igo出行
blame | 历史 | 原始文档
puzhibing
2022-08-22 1421f8e9c308c4741cb396309035009393b5b036 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

package com.stylefeng.guns.rest.modular.auth.converter;


 


import com.alibaba.fastjson.JSON;


import com.alibaba.fastjson.support.spring.FastJsonHttpMessageConverter;


import com.stylefeng.guns.core.exception.GunsException;


import com.stylefeng.guns.core.support.HttpKit;


import com.stylefeng.guns.core.util.MD5Util;


import com.stylefeng.guns.rest.common.exception.BizExceptionEnum;


import com.stylefeng.guns.rest.config.properties.JwtProperties;


import com.stylefeng.guns.rest.modular.auth.security.DataSecurityAction;


import com.stylefeng.guns.rest.modular.auth.util.JwtTokenUtil;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.http.HttpInputMessage;


import org.springframework.http.converter.HttpMessageNotReadableException;


 


import java.io.IOException;


import java.io.InputStream;


import java.lang.reflect.Type;


 


/**


 * 带签名的http信息转化器


 *


 * @author fengshuonan


 * @date 2017-08-25 15:42


 */


public class WithSignMessageConverter extends FastJsonHttpMessageConverter {


 


    @Autowired


    JwtProperties jwtProperties;


 


    @Autowired


    JwtTokenUtil jwtTokenUtil;


 


    @Autowired


    DataSecurityAction dataSecurityAction;


 


    @Override


    public Object read(Type type, Class<?> contextClass, HttpInputMessage inputMessage) throws IOException, HttpMessageNotReadableException {


 


        InputStream in = inputMessage.getBody();


        Object o = JSON.parseObject(in, super.getFastJsonConfig().getCharset(), BaseTransferEntity.class, super.getFastJsonConfig().getFeatures());


 


        //先转化成原始的对象


        BaseTransferEntity baseTransferEntity = (BaseTransferEntity) o;


 


        //校验签名


        String token = HttpKit.getRequest().getHeader(jwtProperties.getHeader()).substring(7);


        String md5KeyFromToken = jwtTokenUtil.getMd5KeyFromToken(token);


 


        String object = baseTransferEntity.getObject();


        String json = dataSecurityAction.unlock(object);


        String encrypt = MD5Util.encrypt(object + md5KeyFromToken);


 


        if (encrypt.equals(baseTransferEntity.getSign())) {


            System.out.println("签名校验成功!");


        } else {


            System.out.println("签名校验失败,数据被改动过!");


            throw new GunsException(BizExceptionEnum.SIGN_ERROR);


        }


 


        //校验签名后再转化成应该的对象


        return JSON.parseObject(json, type);


    }


}