SpringBoot中怎么實現(xiàn)接口數(shù)據(jù)的加解密功能

這篇文章給大家介紹SpringBoot中怎么實現(xiàn)接口數(shù)據(jù)的加解密功能，內(nèi)容非常詳細，感興趣的小伙伴們可以參考借鑒，希望對大家能有所幫助。

一、加密方案介紹

對接口的加密解密操作主要有下面兩種方式：

自定義消息轉(zhuǎn)換器

優(yōu)勢：僅需實現(xiàn)接口，配置簡單。劣勢：僅能對同一類型的MediaType進行加解密操作，不靈活。

使用spring提供的接口RequestBodyAdvice和ResponseBodyAdvice優(yōu)勢：可以按照請求的Referrer、Header或url進行判斷，按照特定需要進行加密解密。

比如在一個項目升級的時候，新開發(fā)功能的接口需要加解密，老功能模塊走之前的邏輯不加密，這時候就只能選擇上面的第二種方式了，下面主要介紹下第二種方式加密、解密的過程。

二、實現(xiàn)原理

RequestBodyAdvice可以理解為在@RequestBody之前需要進行的 操作，ResponseBodyAdvice可以理解為在@ResponseBody之后進行的操作，所以當(dāng)接口需要加解密時，在使用@RequestBody接收前臺參數(shù)之前可以先在RequestBodyAdvice的實現(xiàn)類中進行參數(shù)的解密，當(dāng)操作結(jié)束需要返回數(shù)據(jù)時，可以在@ResponseBody之后進入ResponseBodyAdvice的實現(xiàn)類中進行參數(shù)的加密。

RequestBodyAdvice處理請求的過程：

RequestBodyAdvice源碼如下：

public interface RequestBodyAdvice { boolean supports(MethodParameter methodParameter, Type targetType,   Class<? extends HttpMessageConverter<?>> converterType); HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter,   Type targetType, Class<? extends HttpMessageConverter<?>> converterType) throws IOException; Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter,   Type targetType, Class<? extends HttpMessageConverter<?>> converterType); @Nullable Object handleEmptyBody(@Nullable Object body, HttpInputMessage inputMessage, MethodParameter parameter,   Type targetType, Class<? extends HttpMessageConverter<?>> converterType);}

調(diào)用RequestBodyAdvice實現(xiàn)類的部分代碼如下：

protected <T> Object readWithMessageConverters(HttpInputMessage inputMessage, MethodParameter parameter,   Type targetType) throws IOException, HttpMediaTypeNotSupportedException, HttpMessageNotReadableException {  MediaType contentType;  boolean noContentType = false;  try {   contentType = inputMessage.getHeaders().getContentType();  }  catch (InvalidMediaTypeException ex) {   throw new HttpMediaTypeNotSupportedException(ex.getMessage());  }  if (contentType == null) {   noContentType = true;   contentType = MediaType.APPLICATION_OCTET_STREAM;  }  Class<?> contextClass = parameter.getContainingClass();  Class<T> targetClass = (targetType instanceof Class ? (Class<T>) targetType : null);  if (targetClass == null) {   ResolvableType resolvableType = ResolvableType.forMethodParameter(parameter);   targetClass = (Class<T>) resolvableType.resolve();  }  HttpMethod httpMethod = (inputMessage instanceof HttpRequest ? ((HttpRequest) inputMessage).getMethod() : null);  Object body = NO_VALUE;  EmptyBodyCheckingHttpInputMessage message;  try {   message = new EmptyBodyCheckingHttpInputMessage(inputMessage);   for (HttpMessageConverter<?> converter : this.messageConverters) {    Class<HttpMessageConverter<?>> converterType = (Class<HttpMessageConverter<?>>) converter.getClass();    GenericHttpMessageConverter<?> genericConverter =      (converter instanceof GenericHttpMessageConverter ? (GenericHttpMessageConverter<?>) converter : null);    if (genericConverter != null ? genericConverter.canRead(targetType, contextClass, contentType) :      (targetClass != null && converter.canRead(targetClass, contentType))) {     if (logger.isDebugEnabled()) {      logger.debug("Read [" + targetType + "] as \"" + contentType + "\" with [" + converter + "]");     }     if (message.hasBody()) {      HttpInputMessage msgToUse =        getAdvice().beforeBodyRead(message, parameter, targetType, converterType);      body = (genericConverter != null ? genericConverter.read(targetType, contextClass, msgToUse) :        ((HttpMessageConverter<T>) converter).read(targetClass, msgToUse));      body = getAdvice().afterBodyRead(body, msgToUse, parameter, targetType, converterType);     }     else {      body = getAdvice().handleEmptyBody(null, message, parameter, targetType, converterType);     }     break;    }   }  }  catch (IOException ex) {   throw new HttpMessageNotReadableException("I/O error while reading input message", ex);  }  if (body == NO_VALUE) {   if (httpMethod == null || !SUPPORTED_METHODS.contains(httpMethod) ||     (noContentType && !message.hasBody())) {    return null;   }   throw new HttpMediaTypeNotSupportedException(contentType, this.allSupportedMediaTypes);  }  return body; }

