找回密码
 立即注册
注册 登录
×
热搜: 活动 交友 discuz
黑客通»论坛 黑客通 加密解密 SpringBoot 接口层统一加密解密
查看: 86|回复: 0

SpringBoot 接口层统一加密解密

[复制链接]
绮罗林

1

主题

1

帖子

3

积分

新手上路

Rank: 1

积分
3
发表于 2022-11-29 22:25:00 | 显示全部楼层 |阅读模式
1. 介绍

在我们日常的Java开发中,免不了和其他系统的业务交互,或者微服务之间的接口调用
如果我们想保证数据传输的安全,对接口出参加密,入参解密。
但是不想写重复代码,我们可以提供一个通用starter,提供通用加密解密功能
2. 前置知识

2.1 hutool-crypto加密解密工具
hutool-crypto提供了很多加密解密工具,包括对称加密,非对称加密,摘要加密等等,这不做详细介绍。
2.2 request流只能读取一次的问题
2.2.1 问题:在接口调用链中,request的请求流只能调用一次,处理之后,如果之后还需要用到请求流获取数据,就会发现数据为空。
比如使用了filter或者aop在接口处理之前,获取了request中的数据,对参数进行了校验,那么之后就不能在获取request请求流了
2.2.2 解决办法继承HttpServletRequestWrapper,将请求中的流copy一份,复写getInputStream和getReader方法供外部使用。每次调用后的getInputStream方法都是从复制出来的二进制数组中进行获取,这个二进制数组在对象存在期间一致存在。
使用Filter过滤器,在一开始,替换request为自己定义的可以多次读取流的request。
这样就实现了流的重复获取
InputStreamHttpServletRequestWrapper
packagexyz.hlh.cryptotest.utils;importorg.apache.commons.io.IOUtils;importjavax.servlet.ReadListener;importjavax.servlet.ServletInputStream;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletRequestWrapper;importjava.io.BufferedReader;importjava.io.ByteArrayInputStream;importjava.io.ByteArrayOutputStream;importjava.io.IOException;importjava.io.InputStreamReader;/***请求流支持多次获取*/publicclassInputStreamHttpServletRequestWrapperextendsHttpServletRequestWrapper{/***用于缓存输入流*/privateByteArrayOutputStreamcachedBytes;publicInputStreamHttpServletRequestWrapper(HttpServletRequestrequest){super(request);}@OverridepublicServletInputStreamgetInputStream()throwsIOException{if(cachedBytes==null){//首次获取流时,将流放入缓存输入流中cacheInputStream();}//从缓存输入流中获取流并返回returnnewCachedServletInputStream(cachedBytes.toByteArray());}@OverridepublicBufferedReadergetReader()throwsIOException{returnnewBufferedReader(newInputStreamReader(getInputStream()));}/***首次获取流时,将流放入缓存输入流中*/privatevoidcacheInputStream()throwsIOException{//缓存输入流以便多次读取。为了方便, 我使用 org.apache.commons IOUtilscachedBytes=newByteArrayOutputStream();IOUtils.copy(super.getInputStream(),cachedBytes);}/***读取缓存的请求正文的输入流*<p>*用于根据缓存输入流创建一个可返回的*/publicstaticclassCachedServletInputStreamextendsServletInputStream{privatefinalByteArrayInputStreaminput;publicCachedServletInputStream(byte[]buf){//从缓存的请求正文创建一个新的输入流input=newByteArrayInputStream(buf);}@OverridepublicbooleanisFinished(){returnfalse;}@OverridepublicbooleanisReady(){returnfalse;}@OverridepublicvoidsetReadListener(ReadListenerlistener){}@Overridepublicintread()throwsIOException{returninput.read();}}}HttpServletRequestInputStreamFilter
packagexyz.hlh.cryptotest.filter;importorg.springframework.core.annotation.Order;importorg.springframework.stereotype.Component;importxyz.hlh.cryptotest.utils.InputStreamHttpServletRequestWrapper;importjavax.servlet.Filter;importjavax.servlet.FilterChain;importjavax.servlet.ServletException;importjavax.servlet.ServletRequest;importjavax.servlet.ServletResponse;importjavax.servlet.http.HttpServletRequest;importjava.io.IOException;importstaticorg.springframework.core.Ordered.HIGHEST_PRECEDENCE;/***@authorHLH*@description:*请求流转换为多次读取的请求流过滤器*@email17703595860@163.com*@date:Createdin2022/2/49:58*/@Component@Order(HIGHEST_PRECEDENCE+1)//优先级最高publicclassHttpServletRequestInputStreamFilterimplementsFilter{@OverridepublicvoiddoFilter(ServletRequestrequest,ServletResponseresponse,FilterChainchain)throwsIOException,ServletException{//转换为可以多次获取流的requestHttpServletRequesthttpServletRequest=(HttpServletRequest)request;InputStreamHttpServletRequestWrapperinputStreamHttpServletRequestWrapper=newInputStreamHttpServletRequestWrapper(httpServletRequest);//放行chain.doFilter(inputStreamHttpServletRequestWrapper,response);}}2.3 