前vue后springboot端统一修改请求与响应中的标头及body的方法（双向加解密数据传输）

晕死，直接上代码了还不能放首页，如果这样都不行，那不写了

一、结果

 

  

二、过程

vue 端 request.js 核心代码，加解密工具类，请见前面的贴子

// request拦截器
service.interceptors.request.use(config => {
  // 是否需要设置 token
  const isToken = (config.headers || {}).isToken === false
  // 是否需要防止数据重复提交
  const isRepeatSubmit = (config.headers || {}).repeatSubmit === false
  if (getToken() && !isToken) {
    config.headers['Authorization'] = 'Bearer ' + getToken() // 让每个请求携带自定义token 请根据实际情况自行修改
  }
  // get请求映射params参数
  if (config.method === 'get' && config.params) {
    let url = config.url + '?' + tansParams(config.params)
    url = url.slice(0, -1)
    config.params = {}
    config.url = url
  }

  // 1.动态生成密钥 des3 key
  const DES3_KEY_SIZE = 24
  let des3Key = genKey(DES3_KEY_SIZE, true)
  // console.log("des3Key:",des3Key);

  // 2.key 经过rsa ,服务器端公钥加密，再base64, 得到密文key:SecurityKey
  let SecurityKey = RsaEncrypts(des3Key, true, true, false)

  // 3.设置header:SecurityKey
  config.headers['SecurityKey'] = SecurityKey
  // console.log("SecurityKey:",SecurityKey);

  // console.log("config.data:",config.data);
  let plainData = JSON.stringify(config.data)
  // console.log("plainData:", plainData);
  let cipherData = ''
  // 4.将传输body数据des3加密，生成密文body,再base64,再urlcode
  if (config.data != 'undefined') {
    cipherData = encrypt3DES('TripleDES', plainData, des3Key, CryptoJS.mode.CBC, CryptoJS.pad.Pkcs7, true, true, false)
    //  console.log("cipherData:", cipherData);
  }

  // 5. 将密文body，经过base64, SHA256 生成摘要，客户端私钥生成签名，再base64
  let Authentication = RsaSignAuthentication(cipherData, 'PKCS#7', 'SHA256withRSA', true, true, false)

  // 6.设置header:Authentication
  config.headers['Authentication'] = Authentication
  // console.log("Authentication:",Authentication);
  // 7.避免特殊字符丢失 urlcode
  cipherData = encodeURIComponent(cipherData)
  config.data = cipherData

  if (!isRepeatSubmit && (config.method === 'post' || config.method === 'put')) {
    let requestObj = {
      url: config.url,
      data: typeof config.data === 'object' ? JSON.stringify(config.data) : config.data,
      time: new Date().getTime()
    }
    // console.log("发送数据：",requestObj.data);

    const sessionObj = cache.session.getJSON('sessionObj')
    if (sessionObj === undefined || sessionObj === null || sessionObj === '') {
      cache.session.setJSON('sessionObj', requestObj)
    } else {
      const s_url = sessionObj.url                  // 请求地址
      const s_data = sessionObj.data                // 请求数据
      const s_time = sessionObj.time                // 请求时间
      const interval = 1000                         // 间隔时间(ms)，小于此时间视为重复提交
      if (s_data === requestObj.data && requestObj.time - s_time < interval && s_url === requestObj.url) {
        const message = '数据正在处理，请勿重复提交'
        console.warn(`[${s_url}]: ` + message)
        return Promise.reject(new Error(message))
      } else {
        cache.session.setJSON('sessionObj', requestObj)
      }
    }
  }
  return config
}, error => {
  console.log(error)
  Promise.reject(error)
})

// 响应拦截器
service.interceptors.response.use(response => {
    // 未设置状态码则默认成功状态
    const code = response.data.code || 200
    // 获取错误信息
    const message = errorCode[code] || response.data.message || errorCode['default']

    // 注意服务器端有大写字符，但前端接收返回全部小写
    let authentication = response.headers['authentication']
    let securityKey = response.headers.securitykey
    // 不要用console.log("响应结果："+response.headers); 返回[object object]
    // console.log("响应body：",response.data);

    if (authentication) {
      let cipherData = decodeURIComponent(response.data)
      // console.log('接收到服务器端返回body密文：', cipherData)
      let verifyAuthentication = RsaVerifyAuthentication(cipherData, authentication, 'PKCS#7', 'MD5withRSA', true,
        true, false)
      //console.log('通过服务器端的公钥，验签结果：' + verifyAuthentication.toString())
      if (verifyAuthentication) {
        // let key = '1234567890123456'
        // let aesKey = Base64.encode(key);

