自定义鉴权注解AuthCheck.java
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* 自定义鉴权注解
* @author
*
*/
@Documented
@Inherited
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface AuthCheck {
boolean validate() default true;
}
加密辅助类SignUtil.java
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
/**
* 加密辅助类
* @author
* @time 2016-2-25
*/
public class SignUtil {
private static String key = "IXCfWBE5dRfyuIcFmhe2ANQ6VmoRZxRP";
public static String getSign(Map<String,Object> map) throws Exception{
ArrayList<String> list = new ArrayList<String>();
for(Map.Entry<String,Object> entry:map.entrySet()){
if(!entry.getValue().equals("")&& !entry.getKey().equals("sign")){
list.add(entry.getKey() + "=" + entry.getValue() + "&");
}
}
int size = list.size();
String [] arrayToSort = list.toArray(new String[size]);
//先按照字符串长度取短的那个字符串的长度作为条件,然后循环判断两个字符串的第一个字符的ASCII码大小,做出递增排序,如果两个字符串第一个字符的ASCII码一致,则判断第二个字符,以此类推,通过这种方式将字符串通过首字母的ASCII码进行排序。
Arrays.sort(arrayToSort, String.CASE_INSENSITIVE_ORDER);
StringBuilder sb = new StringBuilder();
for(int i = 0; i < size; i ++) {
sb.append(arrayToSort[i]);
}
String result = sb.toString();
result += "key=" + key;
result = MD5Encrypt.encrypt(result).toUpperCase();
return result;
}
}
api拦截器ApiInterceptor.java
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
/**
* api 拦截器
* @author
*
*/
public class ApiInterceptor extends HandlerInterceptorAdapter {
private static Logger logger = LoggerFactory.getLogger(ApiInterceptor.class);
// 10分钟有效请求时间
private static final long REQUEST_TIMEOUT_EXPIRE = 10 * 60 * 1000;
private static final String UTF8 = "utf-8";
private static final String CONTENT_TYPE = "application/json";
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
return true;
// 签名比较
String sign = request.getParameter("sign");
if(handler.getClass().isAssignableFrom(HandlerMethod.class)){
AuthCheck authCheck = ((HandlerMethod) handler).getMethodAnnotation(AuthCheck.class);
//没有声明需要权限,或者声明不验证权限
if(authCheck == null || authCheck.validate() == false){
return true;
}else{
String timestamp = request.getParameter("timestamp");
// 时间戳参数检查
if (StringUtils.isBlank(timestamp)) {
logger.error("签名参数timestamp'{}'为空 requestInfo:{}", timestamp, request.getServletPath());
responseJson(response, "{\"flag\":false,\""+Constants.STATUS+"\":"+CodeConstants.CONNCODECHECK+",\"msg\":\"非法请求,服务器已拒绝!\"}");
return false;
}
// 请求失效检查
long clientTimestamp = new Long(timestamp);
if (!(Math.abs(System.currentTimeMillis() - clientTimestamp) < REQUEST_TIMEOUT_EXPIRE)) {
logger.error("请求已过期 clientTimestampStr:{} requestInfo:{}", timestamp, request.getServletPath());
responseJson(response, "{\"flag\":false,\""+Constants.STATUS+"\":"+CodeConstants.CONNCODECHECK+",\"msg\":\"非法请求,服务器已拒绝!\"}");
return false;
}
// 服务端签名
String serverSign;
// 服务端签名参数
Map<String, Object> paramMap = new HashMap<String, Object>();
Map<String, String[]> parameterMap = request.getParameterMap();
for (String key : parameterMap.keySet()) {
paramMap.put(key, getParamValue(parameterMap.get(key)));
}
serverSign = SignUtil.getSign(paramMap);
//在这里实现自己的权限验证逻辑
if (StringUtils.isBlank(serverSign) || !serverSign.equals(sign)) {//如果验证失败
logger.error("签名不一致 serverSign:{} clientSign:{} requestInfo:{}", new Object[] { serverSign, sign, request.getServletPath() });
responseJson(response, "{\"flag\":false,\""+Constants.STATUS+"\":"+CodeConstants.CONNCODECHECK+",\"msg\":\"非法请求,服务器已拒绝!\"}");
return false;
}else{ //校验成功
return true;
}
}
}
else
return true;
}
/**
* 获取请求中的所有参数
* @param paramValues
* @return
*/
private String getParamValue(String[] paramValues) {
if (paramValues == null) {
return StringUtils.EMPTY;
}
String paramValue = null;
if (paramValues.length == 1) {
paramValue = paramValues[0];
} else if (paramValues.length > 1) {
paramValue = StringUtils.join(paramValues, ",");
}
return StringUtils.defaultString(paramValue);
}
public static void responseJson(HttpServletResponse response, String responseContent) throws IOException {
if (response.isCommitted()) {
logger.info("response.isCommitted()! responseContent:{"+responseContent+"}");
return;
}
response.setCharacterEncoding(UTF8);
response.setContentType(CONTENT_TYPE);
PrintWriter printWriter = response.getWriter();
printWriter.print(responseContent);
printWriter.flush();
printWriter.close();
}
}
版权声明:本文为whalesharks原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。