صفحهٔ اصلی گشت‌و‌گذار راهنما
ثبت نام ورود
sugb
/
dzhh-backend
1
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
درخت: fbc4312a8c
شاخه‌ها تگ‌ها
dzhh-backend
/
.svn
/
pristine
/
19
/
1952ed0726b8149066ae73ae3fd4692a8b0ebe9c.svn-base

1952ed0726b8149066ae73ae3fd4692a8b0ebe9c.svn-base 2.7 KB
تاريخچه خام

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. package org.jeecg.config.sign.interceptor;
    2. 

  2. 

  3. 

  4. import java.io.PrintWriter;
    5. 

  5. import java.util.SortedMap;
    6. 

  6. 

  7. import javax.servlet.http.HttpServletRequest;
    8. 

  8. import javax.servlet.http.HttpServletResponse;
    9. 

  9. 

  10. import org.jeecg.common.api.vo.Result;
    11. 

  11. import org.jeecg.common.constant.CommonConstant;
    12. 

  12. import org.jeecg.common.util.DateUtils;
    13. 

  13. import org.jeecg.config.sign.util.BodyReaderHttpServletRequestWrapper;
    14. 

  14. import org.jeecg.config.sign.util.HttpUtils;
    15. 

  15. import org.jeecg.config.sign.util.SignUtil;
    16. 

  16. import org.springframework.web.servlet.HandlerInterceptor;
    17. 

  17. 

  18. import com.alibaba.fastjson.JSON;
    19. 

  19. 

  20. import lombok.extern.slf4j.Slf4j;
    21. 

  21. 

  22. /**
    23. 

  23.  * 签名拦截器
    24. 

  24.  * @author qinfeng
    25. 

  25.  */
    26. 

  26. @Slf4j
    27. 

  27. public class SignAuthInterceptor implements HandlerInterceptor {
    28. 

  28.     /**
    29. 

  29.      * 5分钟有效期
    30. 

  30.      */
    31. 

  31.     private final static long MAX_EXPIRE = 5 * 60;
    32. 

  32. 

  33.     @Override
    34. 

  34.     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
    35. 

  35.         log.info("request URI = " + request.getRequestURI());
    36. 

  36.         HttpServletRequest requestWrapper = new BodyReaderHttpServletRequestWrapper(request);
    37. 

  37.         //获取全部参数(包括URL和body上的)
    38. 

  38.         SortedMap<String, String> allParams = HttpUtils.getAllParams(requestWrapper);
    39. 

  39.         //对参数进行签名验证
    40. 

  40.         String headerSign = request.getHeader(CommonConstant.X_SIGN);
    41. 

  41.         String timesTamp = request.getHeader(CommonConstant.X_TIMESTAMP);
    42. 

  42. 

  43.         //1.校验时间有消息
    44. 

  44.         try {
    45. 

  45.             DateUtils.parseDate(timesTamp, "yyyyMMddHHmmss");
    46. 

  46.         } catch (Exception e) {
    47. 

  47.             throw new IllegalArgumentException("签名验证失败:X-TIMESTAMP格式必须为:yyyyMMddHHmmss");
    48. 

  48.         }
    49. 

  49.         Long clientTimestamp = Long.parseLong(timesTamp);
    50. 

  50.         //判断时间戳 timestamp=201808091113
    51. 

  51.         if ((DateUtils.getCurrentTimestamp() - clientTimestamp) > MAX_EXPIRE) {
    52. 

  52.             throw new IllegalArgumentException("签名验证失败:X-TIMESTAMP已过期");
    53. 

  53.         }
    54. 

  54. 

  55.         //2.校验签名
    56. 

  56.         boolean isSigned = SignUtil.verifySign(allParams,headerSign);
    57. 

  57. 

  58.         if (isSigned) {
    59. 

  59.             log.debug("Sign 签名通过!Header Sign : {}",headerSign);
    60. 

  60.             return true;
    61. 

  61.         } else {
    62. 

  62.             log.error("request URI = " + request.getRequestURI());
    63. 

  63.             log.error("Sign 签名校验失败!Header Sign : {}",headerSign);
    64. 

  64.             //校验失败返回前端
    65. 

  65.             response.setCharacterEncoding("UTF-8");
    66. 

  66.             response.setContentType("application/json; charset=utf-8");
    67. 

  67.             PrintWriter out = response.getWriter();
    68. 

  68.             Result<?> result = Result.error("Sign签名校验失败!");
    69. 

  69.             out.print(JSON.toJSON(result));
    70. 

  70.             return false;
    71. 

  71.         }
    72. 

  72.     }
    73. 

  73. 

  74. }
    75.