        //  aesKey ="8A5EzyHtJjklPj4a9NWwXw==";
        // console.log('测试，得到aeskey:' + aesKey)

        let aesKey = RsaDecrypts(securityKey, true, true, false)
        // console.log('通过客户端的私钥解密得到明文key：', aesKey)

        //  let plain = '依芸 abcdef 123'
        // let cipherData = encryptAES('AES', plain, aesKey, CryptoJS.mode.CBC, CryptoJS.pad.Pkcs7, true, true, false)
        // console.log('测试，加密得到密文数据：', cipherData)

        // let plainData = decryptAES('AES', cipherData, aesKey, CryptoJS.mode.CBC, CryptoJS.pad.Pkcs7, true, true, false)
        // console.log('测试，解密得到明文数据：', plainData)

        let plainData = decryptAES('AES', cipherData, aesKey, CryptoJS.mode.CBC, CryptoJS.pad.Pkcs7, true, true, false)
        // console.log('通过解密密钥后再aes解密body密文得到明文body：', plainData)

        response.data = JSON.parse(plainData)
        // 转换成json对象
      }
    }

    // 二进制数据则直接返回
    if (response.request.responseType === 'blob' || response.request.responseType === 'arraybuffer') {
      return response.data
    }

    if (code === 401) {
      if (!isReloginShow) {
        isReloginShow = true
        MessageBox.confirm('登录状态已过期，您可以继续留在该页面，或者重新登录', '系统提示', {
            confirmButtonText: '重新登录',
            cancelButtonText: '取消',
            type: 'warning'
          }
        ).then(() => {
          isReloginShow = false
          store.dispatch('LogOut').then(() => {
            // 如果是登录页面不需要重新加载
            if (window.location.hash.indexOf('#/login') != 0) {
              location.href = '/index'
            }
          })
        }).catch(() => {
          isReloginShow = false
        })
      }
      return Promise.reject('无效的会话，或者会话已过期，请重新登录。')
    } else if (code === 500) {
      Message({
        message: message,
        type: 'error'
      })
      return Promise.reject(new Error(message))
    } else if (code !== 200) {
      Notification.error({
        title: message
      })
      return Promise.reject('error')
    } else {
      return response.data
    }
  },
  error => {
    console.log('err' + error)
    let { message } = error
    if (message == 'Network Error') {
      message = '后端接口连接异常'
    } else if (message.includes('timeout')) {
      message = '系统接口请求超时'
    } else if (message.includes('Request failed with status code')) {
      message = '系统接口' + message.substr(message.length - 3) + '异常'
    }
    Message({
      message: message,
      type: 'error',
      duration: 5 * 1000
    })
    return Promise.reject(error)
  }
)

spring boot 端 核心代码  加解密工具类，请见前面的贴子

DecodeRequestBodyAdvice.java

package com.ruoyi.framework.interceptor;

import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.utils.enDeCrypt.RsaUtil;
import com.ruoyi.common.utils.enDeCrypt.TripleDesUtil;
import com.ruoyi.common.utils.enDeCrypt.UrlCode;
import lombok.SneakyThrows;
import org.springframework.core.MethodParameter;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpInputMessage;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice;

import java.io.*;
import java.lang.reflect.Type;
import java.nio.charset.StandardCharsets;

/**
 * @author x8023z
 */
@ControllerAdvice(basePackages = "com.ruoyi.web.controller")
public class DecodeRequestBodyAdvice implements RequestBodyAdvice {
    @Override
    public boolean supports(MethodParameter methodParameter, Type type, Class<? extends HttpMessageConverter<?>> aClass) {
        //true开启功能，false关闭这个功能
        return true;
    }

    @Override
    public Object handleEmptyBody(Object body, HttpInputMessage httpInputMessage, MethodParameter methodParameter, Type type, Class<? extends HttpMessageConverter<?>> aClass) {
        return body;
    }

