赞
踩
客户端和服务端都可以加密和解密,使用base64进行网络传输
加密方
字符串 -> AES加密 -> base64
解密方
base64 -> AES解密 -> 字符串
$ tree -I target -I test . ├── pom.xml └── src └── main ├── java │ └── com │ └── example │ └── demo │ ├── Application.java │ ├── annotation │ │ └── SecretData.java │ ├── config │ │ ├── CrossConfig.java │ │ ├── DecryptRequestBodyAdvice.java │ │ ├── EncryptResponseBodyAdvice.java │ │ ├── SecretConfig.java │ │ └── WebMvcConfig.java │ ├── controller │ │ ├── IndexController.java │ │ └── UserController.java │ ├── request │ │ └── JsonRequest.java │ ├── response │ │ ├── JsonResult.java │ │ └── JsonResultVO.java │ ├── service │ │ ├── SecretDataService.java │ │ └── impl │ │ └── SecretDataServiceImpl.java │ └── utils │ └── CipherUtil.java └── resources ├── application.yml ├── static │ ├── axios.min.js │ └── crypto-js.min.js └── templates └── index.html
pom.xml
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.7.7</version> <relativePath/> <!-- lookup parent from repository --> </parent> <groupId>com.example</groupId> <artifactId>demo</artifactId> <version>0.0.1-SNAPSHOT</version> <name>demo</name> <description>Demo project for Spring Boot</description> <properties> <java.version>1.8</java.version> <mybatis-plus.version>3.5.2</mybatis-plus.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> <version>1.15</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <optional>true</optional> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-devtools</artifactId> <scope>runtime</scope> <optional>true</optional> </dependency> <!-- test --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <scope>test</scope> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> <configuration> <excludes> <exclude> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> </exclude> </excludes> </configuration> </plugin> </plugins> </build> </project>
Application.java
package com.example.demo;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
WebMvcConfig.java
package com.example.demo.config; import lombok.extern.slf4j.Slf4j; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport; @Slf4j @Configuration public class WebMvcConfig extends WebMvcConfigurationSupport { // 设置静态资源映射 @Override protected void addResourceHandlers(ResourceHandlerRegistry registry) { registry.addResourceHandler("/static/**") .addResourceLocations("classpath:/static/"); } }
CrossConfig.java
package com.example.demo.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import org.springframework.web.filter.CorsFilter; /** * 处理跨域问题 */ @Configuration public class CrossConfig { @Bean public CorsFilter corsFilter() { CorsConfiguration config = new CorsConfiguration(); config.addAllowedOrigin("*"); config.setAllowCredentials(false); config.addAllowedMethod("*"); config.addAllowedHeader("*"); config.setMaxAge(3600L); UrlBasedCorsConfigurationSource configSource = new UrlBasedCorsConfigurationSource(); configSource.registerCorsConfiguration("/**", config); return new CorsFilter(configSource); } }
JsonRequest.java
package com.example.demo.request; import lombok.Data; /** * 统一的请求体数据 */ @Data public class JsonRequest { /** * 未加密数据 */ private Object data; /** * 加密数据 */ private String encryptData; }
JsonResult.java
package com.example.demo.response; import lombok.Data; /** * 统一的返回体数据 不加密 */ @Data public class JsonResult<T> { private String message; private T data; private Integer code; public static <T> JsonResult success(T data){ JsonResult<T> jsonResult = new JsonResult<>(); jsonResult.setCode(0); jsonResult.setData(data); jsonResult.setMessage("success"); return jsonResult; } }
JsonResultVO.java
package com.example.demo.response; import lombok.Data; /** * 统一的返回体数据 加密 */ @Data public class JsonResultVO { private String message; private String encryptData; private Integer code; }
IndexController.java
package com.example.demo.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
@Controller
public class IndexController {
@GetMapping("/")
public String index(){
return "index";
}
}
UserController.java
package com.example.demo.controller; import com.example.demo.annotation.SecretData; import com.example.demo.response.JsonResult; import org.springframework.web.bind.annotation.*; import java.util.HashMap; import java.util.Map; /** * 对该Controller中的所有方法进行加解密处理 */ @RestController @SecretData public class UserController { @GetMapping("/user/getUser") public JsonResult getUser() { Map<String, String> user = new HashMap<>(); user.put("name", "Tom"); user.put("age", "18"); return JsonResult.success(user); } @PostMapping("/user/addUser") public Object addUser(@RequestBody Map<String, String> data) { System.out.println(data); return data; } }
application.yml
secret:
key: 1234567890123456 # 密钥位数为16位
enabled: true # 开启加解密功能
SecretData.java
