All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.shoulder.crypto.negotiation.support.server.SensitiveRequestDecryptAdvance Maven / Gradle / Ivy

Go to download

Shoulder 提供的 协商加密模块,用于非信任网络环境下的安全通信。基于 DH + ECC 实现先进的加密算法协商算法,比传统的 DH + DES 协商算法性能显著更高,更安全。

There is a newer version: 1.0.0-M2.2
Show newest version
package org.shoulder.crypto.negotiation.support.server;

import org.shoulder.crypto.negotiation.cache.TransportCipherHolder;
import org.shoulder.crypto.negotiation.cipher.TransportTextCipher;
import org.shoulder.crypto.negotiation.dto.SensitiveFieldWrapper;
import org.shoulder.crypto.negotiation.support.Sensitive;
import org.shoulder.crypto.negotiation.util.SensitiveFieldCache;
import org.springframework.core.MethodParameter;
import org.springframework.http.HttpInputMessage;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.util.CollectionUtils;
import org.springframework.web.bind.annotation.RestControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdviceAdapter;

import java.lang.reflect.Method;
import java.lang.reflect.Type;
import java.util.List;

/**
 * 服务端敏感api接口拦截器
 * 只拦截握手完毕后的加密接口,即只拦截header中带 xSessionId 和 xDk 的请求。
 * order 一般在最早生效,如监控、日志拦截器之后,其他拦截器之前,具体顺序由具体场景决定
 * RequestBodyAdvice仅对使用了@RqestBody注解的生效
 *
 * @author lym
 * @see SensitiveRequestDecryptHandlerInterceptor 解密器在这里创建
 */
@RestControllerAdvice
public class SensitiveRequestDecryptAdvance extends RequestBodyAdviceAdapter {

    @Override
    public boolean supports(MethodParameter methodParameter, Type targetType, Class> converterType) {
        // 只拦截带 @Sensitive 的接口
        Method method = methodParameter.getMethod();
        return method != null && method.isAnnotationPresent(Sensitive.class);
    }

    /**
     * 读取请求体参数后执行,解密参数
     */
    @Override
    public Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType,
                                Class> converterType) {

        Class resultClazz = body.getClass();
        TransportTextCipher cipher = TransportCipherHolder.removeRequestCipher();
        List securityResultField = SensitiveFieldCache.findSensitiveResponseFieldInfo(resultClazz);
        if (!CollectionUtils.isEmpty(securityResultField)) {
            // 解密
            SensitiveFieldCache.handleSensitiveData(body, securityResultField, cipher);
        }
        return body;
    }


}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy