zoukankan      html  css  js  c++  java
  • http接口安全校验


    @Component
    public class MassageInterceptor implements HandlerInterceptor {

    private static final Logger log = LoggerFactory.getLogger(MassageInterceptor.class);

    /**
    * 进入controller层之前拦截请求
    *
    * @param httpServletRequest
    * @param httpServletResponse
    * @param o
    * @return
    * @throws Exception
    */
    @Override
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
    // 计算校验值 是否与cs匹配
    String bodyJson = httpServletRequest.getAttribute("postParameter").toString();
    String cs = httpServletRequest.getParameter("cs");
    String openkey = "RIqXkbml6dunptIc";
    String openid = httpServletRequest.getParameter("openid");
    String ts = httpServletRequest.getParameter("ts");
    if (StringUtils.isEmpty(openid)) {
    errorResponse(httpServletResponse, "openid不能为空");
    return false;
    }

    if (StringUtils.isEmpty(ts)) {
    errorResponse(httpServletResponse, "时间戳不能为空");
    return false;
    }
    StringBuilder csBuilder = new StringBuilder()
    .append("Data[").append(bodyJson).append("];")
    .append("openid[").append(openid).append("];")
    .append("openkey[").append(openkey).append("];")
    .append("ts[").append(ts).append("];");
    //logger.info("MD5加密字符串:{}", csBuilder.toString());
    if (!cs.equals(MD5Util.md5(csBuilder.toString()))) {
    exceptionResponse(httpServletResponse, "CS验证不通过");
    return false;
    }
    return true;
    }

    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
    // log.info("--------------处理请求完成后视图渲染之前的处理操作---------------");
    }

    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
    //log.info("---------------视图渲染之后的操作-------------------------0");
    }

    private void errorResponse(HttpServletResponse response, String errorMsg) throws Exception {
    response.setCharacterEncoding("UTF-8");
    response.setContentType("application/json; charset=utf-8");
    PrintWriter out = response.getWriter();
    HttpResult resultMsg = new HttpResult();
    resultMsg.setCode(HttpResultConstant.HTTP_ERROR);
    resultMsg.setMsg(errorMsg);
    JSONObject obj = JSONObject.fromObject(resultMsg);
    out.append(obj.toString());
    log.info("接口响应:{}", obj.toString());
    }

    private void exceptionResponse(HttpServletResponse response, String errorMsg) throws Exception {
    response.setCharacterEncoding("UTF-8");
    response.setContentType("application/json; charset=utf-8");
    PrintWriter out = response.getWriter();
    HttpResult resultMsg = new HttpResult();
    resultMsg.setCode(HttpResultConstant.HTTP_EXCEPTION);
    resultMsg.setMsg(errorMsg);
    JSONObject obj = JSONObject.fromObject(resultMsg);
    out.append(obj.toString());
    log.info("接口响应:{}", obj.toString());
    }

    }
  • 相关阅读:
    HDU 4436 str2int (后缀自动机SAM,多串建立)
    HDU 4498 Function Curve (自适应simpson)
    PHP实现微信商户支付企业付款到零钱功能代码实例
    微信支付现金红包接口应用实例代码说明和DEMO详解,适合用来做微信红包营销活动、吸粉利器
    java开发学生信息管理系统的实现(简洁易懂),适合计算机专业学生参考,课程设计、毕业论文设计参考等
    公司注册经营范围大全
    《胡雪岩》影评10篇
    提高淘宝店铺动态评分的四大技巧
    为什么我的淘宝店铺动态评分清零了?
    CC攻击原理及防范方法和如何防范CC攻击
  • 原文地址:https://www.cnblogs.com/pengxupx/p/12787349.html
Copyright © 2011-2022 走看看