package com.example.demo.annotation; import org.springframework.web.bind.annotation.Mapping; import java.lang.annotation.*; /** * 只有添加有该注解的Controller类或是具体接口方法才进行数据的加密解密 */ @Target({ElementType.METHOD, ElementType.TYPE}) @Retention(RetentionPolicy.RUNTIME) @Mapping @Documented public @interface SecretData { }
DecryptRequestBodyAdvice.java
package com.example.demo.config; import com.example.demo.annotation.SecretData; import com.example.demo.request.JsonRequest; import com.example.demo.service.SecretDataService; import com.fasterxml.jackson.databind.ObjectMapper; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.core.MethodParameter; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpInputMessage; import org.springframework.http.converter.HttpMessageConverter; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdviceAdapter; import javax.annotation.Resource; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.lang.reflect.Type; /** * 对请求内容进行解密 * 只有开启了加解密功能才会生效 * 仅对使用了@RqestBody注解的生效 * https://blog.csdn.net/xingbaozhen1210/article/details/98189562 */ @ControllerAdvice // @ConditionalOnProperty(name = "secret.enabled", havingValue = "true") public class DecryptRequestBodyAdvice extends RequestBodyAdviceAdapter { @Resource private SecretDataService secretDataService; @Override public boolean supports(MethodParameter methodParameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) { return methodParameter.getMethod().isAnnotationPresent(SecretData.class) || methodParameter.getMethod().getDeclaringClass().isAnnotationPresent(SecretData.class); } @Override public HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) throws IOException { System.out.println("beforeBodyRead"); String body = inToString(inputMessage.getBody()); System.out.println(body); ObjectMapper objectMapper = new ObjectMapper(); JsonRequest jsonRequest = objectMapper.readValue(body, JsonRequest.class); // 默认取data数据,如果提交加密数据则解密 String decryptData = null; if (jsonRequest.getEncryptData() != null) { decryptData = secretDataService.decrypt(jsonRequest.getEncryptData()); } else{ decryptData = objectMapper.writeValueAsString(jsonRequest.getData()); } String data = decryptData; // 解密后的数据 System.out.println(data); return new HttpInputMessage() { @Override public HttpHeaders getHeaders() { return inputMessage.getHeaders(); } @Override public InputStream getBody() throws IOException { return new ByteArrayInputStream(data.getBytes()); } }; } /** * 读取输入流为字符串 * * @param is * @return */ private String inToString(InputStream is) { byte[] buf = new byte[10 * 1024]; int length = -1; StringBuilder sb = new StringBuilder(); try { while ((length = is.read(buf)) != -1) { sb.append(new String(buf, 0, length)); } return sb.toString(); } catch (IOException e) { throw new RuntimeException(e); } } }
EncryptResponseBodyAdvice.java
package com.example.demo.config; import com.example.demo.annotation.SecretData; import com.example.demo.response.JsonResult; import com.example.demo.response.JsonResultVO; import com.example.demo.service.SecretDataService; import com.fasterxml.jackson.databind.ObjectMapper; import lombok.SneakyThrows; import org.springframework.beans.BeanUtils; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.core.MethodParameter; import org.springframework.http.MediaType; import org.springframework.http.converter.HttpMessageConverter; import org.springframework.http.server.ServerHttpRequest; import org.springframework.http.server.ServerHttpResponse; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice; import javax.annotation.Resource; /** * 对响应内容加密 */ @ControllerAdvice @ConditionalOnProperty(name = "secret.enabled", havingValue = "true") public class EncryptResponseBodyAdvice implements ResponseBodyAdvice<Object> { @Resource private SecretDataService secretDataService; @Override public boolean supports(MethodParameter returnType, Class<? extends HttpMessageConverter<?>> converterType) { return returnType.getMethod().isAnnotationPresent(SecretData.class) || returnType.getMethod().getDeclaringClass().isAnnotationPresent(SecretData.class); } @SneakyThrows @Override public Object beforeBodyWrite(Object body, MethodParameter returnType, MediaType selectedContentType, Class<? extends HttpMessageConverter<?>> selectedConverterType, ServerHttpRequest request, ServerHttpResponse response) { System.out.println("beforeBodyWrite"); // 仅对JsonResult对象数据加密 if (body instanceof JsonResult) { JsonResult jsonResult = (JsonResult) body; JsonResultVO jsonResultVO = new JsonResultVO(); BeanUtils.copyProperties(jsonResult, jsonResultVO); String jsonStr = new ObjectMapper().writeValueAsString(jsonResult.getData()); jsonResultVO.setEncryptData(secretDataService.encrypt(jsonStr)); return jsonResultVO; } else { return body; } } }
SecretConfig.java