SpringBoot的参数校验validation
为了减少接口中,业务代码之前的大量冗余的参数校验代码
SpringBoot-validation提供了优雅的参数校验,入参都是实体类,在实体类字段上加上对应注解,就可以在进入方法之前,进行参数校验,如果参数错误,会抛出错误BindException,是不会进入方法的。
这种方法,必须要求在接口参数上加注解@Validated或者是@Valid
但是很多清空下,我们希望在代码中调用某个实体类的校验功能,所以需要如下工具类。推荐面试宝典:https://www.yoodb.com/
ParamException
packagexyz.hlh.cryptotest.exception;importlombok.Getter;importjava.util.List;/***@authorHLH*@description自定义参数异常*@email17703595860@163.com*@dateCreatedin2021/8/10下午10:56*/@GetterpublicclassParamExceptionextendsException{privatefinalList<String>fieldList;privatefinalList<String>msgList;publicParamException(List<String>fieldList,List<String>msgList){this.fieldList=fieldList;this.msgList=msgList;}}ValidationUtils
packagexyz.hlh.cryptotest.utils;importxyz.hlh.cryptotest.exception.CustomizeException;importxyz.hlh.cryptotest.exception.ParamException;importjavax.validation.ConstraintViolation;importjavax.validation.Validation;importjavax.validation.Validator;importjava.util.LinkedList;importjava.util.List;importjava.util.Set;/***@authorHLH*@description验证工具类*@email17703595860@163.com*@dateCreatedin2021/8/10下午10:56*/publicclassValidationUtils{privatestaticfinalValidatorVALIDATOR=Validation.buildDefaultValidatorFactory().getValidator();/***验证数据*@paramobject数据*/publicstaticvoidvalidate(Objectobject)throwsCustomizeException{Set<ConstraintViolation<Object>>validate=VALIDATOR.validate(object);//验证结果异常throwParamException(validate);}/***验证数据(分组)*@paramobject数据*@paramgroups所在组*/publicstaticvoidvalidate(Objectobject,Class<?>...groups)throwsCustomizeException{Set<ConstraintViolation<Object>>validate=VALIDATOR.validate(object,groups);//验证结果异常throwParamException(validate);}/***验证数据中的某个字段(分组)*@paramobject数据*@parampropertyName字段名称*/publicstaticvoidvalidate(Objectobject,StringpropertyName)throwsCustomizeException{Set<ConstraintViolation<Object>>validate=VALIDATOR.validateProperty(object,propertyName);//验证结果异常throwParamException(validate);}/***验证数据中的某个字段(分组)*@paramobject数据*@parampropertyName字段名称*@paramgroups所在组*/publicstaticvoidvalidate(Objectobject,StringpropertyName,Class<?>...groups)throwsCustomizeException{Set<ConstraintViolation<Object>>validate=VALIDATOR.validateProperty(object,propertyName,groups);//验证结果异常throwParamException(validate);}/***验证结果异常*@paramvalidate验证结果*/privatestaticvoidthrowParamException(Set<ConstraintViolation<Object>>validate)throwsCustomizeException{if(validate.size()>0){List<String>fieldList=newLinkedList<>();List<String>msgList=newLinkedList<>();for(ConstraintViolation<Object>next:validate){fieldList.add(next.getPropertyPath().toString());msgList.add(next.getMessage());}thrownewParamException(fieldList,msgList);}}}2.5 自定义starter
自定义starter步骤