    //在读取请求之前处理
    @SneakyThrows
    @Override
    public HttpInputMessage beforeBodyRead(HttpInputMessage httpInputMessage, MethodParameter methodParameter, Type type, Class<? extends HttpMessageConverter<?>> aClass) throws IOException {
        if (httpInputMessage.getBody().available() <= 0) {
            return httpInputMessage;
        }
        String SecurityKey = httpInputMessage.getHeaders().get("SecurityKey").get(0);
        //System.out.println("SecurityKey:"+SecurityKey);
        String Authentication = httpInputMessage.getHeaders().get("Authentication").get(0);
        //  System.out.println("Authentication:"+Authentication);

        byte[] requestDataByte = new byte[httpInputMessage.getBody().available()];
        httpInputMessage.getBody().read(requestDataByte);
        byte[] requestDataByteNew = null;
        try {
            // 解密
            requestDataByteNew = this.decryptBody(requestDataByte, SecurityKey, Authentication);
        } catch (IOException e) {
            throw new RuntimeException("解密异常");
        }
        // 使用解密后的数据，构造新的读取流
        InputStream rawInputStream = new ByteArrayInputStream(requestDataByteNew);
        return new HttpInputMessage() {
            @Override
            public HttpHeaders getHeaders() {
                return httpInputMessage.getHeaders();
            }

            @Override
            public InputStream getBody() throws IOException {
                return rawInputStream;
            }
        };
    }


    /**
     * 在Http消息转换器执转换，之后执行
     * body 转换后的对象
     * inputMessage 客户端的请求数据
     * parameter handler方法的参数类型
     * targetType handler方法的参数类型
     * converterType 使用的Http消息转换器类类型
     *
     * @return 返回一个新的对象
     */
    @Override
    public Object afterBodyRead(Object body, HttpInputMessage httpInputMessage, MethodParameter methodParameter, Type type, Class<? extends HttpMessageConverter<?>> aClass) {
        return body;
    }


    /**
     * SHA256签名验证,DES3解密
     *
     * @param requestBytes
     * @return
     */
    public byte[] decryptBody(byte[] requestBytes, String SecurityKey, String Authentication) throws Exception {
        byte[] byteResult = new byte[0];
        if (requestBytes.length <= 0) {
            return byteResult;
        }

        //1. urldecode 得到base64 body
        String requestData = new String(requestBytes, StandardCharsets.UTF_8);
        UrlCode urlCode = new UrlCode();
        String urlDecodeData = urlCode.decodeURL(requestData, StandardCharsets.UTF_8).trim();
        // System.out.println("密文body:"+urlDecodeData);

        RsaUtil rsaUtil = null;
        String des3Key = "";

        rsaUtil = new RsaUtil(true, Constants.RSA_CBC_PKCS7, Constants.SHA256WITHRSA);
        boolean isVerifyPassed = rsaUtil.verifySignPublicKey(urlDecodeData, Authentication, Constants.PUBLICKEY_C, true, true, false);
        //System.out.println("isVerifyPassed:"+isVerifyPassed);

        //2.先sha256withrsa 验证签名再解密密钥，再des3解密数据
        String plainBody = "";
        if (isVerifyPassed) {
            rsaUtil = new RsaUtil(true);
            //3.解密des3key  rsa RSA_PKCS1_PADDING 解密
            des3Key = rsaUtil.decryptByPrivateKey(SecurityKey, Constants.PRRIVATEKEY_S, true, true, false);
            // System.out.println("des3Key:"+des3Key);
            if (des3Key != null) {
                //4. des3解密body
                TripleDesUtil tripleDes = new TripleDesUtil(urlDecodeData, Constants.DESEDE, des3Key, Constants.DES3_KEY_SIZE, Constants.DES3_IV, Constants.DES3_CBC_PKCS7, Constants.UTF8, true, true);
                plainBody = tripleDes.decode();
                // System.out.println("plainBody:"+plainBody);
                //验证通过，返回解密后的参数
                return plainBody.getBytes(StandardCharsets.UTF_8);
            } else {
                //解密des3key异常
                throw new RuntimeException("解密密钥异常");
            }
        } else {
            throw new RuntimeException("验签异常");
            //验签异常
        }
    }
}

EncodeResponseBodyAdvice.java

package com.ruoyi.framework.interceptor;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.serializer.SerializerFeature;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.utils.enDeCrypt.AesUtil;
import com.ruoyi.common.utils.enDeCrypt.RsaUtil;
import lombok.SneakyThrows;
import org.springframework.core.MethodParameter;
import org.springframework.http.MediaType;
import org.springframework.http.server.ServerHttpRequest;
import org.springframework.http.server.ServerHttpResponse;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;
import java.net.URLEncoder;

/**
 * @author EvianZou
 */
@ControllerAdvice(basePackages = "com.ruoyi.web.controller")
public class EncodeResponseBodyAdvice implements ResponseBodyAdvice {

