需求背景:与客户端通信内容需要加密。客户端将请求参数进行加密,服务端对响应结果进行加密。
那么对于后端而言,最方便的就是在过滤器里面对请求、响应进行统一处理了。这里需要涉及到HttpServletRequestWrapper与HttpServletResponseWrapper。
【1】请求处理
如下所示ParameterRequestWrapper 继承自HttpServletRequestWrapper ,重写获取参数的方法。
/**
* Created by jianggc at 2022/4/5.
*/
public class ParameterRequestWrapper extends HttpServletRequestWrapper {
private Map<String , String[]> params = new HashMap<String, String[]>();
("unchecked")
public ParameterRequestWrapper(HttpServletRequest request) {
// 将request交给父类,以便于调用对应方法的时候,将其输出
super(request);
//将参数表,赋予给当前的Map以便于持有request中的参数
this.params.putAll(request.getParameterMap());
}
//重载一个构造方法
public ParameterRequestWrapper(HttpServletRequest request , Map<String , Object> extendParams) {
this(request);
addAllParameters(extendParams);//这里将扩展参数写入参数表
}
public String getParameter(String name) {//重写getParameter,代表参数从当前类中的map获取
String[]values = params.get(name);
if(values == null || values.length == 0) {
return null;
}
return values[0];
}
public Enumeration<String> getParameterNames() {
return new Vector(params.keySet()).elements();
}
public String[] getParameterValues(String name) {
String[] values = params.get(name);
if (values == null || values.length == 0) {
return null;
}
return values;
}
public void addAllParameters(Map<String , Object>otherParams) {//增加多个参数
for(Map.Entry<String , Object>entry : otherParams.entrySet()) {
addParameter(entry.getKey() , entry.getValue());
}
}
public void addParameter(String name , Object value) {//增加参数
if(value != null) {
if(value instanceof String[]) {
params.put(name , (String[])value);
}else if(value instanceof String) {
params.put(name , new String[] {(String)value});
}else {
params.put(name , new String[] {String.valueOf(value)});
}
}
}
}
上面给了入口方法addAllParameters让你可以放入需要的数据。这个操作是在过滤器里面处理的。
由于与客户端协商了参数传递方式为params=encrypt(userName=jane&mobile=13813813800),所以这里我们对params进行处理,回复为springboot喜欢的格式。
/**
* Created by jianggc at 2022/4/5.
*/
(urlPatterns={"/*"})
public class RequestAesFilter implements Filter {
private static final Logger logger= LoggerFactory.getLogger(RequestAesFilter.class);
public void doFilter(ServletRequest servletRequest, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// 获取request
HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
String params = httpServletRequest.getParameter("params");
Map<String,Object> parmMap= new HashMap<>();
if(!StringUtils.isEmpty(params)){
try {
String decryptBase64 = AesUtils.decryptBase64(params, AesUtils.aesKey);
String[] split = decryptBase64.split("&");
for(String entry:split){
String[] strings = entry.split("=");
parmMap.put(strings[0],strings[1]);
}
} catch (Exception e) {
logger.error(e.getMessage(),e);
}
}
logger.debug("解密后的parmMap:{}",parmMap);
ParameterRequestWrapper pr = new ParameterRequestWrapper(httpServletRequest, parmMap);
chain.doFilter(pr, response);
}
}
【2】响应处理
这里ResponseWrapper继承自HttpServletResponseWrapper提供了写入和读取的方法。
public class ResponseWrapper extends HttpServletResponseWrapper {
// 真正缓存数据的流
private ByteArrayOutputStream byteArrayOutputStream = null;
private ServletOutputStream servletOutputStream = null;
private PrintWriter writer = null;
public ResponseWrapper(HttpServletResponse response) {
super(response);
// TODO Auto-generated constructor stub
byteArrayOutputStream = new ByteArrayOutputStream();
servletOutputStream = new WrapperOutputStream(byteArrayOutputStream);
writer = new PrintWriter(byteArrayOutputStream);
}
/**
* 当获取字节输出流时,实际获取的是我们自己包装的字节输出流
*/
public ServletOutputStream getOutputStream() {
return servletOutputStream;
}
/**
* 当获取字符输出流时,实际获取的是我们自己包装的字符输出流
*/
public PrintWriter getWriter() {
return writer;
}
public void flushBuffer() throws IOException {
if (servletOutputStream != null) {
servletOutputStream.flush();
}
if (writer != null) {
writer.flush();
}
}
public Map<String, String> getHeaders() {
Map<String, String> headers = new HashMap(0);
Iterator var3 = this.getHeaderNames().iterator();
while(var3.hasNext()) {
String headerName = (String)var3.next();
headers.put(headerName, this.getHeader(headerName));
}
return headers;
}
public byte[] getResponseData() throws IOException {
flushBuffer();
return byteArrayOutputStream.toByteArray();
}
public String getContent() throws IOException {
flushBuffer();
return byteArrayOutputStream.toString();
}
}
class WrapperOutputStream extends ServletOutputStream {
private ByteArrayOutputStream baos;
public WrapperOutputStream(ByteArrayOutputStream out) {
super();
this.baos = out;
}
public boolean isReady() {
return true;
}
public void write(int b) throws IOException {
this.baos.write(b);
}
public void write(byte[] b) throws IOException {
this.baos.write(b);
}
public void write(byte[] b, int off, int len) throws IOException {
this.baos.write(b, off, len);
}
public String getContent() {
return this.baos.toString();
}
public byte[] toByteArray() {
return this.baos.toByteArray();
}
public void setWriteListener(WriteListener listener) {
}
}
同样的思路,我们在过滤器里面对响应结果进行加密。
/**
* Created by jianggc at 2022/4/5.
*/
(urlPatterns={"/*"})
public class ResponseAesFilter implements Filter {
private static final Logger logger= LoggerFactory.getLogger(ResponseAesFilter.class);
public void doFilter(ServletRequest servletRequest, ServletResponse response, FilterChain chain) throws IOException, ServletException {
ResponseWrapper responseWrapper = new ResponseWrapper((HttpServletResponse) response);
HttpServletRequest httpServletRequest= (HttpServletRequest) servletRequest;
String requestURI = httpServletRequest.getRequestURI();
chain.doFilter(servletRequest, responseWrapper);
String wrapperContent = responseWrapper.getContent();
logger.debug("当前请求requestURI:{}",requestURI);
logger.debug("当前请求获取的响应数据:{}",wrapperContent);
if(requestURI.startsWith("/app")){// 只对安卓端进行处理
try{
JSONObject parseObject = JSONObject.parseObject(wrapperContent);
JSONObject dataObj = parseObject.getJSONObject("data");
if(dataObj!=null&&!dataObj.isEmpty()){
String dataObjStr=JsonUtil.replaceAllBlank(dataObj.toJSONString());
String encryptBase64 = AesUtils.encryptBase64(dataObjStr, AesUtils.aesKey);
logger.debug("加密后的响应data:{}",encryptBase64);
parseObject.put("data",JsonUtil.replaceAllBlank(encryptBase64));
String decryptBase64 = AesUtils.decryptBase64(encryptBase64, AesUtils.aesKey);
logger.debug("解密后的响应data:{}",decryptBase64);
}
wrapperContent=parseObject.toJSONString();
logger.debug("当前安卓请求加密的响应数据:{}",wrapperContent);
}catch (Exception e){
logger.error(e.getMessage(),e);
}
}
ServletOutputStream out = response.getOutputStream();
out.write(wrapperContent.getBytes(Charset.forName("UTF-8")));
out.flush();
}
}