package com.example.demo.config; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.annotation.Configuration; @Configuration @ConfigurationProperties(prefix = "secret") public class SecretConfig { private Boolean enabled; private String key; public Boolean getEnabled() { return enabled; } public void setEnabled(Boolean enabled) { this.enabled = enabled; } public String getKey() { return key; } public void setKey(String key) { this.key = key; } }
SecretDataService.java
package com.example.demo.service; /** * 加密解密的接口 */ public interface SecretDataService { /** * 数据加密 * * @param data 待加密数据 * @return String 加密结果 */ String encrypt(String data); /** * 数据解密 * * @param data 待解密数据 * @return String 解密后的数据 */ String decrypt(String data); }
SecretDataServiceImpl.java
package com.example.demo.service.impl; import com.example.demo.config.SecretConfig; import com.example.demo.service.SecretDataService; import com.example.demo.utils.CipherUtil; import org.springframework.stereotype.Service; import javax.annotation.Resource; /** * 具体的加解密实现 */ @Service public class SecretDataServiceImpl implements SecretDataService { @Resource private SecretConfig secretConfig; @Override public String decrypt(String data) { return CipherUtil.decrypt(secretConfig.getKey(), data); } @Override public String encrypt(String data) { return CipherUtil.encrypt(secretConfig.getKey(), data); } }
CipherUtil.java
package com.example.demo.utils; import javax.crypto.Cipher; import javax.crypto.spec.SecretKeySpec; import java.nio.charset.Charset; import java.util.Base64; /** * 数据加密解密工具类 * 加密后返回base64 */ public class CipherUtil { /** * 定义加密算法 */ private static final String ALGORITHM = "AES/ECB/PKCS5Padding"; /** * 解密 * * @param secretKey * @param cipherText base64 * @return */ public static String decrypt(String secretKey, String cipherText) { // 将Base64编码的密文解码 byte[] encrypted = Base64.getDecoder().decode(cipherText); try { Cipher cipher = Cipher.getInstance(ALGORITHM); SecretKeySpec key = new SecretKeySpec(secretKey.getBytes(), "AES"); cipher.init(Cipher.DECRYPT_MODE, key); return new String(cipher.doFinal(encrypted)); } catch (Exception e) { throw new RuntimeException(e); } } /** * 加密 * * @param secretKey * @param plainText base64 * @return */ public static String encrypt(String secretKey, String plainText) { try { Cipher cipher = Cipher.getInstance(ALGORITHM); SecretKeySpec key = new SecretKeySpec(secretKey.getBytes(), "AES"); cipher.init(Cipher.ENCRYPT_MODE, key); return Base64.getEncoder().encodeToString(cipher.doFinal(plainText.getBytes(Charset.forName("UTF-8")))); } catch (Exception e) { throw new RuntimeException(e); } } }
浏览器中实现加密解密
templates/index.html
<!DOCTYPE html> <html lang="zh" xmlns:th="http://www.thymeleaf.org"> <head> <meta charset="UTF-8" /> <title>接口数据加密解密</title> </head> <body> <!-- 引入依赖 --> <!-- <script src="https://cdn.bootcdn.net/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script> --> <script src="/static/crypto-js.min.js"></script> <!-- <script src="https://cdn.bootcdn.net/ajax/libs/axios/1.3.6/axios.min.js"></script> --> <script src="/static/axios.min.js"></script> <h1>查看控制台</h1> <!-- 加密解密模块 --> <script type="text/javascript"> const SECRET_KEY = "1234567890123456"; /** * 加密方法 * @param data 待加密数据 * @returns {string|*} */ function encrypt(data) { let key = CryptoJS.enc.Utf8.parse(SECRET_KEY); if (typeof data === "object") { data = JSON.stringify(data); } let plainText = CryptoJS.enc.Utf8.parse(data); let secretText = CryptoJS.AES.encrypt(plainText, key, { mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7 }).toString(); return secretText; } /** * 解密数据 * @param data 待解密数据 */ function decrypt(data) { let key = CryptoJS.enc.Utf8.parse(SECRET_KEY); let result = CryptoJS.AES.decrypt(data, key, { mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7 }).toString(CryptoJS.enc.Utf8); return JSON.parse(result); } </script> <!-- http请求模块 --> <script type="text/javascript"> // 获取加密数据并解密 axios.get("http://127.0.0.1:8080/user/getUser").then((res) => { console.log("接收到api返回加密数据:"); console.log(decrypt(res.data.encryptData)); }); // 提交加密参数 const data = { name: "Tom", age: "18", }; axios .post("http://127.0.0.1:8080/user/addUser", { encryptData: encrypt(data), }) .then((res) => { console.log("接收到api返回未加密数据:"); console.log(res.data); }); </script> </body> </html>
前后端都可以通过参数 encryptData
判断对方提交/返回的数据是否为加密数据,如果是加密数据则进行解密操作
接口返回加密数据
GET http://127.0.0.1:8080/user/getUser
未加密的数据
{
"message": "success",
"data": {
"name": "Tom",
"age": "18"
},
"code": 0
}
返回数据
{
"message": "success",
"encryptData": "kun2Wvk2LNKICaXIeIExA7jKRyqOV0qCv5KQXFOzfpQ=",
"code": 0
}
客户端提交参数
POST http://127.0.0.1:8080/user/addUser
提交数据
{
"data": {
"name": "Tom",
"age": "18"
}
}
提交加密数据
{
"encryptData": "kun2Wvk2LNKICaXIeIExA7jKRyqOV0qCv5KQXFOzfpQ="
}
secret.enabled=true
全局开启返回数据加密SecretData
或者自定义PassSecretData
来控制单个控制器或者单个接口的需要或不需要加密客户端
相同点
encryptData
来判断是否为加密数据完整代码:https://github.com/mouday/spring-boot-demo/tree/master/SpringBoot-Secret
参考文章
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。