  • 创建工厂,编写功能代码
  • 声明自动配置类,把需要对外提供的对象创建好,通过配置类统一向外暴露
  • 在resource目录下准备一个名为spring/spring.factories的文件,以org.springframework.boot.autoconfigure.EnableAutoConfiguration为key,自动配置类为value列表,进行注册
2.6 RequestBodyAdvice和ResponseBodyAdvice

  • RequestBodyAdvice是对请求的json串进行处理, 一般使用环境是处理接口参数的自动解密
  • ResponseBodyAdvice是对请求相应的jsoin传进行处理,一般用于相应结果的加密
3. 功能介绍

接口相应数据的时候,返回的是加密之后的数据接口入参的时候,接收的是解密之后的数据,但是在进入接口之前,会自动解密,取得对应的数据
4. 功能细节

加密解密使用对称加密的AES算法,使用hutool-crypto模块进行实现
所有的实体类提取一个公共父类,包含属性时间戳,用于加密数据返回之后的实效性,如果超过60分钟,那么其他接口将不进行处理。
如果接口加了加密注解EncryptionAnnotation,并且返回统一的json数据Result类,则自动对数据进行加密。如果是继承了统一父类RequestBase的数据,自动注入时间戳,确保数据的时效性
如果接口加了解密注解DecryptionAnnotation,并且参数使用RequestBody注解标注,传入json使用统一格式RequestData类,并且内容是继承了包含时间长的父类RequestBase,则自动解密,并且转为对应的数据类型
功能提供Springboot的starter,实现开箱即用
5. 代码实现

https://gitee.com/springboot-hlh/spring-boot-csdn/tree/master/09-spring-boot-interface-crypto
5.1 项目结构