從上面源碼可以到當(dāng)converter.canRead()和message.hasBody()都為true的時候，會調(diào)用beforeBodyRead()和afterBodyRead()方法，所以我們在實現(xiàn)類的afterBodyRead()中添加解密代碼即可。

ResponseBodyAdvice處理響應(yīng)的過程：

ResponseBodyAdvice源碼如下：

public interface ResponseBodyAdvice<T> { boolean supports(MethodParameter returnType, Class<? extends HttpMessageConverter<?>> converterType); @Nullable T beforeBodyWrite(@Nullable T body, MethodParameter returnType, MediaType selectedContentType,   Class<? extends HttpMessageConverter<?>> selectedConverterType,   ServerHttpRequest request, ServerHttpResponse response);}

調(diào)用ResponseBodyAdvice實現(xiàn)類的部分代碼如下：

if (selectedMediaType != null) {   selectedMediaType = selectedMediaType.removeQualityValue();   for (HttpMessageConverter<?> converter : this.messageConverters) {    GenericHttpMessageConverter genericConverter =      (converter instanceof GenericHttpMessageConverter ? (GenericHttpMessageConverter<?>) converter : null);    if (genericConverter != null ?      ((GenericHttpMessageConverter) converter).canWrite(declaredType, valueType, selectedMediaType) :      converter.canWrite(valueType, selectedMediaType)) {     outputValue = (T) getAdvice().beforeBodyWrite(outputValue, returnType, selectedMediaType,       (Class<? extends HttpMessageConverter<?>>) converter.getClass(),       inputMessage, outputMessage);     if (outputValue != null) {      addContentDispositionHeader(inputMessage, outputMessage);      if (genericConverter != null) {       genericConverter.write(outputValue, declaredType, selectedMediaType, outputMessage);      }      else {       ((HttpMessageConverter) converter).write(outputValue, selectedMediaType, outputMessage);      }      if (logger.isDebugEnabled()) {       logger.debug("Written [" + outputValue + "] as \"" + selectedMediaType +         "\" using [" + converter + "]");      }     }     return;    }   }  }

從上面源碼可以到當(dāng)converter.canWrite()為true的時候，會調(diào)用beforeBodyWrite()方法，所以我們在實現(xiàn)類的beforeBodyWrite()中添加解密代碼即可。

三、實戰(zhàn)

新建一個spring boot項目spring-boot-encry，按照下面步驟操作。

pom.xml中引入jar

<dependencies>  <dependency>   <groupId>org.springframework.boot</groupId>   <artifactId>spring-boot-starter-web</artifactId>  </dependency>  <dependency>   <groupId>org.projectlombok</groupId>   <artifactId>lombok</artifactId>   <optional>true</optional>  </dependency>  <dependency>   <groupId>org.springframework.boot</groupId>   <artifactId>spring-boot-starter-test</artifactId>   <scope>test</scope>   <exclusions>    <exclusion>     <groupId>org.junit.vintage</groupId>     <artifactId>junit-vintage-engine</artifactId>    </exclusion>   </exclusions>  </dependency>  <dependency>   <groupId>com.alibaba</groupId>   <artifactId>fastjson</artifactId>   <version>1.2.60</version>  </dependency> </dependencies>

請求參數(shù)解密攔截類

DecryptRequestBodyAdvice代碼如下：

/** * 請求參數(shù) 解密操作 * * @Author: Java碎碎念 * @Date: 2019/10/24 21:31 * */@Component@ControllerAdvice(basePackages = "com.example.springbootencry.controller")@Slf4jpublic class DecryptRequestBodyAdvice implements RequestBodyAdvice { @Override public boolean supports(MethodParameter methodParameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {  return true; } @Override public HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter methodParameter, Type targetType, Class<? extends HttpMessageConverter<?>> selectedConverterType) throws IOException {  return inputMessage; } @Override public Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {  String dealData = null;  try {   //解密操作   Map<String,String> dataMap = (Map)body;   String srcData = dataMap.get("data");   dealData = DesUtil.decrypt(srcData);  } catch (Exception e) {   log.error("異常！", e);  }  return dealData; } @Override public Object handleEmptyBody(@Nullable Object var1, HttpInputMessage var2, MethodParameter var3, Type var4, Class<? extends HttpMessageConverter<?>> var5) {  log.info("3333");  return var1; }}

