http接口安全校驗

本文轉載自查看原文 2020-04-27 16:00 627 java


@Component
public class MassageInterceptor implements HandlerInterceptor {

    private static final Logger log = LoggerFactory.getLogger(MassageInterceptor.class);

    /**
     * 進入controller層之前攔截請求
     *
     * @param httpServletRequest
     * @param httpServletResponse
     * @param o
     * @return
     * @throws Exception
     */
    @Override
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
        // 計算校驗值 是否與cs匹配
        String bodyJson = httpServletRequest.getAttribute("postParameter").toString();
        String cs = httpServletRequest.getParameter("cs");
        String openkey = "RIqXkbml6dunptIc";
        String openid = httpServletRequest.getParameter("openid");
        String ts = httpServletRequest.getParameter("ts");
        if (StringUtils.isEmpty(openid)) {
            errorResponse(httpServletResponse, "openid不能為空");
            return false;
        }

        if (StringUtils.isEmpty(ts)) {
            errorResponse(httpServletResponse, "時間戳不能為空");
            return false;
        }
        StringBuilder csBuilder = new StringBuilder()
                .append("Data[").append(bodyJson).append("];")
                .append("openid[").append(openid).append("];")
                .append("openkey[").append(openkey).append("];")
                .append("ts[").append(ts).append("];");
        //logger.info("MD5加密字符串：{}", csBuilder.toString());
        if (!cs.equals(MD5Util.md5(csBuilder.toString()))) {
            exceptionResponse(httpServletResponse, "CS驗證不通過");
            return false;
        }
        return true;
    }

    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
        // log.info("--------------處理請求完成后視圖渲染之前的處理操作---------------");
    }

    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
        //log.info("---------------視圖渲染之后的操作-------------------------0");
    }

    private void errorResponse(HttpServletResponse response, String errorMsg) throws Exception {
        response.setCharacterEncoding("UTF-8");
        response.setContentType("application/json; charset=utf-8");
        PrintWriter out = response.getWriter();
        HttpResult resultMsg = new HttpResult();
        resultMsg.setCode(HttpResultConstant.HTTP_ERROR);
        resultMsg.setMsg(errorMsg);
        JSONObject obj = JSONObject.fromObject(resultMsg);
        out.append(obj.toString());
        log.info("接口響應：{}", obj.toString());
    }

    private void exceptionResponse(HttpServletResponse response, String errorMsg) throws Exception {
        response.setCharacterEncoding("UTF-8");
        response.setContentType("application/json; charset=utf-8");
        PrintWriter out = response.getWriter();
        HttpResult resultMsg = new HttpResult();
        resultMsg.setCode(HttpResultConstant.HTTP_EXCEPTION);
        resultMsg.setMsg(errorMsg);
        JSONObject obj = JSONObject.fromObject(resultMsg);
        out.append(obj.toString());
        log.info("接口響應：{}", obj.toString());
    }

}

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 接口安全校驗 WebAPI接口安全校驗微信小程序實現圖片/文字安全校驗 Android Webview SSL 自簽名安全校驗解決方案百度OCR文字識別-Android安全校驗 WebApi系列~安全校驗中的防篡改和防復用 FastAPI 學習之路（二十七）安全校驗第八節：常見安全隱患和傳統的基於Session和Token的安全校驗小程序如何在業務系統中接入圖片安全校驗第九節：JWT簡介和以JS+WebApi為例基於JWT的安全校驗