5.2 crypto-common5.2.1 结构

5.3 crypto-spring-boot-starter5.3.1 接口

5.3.2 重要代码crypto.properties AES需要的参数配置
#模式cn.hutool.crypto.Modecrypto.mode=CTS#补码方式cn.hutool.crypto.Modecrypto.padding=PKCS5Padding#秘钥crypto.key=testkey123456789#盐crypto.iv=testiv1234567890spring.factories 自动配置文件
org.springframework.boot.autoconfigure.EnableAutoConfiguration=\xyz.hlh.crypto.config.AppConfigCryptConfig AES需要的配置参数
packagexyz.hlh.crypto.config;importcn.hutool.crypto.Mode;importcn.hutool.crypto.Padding;importlombok.Data;importlombok.EqualsAndHashCode;importlombok.Getter;importorg.springframework.boot.context.properties.ConfigurationProperties;importorg.springframework.context.annotation.Configuration;importorg.springframework.context.annotation.PropertySource;importjava.io.Serializable;/***@authorHLH*@description:AES需要的配置参数*@email17703595860@163.com*@date:Createdin2022/2/413:16*/@Configuration@ConfigurationProperties(prefix="crypto")@PropertySource("classpath:crypto.properties")@Data@EqualsAndHashCode@GetterpublicclassCryptConfigimplementsSerializable{privateModemode;privatePaddingpadding;privateStringkey;privateStringiv;}AppConfig 自动配置类
packagexyz.hlh.crypto.config;importcn.hutool.crypto.symmetric.AES;importorg.springframework.context.annotation.Bean;importorg.springframework.context.annotation.Configuration;importjavax.annotation.Resource;importjava.nio.charset.StandardCharsets;/***@authorHLH*@description:自动配置类*@email17703595860@163.com*@date:Createdin2022/2/413:12*/@ConfigurationpublicclassAppConfig{@ResourceprivateCryptConfigcryptConfig;@BeanpublicAESaes(){returnnewAES(cryptConfig.getMode(),cryptConfig.getPadding(),cryptConfig.getKey().getBytes(StandardCharsets.UTF_8),cryptConfig.getIv().getBytes(StandardCharsets.UTF_8));}}DecryptRequestBodyAdvice 请求自动解密
packagexyz.hlh.crypto.advice;importcom.fasterxml.jackson.databind.ObjectMapper;importlombok.SneakyThrows;importorg.apache.commons.lang3.StringUtils;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.core.MethodParameter;importorg.springframework.http.HttpInputMessage;importorg.springframework.http.converter.HttpMessageConverter;importorg.springframework.web.bind.annotation.ControllerAdvice;importorg.springframework.web.context.request.RequestAttributes;importorg.springframework.web.context.request.RequestContextHolder;importorg.springframework.web.context.request.ServletRequestAttributes;importorg.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice;importxyz.hlh.crypto.annotation.DecryptionAnnotation;importxyz.hlh.crypto.common.exception.ParamException;importxyz.hlh.crypto.constant.CryptoConstant;importxyz.hlh.crypto.entity.RequestBase;importxyz.hlh.crypto.entity.RequestData;importxyz.hlh.crypto.util.AESUtil;importjavax.servlet.ServletInputStream;importjavax.servlet.http.HttpServletRequest;importjava.io.IOException;importjava.lang.reflect.Type;/***@authorHLH*@description:requestBody自动解密*@email17703595860@163.com*@date:Createdin2022/2/415:12*/@ControllerAdvicepublicclassDecryptRequestBodyAdviceimplementsRequestBodyAdvice{@AutowiredprivateObjectMapperobjectMapper;/***方法上有DecryptionAnnotation注解的,进入此拦截器*@parammethodParameter方法参数对象*@paramtargetType参数的类型*@paramconverterType消息转换器*@returntrue,进入,false,跳过*/@Overridepublicbooleansupports(MethodParametermethodParameter,TypetargetType,Class<?extendsHttpMessageConverter<?>>converterType){returnmethodParameter.hasMethodAnnotation(DecryptionAnnotation.class);}@OverridepublicHttpInputMessagebeforeBodyRead(HttpInputMessageinputMessage,MethodParameterparameter,TypetargetType,Class<?extendsHttpMessageConverter<?>>converterType)throwsIOException{returninputMessage;}/***转换之后,执行此方法,解密,赋值*@parambodyspring解析完的参数*@paraminputMessage输入参数*@paramparameter参数对象*@paramtargetType参数类型*@paramconverterType消息转换类型*@return真实的参数*/@SneakyThrows@OverridepublicObjectafterBodyRead(Objectbody,HttpInputMessageinputMessage,MethodParameterparameter,TypetargetType,Class<?extendsHttpMessageConverter<?