Skip to content

S
szpt
Commit e0869171 authored by 夏敏伟's avatar 夏敏伟
Browse files
Options

Merge branch 'master' of http://192.168.168.218/wcyuee/szpt

parents 02d5b687 ded60957
Hide whitespace changes
Inline Side-by-side
Showing with 48 additions and 38 deletions
src/main/java/com/zksy/szpt/config/WebConfig.java
View file @ e0869171
......@@ -54,16 +54,16 @@ public class WebConfig implements WebMvcConfigurer {
*
* @return
*/
// @Bean
// public FilterRegistrationBean getFilter1Registration(@Qualifier("signatureVerificationFilter") SignatureVerificationFilter signatureVerificationFilter) {
// FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
// filterRegistrationBean.setFilter(signatureVerificationFilter);
// //设置过滤器名称和路径,在过滤器类写了的话,这里不用重复写
// filterRegistrationBean.setName("filter");
// filterRegistrationBean.addUrlPatterns("/rest/*");
// //设置过滤器执行顺序,数字越小,越早进行过滤,也可设置为负数
// filterRegistrationBean.setOrder(1);
// return filterRegistrationBean;
// }
@Bean
public FilterRegistrationBean getFilter1Registration(@Qualifier("signatureVerificationFilter") SignatureVerificationFilter signatureVerificationFilter) {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
filterRegistrationBean.setFilter(signatureVerificationFilter);
//设置过滤器名称和路径,在过滤器类写了的话,这里不用重复写
filterRegistrationBean.setName("filter");
filterRegistrationBean.addUrlPatterns("/rest/*");
//设置过滤器执行顺序,数字越小,越早进行过滤,也可设置为负数
filterRegistrationBean.setOrder(1);
return filterRegistrationBean;
}
}
src/main/java/com/zksy/szpt/filter/SignatureVerificationFilter.java
View file @ e0869171
......@@ -32,7 +32,7 @@ import java.nio.charset.StandardCharsets;
import java.util.Map;
import java.util.concurrent.TimeUnit;
//@Component
@Component
public class SignatureVerificationFilter extends OncePerRequestFilter {
public Logger logger = LoggerFactory.getLogger(SignatureVerificationFilter.class);
......@@ -94,30 +94,36 @@ public class SignatureVerificationFilter extends OncePerRequestFilter {
// 防止请求重放,nonce只能用一次,放在redis中,有效期 20分钟
String nonceKey = "api_signature:nonce:" + nonce;
if (Boolean.FALSE.equals(this.redisTemplate.opsForValue().setIfAbsent(nonceKey, "1", 20, TimeUnit.MINUTES))) {
this.write(response, "nonce无效");
this.write(response, "nonce无效:" + nonce);
return false;
}
// 校验appId
AppStore appStore = this.appStoreService.getAppSecretInfo(appId);
String secretKey = appStore.getAppSecret();
if (!StringUtils.hasText(secretKey)) {
this.write(response, "appId无效");
String appSecret = appStore.getAppSecret();
if (!StringUtils.hasText(appSecret)) {
this.write(response, "appId无效:" + appId);
return false;
}
//验证单位 todo
// String deptCode = appStore.getDeptCode();
// 请求体
// post请求body
String body = StreamUtils.copyToString(request.getInputStream(), StandardCharsets.UTF_8);
body = objectMapper.writeValueAsString(objectMapper.readValue(body, Map.class));
body = EncryptUtil.getInstance().AESEncode(body, secretKey);
Map<String, Object> objectMap = objectMapper.readValue(body, Map.class);
//验证单位
if (objectMap.get("deptCode") != null && !objectMap.get("sjgsdwdm").toString().startsWith(appStore.getDeptCode().replaceAll("0+$", ""))) {
write(response, "AppId和传入的单位不匹配,appId:" + appId + ",deptCode:" + objectMap.get("deptCode"));
return false;
}
body = objectMapper.writeValueAsString(objectMap);
body = EncryptUtil.getInstance().AESEncode(body, appSecret);
// 校验签名appId+nonce+timestampStr+aes(body,secret)
String data = String.format("%s%s%s%s", appId, nonce, timestampStr, body);
String generatedSignature = DigestUtil.md5Hex(data);
if (!generatedSignature.equals(sign)) {
write(response, "签名有误,generatedSignature:" + generatedSignature + ",sign: " + sign + ",appId:" + appId + ",nonce:" + nonce + ",timestamp:" + timestampStr);
logger.warn("签名有误,generatedSignature:{},sign:{},appId:{},nonce:{},timestampStr:{}", generatedSignature, sign, appId, nonce, timestampStr);
write(response, "签名有误,sign: " + sign + ",appId:" + appId + ",nonce:" + nonce + ",timestamp:" + timestampStr);
return false;
}