響應(yīng)參數(shù)加密攔截類

EncryResponseBodyAdvice代碼如下：

/** * 請求參數(shù) 解密操作 * * @Author: Java碎碎念 * @Date: 2019/10/24 21:31 * */@Component@ControllerAdvice(basePackages = "com.example.springbootencry.controller")@Slf4jpublic class EncryResponseBodyAdvice implements ResponseBodyAdvice<Object> { @Override public boolean supports(MethodParameter returnType, Class<? extends HttpMessageConverter<?>> converterType) {  return true; } @Override public Object beforeBodyWrite(Object obj, MethodParameter returnType, MediaType selectedContentType,         Class<? extends HttpMessageConverter<?>> selectedConverterType, ServerHttpRequest serverHttpRequest,         ServerHttpResponse serverHttpResponse) {  //通過 ServerHttpRequest的實現(xiàn)類ServletServerHttpRequest 獲得HttpServletRequest  ServletServerHttpRequest sshr = (ServletServerHttpRequest) serverHttpRequest;  //此處獲取到request 是為了取到在攔截器里面設(shè)置的一個對象 是我項目需要,可以忽略  HttpServletRequest request = sshr.getServletRequest();  String returnStr = "";  try {   //添加encry header，告訴前端數(shù)據(jù)已加密   serverHttpResponse.getHeaders().add("encry", "true");   String srcData = JSON.toJSONString(obj);   //加密   returnStr = DesUtil.encrypt(srcData);   log.info("接口={},原始數(shù)據(jù)={},加密后數(shù)據(jù)={}", request.getRequestURI(), srcData, returnStr);  } catch (Exception e) {   log.error("異常！", e);  }  return returnStr; }

新建controller類

TestController代碼如下：

/** * @Author: Java碎碎念 * @Date: 2019/10/24 21:40 */@RestControllerpublic class TestController { Logger log = LoggerFactory.getLogger(getClass()); /**  * 響應(yīng)數(shù)據(jù) 加密  */ @RequestMapping(value = "/sendResponseEncryData") public Result sendResponseEncryData() {  Result result = Result.createResult().setSuccess(true);  result.setDataValue("name", "Java碎碎念");  result.setDataValue("encry", true);  return result; } /**  * 獲取 解密后的 請求參數(shù)  */ @RequestMapping(value = "/getRequestData") public Result getRequestData(@RequestBody Object object) {  log.info("controller接收的參數(shù)object={}", object.toString());  Result result = Result.createResult().setSuccess(true);  return result; }}

其他類在源碼中，后面有g(shù)ithub地址

四、測試

訪問響應(yīng)數(shù)據(jù)加密接口

使用postman發(fā)請求http://localhost:8888/sendResponseEncryData，可以看到返回數(shù)據(jù)已加密，請求截圖如下：

響應(yīng)數(shù)據(jù)加密截圖

后臺也打印相關(guān)的日志，內(nèi)容如下：

接口=/sendResponseEncryData

原始數(shù)據(jù)={"data":{"encry":true,"name":"Java碎碎念"},"success":true}

加密后數(shù)據(jù)=vJc26g3SQRU9gAJdG7rhnAx6Ky/IhgioAgdwi6aLMMtyynAB4nEbMxvDsKEPNIa5bQaT7ZAImAL7

3VeicCuSTA==

訪問請求數(shù)據(jù)解密接口

使用postman發(fā)請求http://localhost:8888/getRequestData，可以看到請求數(shù)據(jù)已解密，請求截圖如下：

請求數(shù)據(jù)解密截圖

后臺也打印相關(guān)的日志，內(nèi)容如下：

接收到原始請求數(shù)據(jù)={"data":"VwLvdE8N6FuSxn/jRrJavATopaBA3M1QEN+9bkuf2jPwC1eSofgahQ=="}解密后數(shù)據(jù)={"name":"Java碎碎念","des":"請求參數(shù)"}

關(guān)于SpringBoot中怎么實現(xiàn)接口數(shù)據(jù)的加解密功能就分享到這里了，希望以上內(nèi)容可以對大家有一定的幫助，可以學(xué)到更多知識。如果覺得文章不錯，可以把它分享出去讓更多的人看到。