>>converterType){//获取requestRequestAttributesrequestAttributes=RequestContextHolder.getRequestAttributes();ServletRequestAttributesservletRequestAttributes=(ServletRequestAttributes)requestAttributes;if(servletRequestAttributes==null){thrownewParamException("request错误");}HttpServletRequestrequest=servletRequestAttributes.getRequest();//获取数据ServletInputStreaminputStream=request.getInputStream();RequestDatarequestData=objectMapper.readValue(inputStream,RequestData.class);if(requestData==null||StringUtils.isBlank(requestData.getText())){thrownewParamException("参数错误");}//获取加密的数据Stringtext=requestData.getText();//放入解密之前的数据request.setAttribute(CryptoConstant.INPUT_ORIGINAL_DATA,text);//解密StringdecryptText=null;try{decryptText=AESUtil.decrypt(text);}catch(Exceptione){thrownewParamException("解密失败");}if(StringUtils.isBlank(decryptText)){thrownewParamException("解密失败");}//放入解密之后的数据request.setAttribute(CryptoConstant.INPUT_DECRYPT_DATA,decryptText);//获取结果Objectresult=objectMapper.readValue(decryptText,body.getClass());//强制所有实体类必须继承RequestBase类,设置时间戳if(resultinstanceofRequestBase){//获取时间戳LongcurrentTimeMillis=((RequestBase)result).getCurrentTimeMillis();//有效期60秒longeffective=60*1000;//时间差longexpire=System.currentTimeMillis()-currentTimeMillis;//是否在有效期内if(Math.abs(expire)>effective){thrownewParamException("时间戳不合法");}//返回解密之后的数据returnresult;}else{thrownewParamException(String.format("请求参数类型:%s 未继承:%s",result.getClass().getName(),RequestBase.class.getName()));}}/***如果body为空,转为空对象*@parambodyspring解析完的参数*@paraminputMessage输入参数*@paramparameter参数对象*@paramtargetType参数类型*@paramconverterType消息转换类型*@return真实的参数*/@SneakyThrows@OverridepublicObjecthandleEmptyBody(Objectbody,HttpInputMessageinputMessage,MethodParameterparameter,TypetargetType,Class<?extendsHttpMessageConverter<?>>converterType){StringtypeName=targetType.getTypeName();Class<?>bodyClass=Class.forName(typeName);returnbodyClass.newInstance();}}EncryptResponseBodyAdvice 相应自动加密
packagexyz.hlh.crypto.advice;importcn.hutool.json.JSONUtil;importcom.fasterxml.jackson.databind.ObjectMapper;importlombok.SneakyThrows;importorg.apache.commons.lang3.StringUtils;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.core.MethodParameter;importorg.springframework.http.MediaType;importorg.springframework.http.ResponseEntity;importorg.springframework.http.converter.HttpMessageConverter;importorg.springframework.http.server.ServerHttpRequest;importorg.springframework.http.server.ServerHttpResponse;importorg.springframework.web.bind.annotation.ControllerAdvice;importorg.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;importsun.reflect.generics.reflectiveObjects.ParameterizedTypeImpl;importxyz.hlh.crypto.annotation.EncryptionAnnotation;importxyz.hlh.crypto.common.entity.Result;importxyz.hlh.crypto.common.exception.CryptoException;importxyz.hlh.crypto.entity.RequestBase;importxyz.hlh.crypto.util.AESUtil;importjava.lang.reflect.Type;/***@authorHLH*@description:*@email17703595860@163.com*@date:Createdin2022/2/415:12*/@ControllerAdvicepublicclassEncryptResponseBodyAdviceimplementsResponseBodyAdvice<Result<?>>{@AutowiredprivateObjectMapperobjectMapper;@Overridepublicbooleansupports(MethodParameterreturnType,Class<?extendsHttpMessageConverter<?>>converterType){ParameterizedTypeImplgenericParameterType=(ParameterizedTypeImpl)returnType.getGenericParameterType();//如果直接是Result,则返回if(genericParameterType.getRawType()==Result.class&&returnType.hasMethodAnnotation(EncryptionAnnotation.class)){returntrue;}if(genericParameterType.getRawType()!=ResponseEntity.class){returnfalse;}//如果是ResponseEntity<Result>for(Typetype:genericParameterType.getActualTypeArguments()){if(((ParameterizedTypeImpl)type).getRawType()==Result.class&&returnType.hasMethodAnnotation(EncryptionAnnotation.class)){returntrue;}}returnfalse;}@SneakyThrows@OverridepublicResult<?>beforeBodyWrite(Result<?>body,MethodParameterreturnType,MediaTypeselectedContentType,Class<?extendsHttpMessageConverter<?>>selectedConverterType,ServerHttpRequestrequest,ServerHttpResponseresponse){//加密Objectdata=body.getData();//如果data为空,直接返回if(data==null){returnbody;}//如果是实体,并且继承了Request,则放入时间戳if(datainstanceofRequestBase){((RequestBase)data).setCurrentTimeMillis(System.currentTimeMillis());}StringdataText=JSONUtil.toJsonStr(data);//如果data为空,直接返回if(StringUtils.isBlank(dataText)){returnbody;}//如果位数小于16,报错if(dataText.length()<16){thrownewCryptoException("加密失败,数据小于16位");}StringencryptText=AESUtil.encryptHex(dataText);returnResult.builder().status(body.getStatus()).data(encryptText).message(body.getMessage()).build();}}5.4 crypto-test5.4.1 结构

