { byte[] keyBytes = keyProperties.getKey().getBytes(); try { if (body.getMsg() != null) { body.setMsg(AESUtils.encrypt(body.getMsg().getBytes(), keyBytes)); } if (body.getObj() != null) { body.setObj(AESUtils.encrypt(objectMapper.writeValueAsBytes(body.getObj()), keyBytes)); } } catch (Exception e) { e.printStackTrace(); } return body; } }
6、加解密的key的配置类,从配置文件中读取
@ConfigurationProperties(prefix = "spring.encrypt") public class KeyProperties { private final static String DEFAULT_KEY = "1234567890abcdef"; private String key = DEFAULT_KEY; public String getKey() { return key; } public void setKey(String key) { this.key = key; } }
7、测试
application中的key配置
spring.encrypt.key=1234567890abcdef
@GetMapping("/user") @Encrypt public RespBean getUser() { User user = new User(); user.setId(1L); user.setUsername("caocao"); return RespBean.ok("ok", user); } @PostMapping("/user") public RespBean addUser(@RequestBody @Decrypt User user) { System.out.println("user = " + user); return RespBean.ok("ok", user); }
测试结果
其中get请求的接口使用了@Encrypt注解,对响应数据进行了加密处理;post请求的接口使用了@Decrypt注解作用在参数上,对请求数据进行了解密处理。
加载全部内容