    @Override
    public boolean supports(MethodParameter methodParameter, Class aClass) {
        return true;
    }

    @SneakyThrows
    @Override
    public Object beforeBodyWrite(Object o, MethodParameter methodParameter, MediaType mediaType, Class aClass, ServerHttpRequest serverHttpRequest, ServerHttpResponse serverHttpResponse) {
        String body = JSON.toJSONString(o, SerializerFeature.DisableCircularReferenceDetect);

        RsaUtil rsaUtil = new RsaUtil(true);
        AesUtil aesUtil = new AesUtil();

        // 密钥：动态生成AESKey,RSA客户端公钥加密,再base64
        rsaUtil.setSignAlgorithm(Constants.SHA1WITHRSA);
        rsaUtil.setPaddingMode(Constants.RSA_ECB_PKCS1);

        String aesKey = aesUtil.getAesSecretKey(Constants.AES, Constants.PASSWORD, true);
        String securityKey = rsaUtil.encryptByPublicKey(aesKey, Constants.PUBLICKEY_C, true, true, false);
        // System.out.println("通过客户端公钥rsa加密密钥得到密文key：" + securityKey);

        // 服务器端作为发送方
        // 签名 传输数据转json字符串,base64，MD5摘要，RSA服务器端私钥生成签名,base64
        rsaUtil.setSignAlgorithm(Constants.MD5WITHRSA);
        rsaUtil.setPaddingMode(Constants.RSA_ECB_PKCS7);

        // 密钥、密文 是否utf8,是否base64,是否hex 都影响前后端加解密是否一致。jdk1.8以下版本默认不支持aes密钥长度为256
        String cipherData = aesUtil.encode(body, aesKey, Constants.AES_CBC_PKCS7, Constants.AES_IV, true, true, false);
        // System.out.println("通过明文key加密body得到密文body:"+cipherData);

        /*
        //String  plainText = aesUtil.decode(cipherText,aesKey,Constants.AES_CBC_PKCS7,Constants.AES_IV,true,true,false);
        //System.out.println("通过明文key解密body得到明文body：" + plainText);

        // aesKey="1234567890123456";
        // aesKey = DatatypeConverter.printBase64Binary(aesKey.getBytes(StandardCharsets.UTF_8));
        //  aesKey = "8A5EzyHtJjklPj4a9NWwXw==";
        // System.out.println("测试,得到aesKey：" + aesKey);

        // String test = aesUtil.encode("邹依芸 abcdef 123",aesKey,Constants.AES_CBC_PKCS7,Constants.AES_IV,true,true,false);
        // System.out.println("测试,加密得到密文数据：" + test);

        //  test = aesUtil.decode(test,aesKey,Constants.AES_CBC_PKCS7,Constants.AES_IV,true,true,false);
        // System.out.println("测试,解密得到明文数据：" + test);
        */

        String authentication = rsaUtil.signByPrivateKey(cipherData, Constants.PRRIVATEKEY_S, true, true, false);
        // System.out.println("通过服务器端的私钥key生成摘要得到签名" + authentication);

        serverHttpResponse.getHeaders().set("Access-Control-Expose-Headers", "Authentication,SecurityKey");

        // 密钥：动态生成AESKey,RSA客户端公钥加密,再base64
        serverHttpResponse.getHeaders().set("SecurityKey", securityKey);

        // 服务器端作为发送方
        // 签名 传输数据转json字符串,base64，MD5摘要，RSA服务器端私钥生成签名
        serverHttpResponse.getHeaders().set("Authentication", authentication);

        // 不直接返回加密字符串,因为控制层使用了@ResponseBody注解,直接返回字符串会在前后各多出一个双引号

        // 解决数据传输丢失特殊符号问题：如url特殊字符, 丢失+号，+号变成了空格
        return URLEncoder.encode(cipherData,Constants.UTF8);
    }

}

三、原理

1、springboot: 切面

RequestBodyAdvice 可以理解为在 @RequestBody 之前需要进行操作，ResponseBodyAdvice 可以理解为在 @ResponseBody 之后进行的操作，所以当接口需要加解密时，在使用 @RequestBody 接收前台参数之前可以先在 RequestBodyAdvice 的实现类中进行参数的解密，当操作结束需要返回数据时，可以在@ResponseBody之后进入ResponseBodyAdvice的实现类中进行参数的加密。

2、Vue中使用axios封装的全局拦截器，拦截器（英文：Interceptors）会在每次发起 ajax 请求和得到响应的时候自动被触发。

3、加解密逻辑说明