5.4.2 重要代码application.yml 配置文件
spring:mvc:format:date-time:yyyy-MM-ddHH:mm:ssdate:yyyy-MM-dd#日期格式化jackson:date-format:yyyy-MM-ddHH:mm:ssTeacher 实体类
packagexyz.hlh.crypto.entity;importlombok.AllArgsConstructor;importlombok.Data;importlombok.EqualsAndHashCode;importlombok.NoArgsConstructor;importorg.hibernate.validator.constraints.Range;importjavax.validation.constraints.NotBlank;importjavax.validation.constraints.NotNull;importjava.io.Serializable;importjava.util.Date;/***@authorHLH*@description:Teacher实体类,使用SpringBoot的validation校验*@email17703595860@163.com*@date:Createdin2022/2/410:21*/@Data@NoArgsConstructor@AllArgsConstructor@EqualsAndHashCode(callSuper=true)publicclassTeacherextendsRequestBaseimplementsSerializable{@NotBlank(message="姓名不能为空")privateStringname;@NotNull(message="年龄不能为空")@Range(min=0,max=150,message="年龄不合法")privateIntegerage;@NotNull(message="生日不能为空")privateDatebirthday;}TestController 测试Controller
packagexyz.hlh.crypto.controller;importorg.springframework.http.ResponseEntity;importorg.springframework.validation.annotation.Validated;importorg.springframework.web.bind.annotation.PostMapping;importorg.springframework.web.bind.annotation.RequestBody;importorg.springframework.web.bind.annotation.RestController;importxyz.hlh.crypto.annotation.DecryptionAnnotation;importxyz.hlh.crypto.annotation.EncryptionAnnotation;importxyz.hlh.crypto.common.entity.Result;importxyz.hlh.crypto.common.entity.ResultBuilder;importxyz.hlh.crypto.entity.Teacher;/***@authorHLH*@description:测试Controller*@email17703595860@163.com*@date:Createdin2022/2/49:16*/@RestControllerpublicclassTestControllerimplementsResultBuilder{/***直接返回对象,不加密*@paramteacherTeacher对象*@return不加密的对象*/@PostMapping("/get")publicResponseEntity<Result<?>>get(@Validated@RequestBodyTeacherteacher){returnsuccess(teacher);}/***返回加密后的数据*@paramteacherTeacher对象*@return返回加密后的数据ResponseBody<Result>格式*/@PostMapping("/encrypt")@EncryptionAnnotationpublicResponseEntity<Result<?>>encrypt(@Validated@RequestBodyTeacherteacher){returnsuccess(teacher);}/***返回加密后的数据*@paramteacherTeacher对象*@return返回加密后的数据Result格式*/@PostMapping("/encrypt1")@EncryptionAnnotationpublicResult<?>encrypt1(@Validated@RequestBodyTeacherteacher){returnsuccess(teacher).getBody();}/***返回解密后的数据*@paramteacherTeacher对象*@return返回解密后的数据*/@PostMapping("/decrypt")@DecryptionAnnotationpublicResponseEntity<Result<?>>decrypt(@Validated@RequestBodyTeacherteacher){returnsuccess(teacher);}}
作者:HLH_2021
https://blog.csdn.net/HLH_2021/article/details/122785888
公众号“Java精选”所发表内容注明来源的,版权归原出处所有(无法查证版权的或者未注明出处的均来自网络,系转载,转载的目的在于传递更多信息,版权属于原作者。如有侵权,请联系,笔者会第一时间删除处理!最近有很多人问,有没有读者交流群!加入方式很简单,公众号Java精选,回复“加群”,即可入群!Java精选面试题(微信小程序):3000+道面试题,包含Java基础、并发、JVM、线程、MQ系列、Redis、Spring系列、Elasticsearch、Docker、K8s、Flink、Spark、架构设计等,在线随时刷题!------ 特别推荐 ------特别推荐:专注分享最前沿的技术与资讯,为弯道超车做好准备及各种开源项目与高效率软件的公众号,「大咖笔记」,专注挖掘好东西,非常值得大家关注。点击下方公众号卡片关注。点击“阅读原文”,了解更多精彩内容!文章有帮助的话,点在看,转发吧!
回复

使用道具 举报

返回列表 发 帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver|手机版|小黑屋| 黑客通

GMT+8, 2025-10-14 18:18 , Processed in 0.103600 second(s), 24 queries .

Powered by Discuz! X3.4

Copyright © 2020, LianLian.

快速回复 返回顶部 返回列表