......@@ -144,6 +150,7 @@ public class SignatureVerificationFilter extends OncePerRequestFilter {
/**
* 增加用户信息
*
* @param request
*/
private void addUserInfo(HttpServletRequest request) {
......@@ -153,5 +160,9 @@ public class SignatureVerificationFilter extends OncePerRequestFilter {
CurrentUserInfo currentUserInfo = new CurrentUserInfo.CurrentUserInfoBuilder().userId(userId).userName(userId).ip(ip).build();
UserContextHolder.set(currentUserInfo);
}
private void checkDeptCode(String deptCode, AppStore appStore) {
}
}
src/test/java/com/zksy/szpt/MainTest.java
View file @ e0869171
......@@ -28,7 +28,8 @@ public class MainTest {
String nonce = "2";
String timestampStr = "21";
String appId = "1872476300466950146";
String appId = "1872576325743943682";
String appSecret = "21";
@Resource
......@@ -45,8 +46,9 @@ public class MainTest {
public void xxRwwcqkTest() {
timestampStr = String.valueOf(System.currentTimeMillis() / 1000);
nonce = String.valueOf(System.currentTimeMillis() / 1000);
String secretKey = this.appStoreService.getAppSecretByAppKey(appId);
Assertions.assertNotNull(secretKey, "appId不存在");//断言appId存在,为空直接抛出异常不进行下一步测试,提高测试效率
// String secretKey = this.appStoreService.getAppSecretByAppKey(appId);
appSecret = DigestUtil.md5Hex(appSecret);
Assertions.assertNotNull(appId, "appId不存在");//断言appId存在,为空直接抛出异常不进行下一步测试,提高测试效率
//请求参数
XxRwwcqkDTO xxRwwcqkDTO = new XxRwwcqkDTO();
xxRwwcqkDTO.setRwid("123456");
......@@ -61,7 +63,7 @@ public class MainTest {
Assertions.fail("json序列化失败");
}
//请求体加密
json = EncryptUtil.getInstance().AESEncode(json, secretKey);
json = EncryptUtil.getInstance().AESEncode(json, appSecret);
//签名appId+nonce+timestampStr+aes(body)
String data = String.format("%s%s%s%s", appId, nonce, timestampStr, json);
String generatedSignature = DigestUtil.md5Hex(data);
......@@ -86,8 +88,8 @@ public class MainTest {
* 任务完成情况
*/
@Test
@DisplayName("任务完成情况")
public void xxRwwcqkTest1() {
@DisplayName("账户信息")
public void zhxxtest() {
timestampStr = String.valueOf(System.currentTimeMillis() / 1000);
nonce = String.valueOf(System.currentTimeMillis() / 1000);
String secretKey = this.appStoreService.getAppSecretByAppKey(appId);
......@@ -131,7 +133,7 @@ public class MainTest {
* 任务完成情况
*/
@Test
@DisplayName("任务完成情况")
@DisplayName("账户积分变更")
public void test1() {
timestampStr = String.valueOf(System.currentTimeMillis() / 1000);
nonce = String.valueOf(System.currentTimeMillis() / 1000);
......@@ -220,7 +222,7 @@ public class MainTest {
* 任务完成情况
*/
@Test
@DisplayName("任务完成情况")
@DisplayName("义警任务")
public void test4() {
timestampStr = String.valueOf(System.currentTimeMillis() / 1000);
nonce = String.valueOf(System.currentTimeMillis() / 1000);
......@@ -268,7 +270,7 @@ public class MainTest {
* 任务完成情况
*/
@Test
@DisplayName("任务完成情况")
@DisplayName("义警队伍代码")
public void test5() {
timestampStr = String.valueOf(System.currentTimeMillis() / 1000);
nonce = String.valueOf(System.currentTimeMillis() / 1000);
......@@ -312,7 +314,7 @@ public class MainTest {
}
@Test
@DisplayName("任务完成情况")
@DisplayName("社会信息员队伍")
public void test6() {
timestampStr = String.valueOf(System.currentTimeMillis() / 1000);
nonce = String.valueOf(System.currentTimeMillis() / 1000);
......@@ -352,7 +354,7 @@ public class MainTest {
}
@Test
@DisplayName("任务完成情况")
@DisplayName("社会信息员")
public void test7() {
timestampStr = String.valueOf(System.currentTimeMillis() / 1000);
nonce = String.valueOf(System.currentTimeMillis() / 1000);
......@@ -394,16 +396,13 @@ public class MainTest {
@Test
@DisplayName("任务完成情况")
@DisplayName("删除服务")
public void testdelete() {
timestampStr = String.valueOf(System.currentTimeMillis() / 1000);
nonce = String.valueOf(System.currentTimeMillis() / 1000);
String secretKey = this.appStoreService.getAppSecretByAppKey(appId);
Assertions.assertNotNull(secretKey, "appId不存在");//断言appId存在,为空直接抛出异常不进行下一步测试,提高测试效率
//请求参数
String number = "1";
String[] str = new String[1];
str[0] = number;
String json = null;
List<String> ids = new ArrayList<>();
ids.add("1");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment