zoukankan      html  css  js  c++  java

  • http接口安全校验


    @Component
    public class MassageInterceptor implements HandlerInterceptor {

        private static final Logger log = LoggerFactory.getLogger(MassageInterceptor.class);

        /**
         * 进入controller层之前拦截请求
         *
         * @param httpServletRequest
         * @param httpServletResponse
         * @param o
         * @return
         * @throws Exception
         */
        @Override
        public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
            // 计算校验值 是否与cs匹配
            String bodyJson = httpServletRequest.getAttribute("postParameter").toString();
            String cs = httpServletRequest.getParameter("cs");
            String openkey = "RIqXkbml6dunptIc";
            String openid = httpServletRequest.getParameter("openid");
            String ts = httpServletRequest.getParameter("ts");
            if (StringUtils.isEmpty(openid)) {
                errorResponse(httpServletResponse, "openid不能为空");
                return false;
            }

            if (StringUtils.isEmpty(ts)) {
                errorResponse(httpServletResponse, "时间戳不能为空");
                return false;
            }
            StringBuilder csBuilder = new StringBuilder()
                    .append("Data[").append(bodyJson).append("];")
                    .append("openid[").append(openid).append("];")
                    .append("openkey[").append(openkey).append("];")
                    .append("ts[").append(ts).append("];");
            //logger.info("MD5加密字符串:{}", csBuilder.toString());
            if (!cs.equals(MD5Util.md5(csBuilder.toString()))) {
                exceptionResponse(httpServletResponse, "CS验证不通过");
                return false;
            }
            return true;
        }

        @Override
        public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
            // log.info("--------------处理请求完成后视图渲染之前的处理操作---------------");
        }

        @Override
        public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
            //log.info("---------------视图渲染之后的操作-------------------------0");
        }

        private void errorResponse(HttpServletResponse response, String errorMsg) throws Exception {
            response.setCharacterEncoding("UTF-8");
            response.setContentType("application/json; charset=utf-8");
            PrintWriter out = response.getWriter();
            HttpResult resultMsg = new HttpResult();
            resultMsg.setCode(HttpResultConstant.HTTP_ERROR);
            resultMsg.setMsg(errorMsg);
            JSONObject obj = JSONObject.fromObject(resultMsg);
            out.append(obj.toString());
            log.info("接口响应:{}", obj.toString());
        }

        private void exceptionResponse(HttpServletResponse response, String errorMsg) throws Exception {
            response.setCharacterEncoding("UTF-8");
            response.setContentType("application/json; charset=utf-8");
            PrintWriter out = response.getWriter();
            HttpResult resultMsg = new HttpResult();
            resultMsg.setCode(HttpResultConstant.HTTP_EXCEPTION);
            resultMsg.setMsg(errorMsg);
            JSONObject obj = JSONObject.fromObject(resultMsg);
            out.append(obj.toString());
            log.info("接口响应:{}", obj.toString());
        }

    }
  • 相关阅读:
    HDU 4436 str2int (后缀自动机SAM,多串建立)
    HDU 4498 Function Curve (自适应simpson)
    PHP实现微信商户支付企业付款到零钱功能代码实例
    微信支付现金红包接口应用实例代码说明和DEMO详解,适合用来做微信红包营销活动、吸粉利器
    java开发学生信息管理系统的实现(简洁易懂),适合计算机专业学生参考,课程设计、毕业论文设计参考等
    公司注册经营范围大全
    《胡雪岩》影评10篇
    提高淘宝店铺动态评分的四大技巧
    为什么我的淘宝店铺动态评分清零了?
    CC攻击原理及防范方法和如何防范CC攻击
  • 原文地址:https://www.cnblogs.com/pengxupx/p/12787349.html
Copyright © 2011-2022 走看看