Springインタフェースデータ暗号化---ローカル暗号化編
30989 ワード
Springインタフェースデータ暗号化-ローカル暗号化注記 RequestBody復号 ResponseBody暗号化 を使用
注釈
DecryptRequestBody注記
カスタム復号コメント、デフォルト設定復号==true、メソッドに適用
EncryptResponBody
カスタム復号コメント
RequestBody復号
ResponseBody暗号化
使用
注釈を復号化または復号化、または復号化するactionメソッドに設定すればよい.
注釈
package com.base.project.commcon.annotation.des;
import java.lang.annotation.*;
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface DecryptRequestBody {
boolean dencrypt() default true;
}
DecryptRequestBody注記
カスタム復号コメント、デフォルト設定復号==true、メソッドに適用
package com.base.project.commcon.annotation.des;
import java.lang.annotation.*;
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface EncryptResponBody {
boolean encrypt() default true;
}
EncryptResponBody
カスタム復号コメント
RequestBody復号
package com.base.project.advice;
import com.base.project.commcon.annotation.des.DecryptRequestBody;
import org.springframework.core.MethodParameter;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpInputMessage;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.converter.json.GsonHttpMessageConverter;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Type;
/**
* application/json
*/
@ControllerAdvice
public class AppRequestBodyAdvice implements RequestBodyAdvice {
@Override
public boolean supports(MethodParameter methodParameter, Type type, Class<? extends HttpMessageConverter<?>> aClass) {
if(GsonHttpMessageConverter.class.isAssignableFrom(aClass)){
return true;
}
return false;
}
@Override
public Object handleEmptyBody(Object o, HttpInputMessage httpInputMessage, MethodParameter methodParameter, Type type, Class<? extends HttpMessageConverter<?>> aClass) {
return o;
}
@Override
public HttpInputMessage beforeBodyRead(HttpInputMessage httpInputMessage, MethodParameter methodParameter, Type type, Class<? extends HttpMessageConverter<?>> aClass) throws IOException {
boolean dencrypt = false;
HttpInputMessage returnInputMessage = null;
if(methodParameter.getMethod().isAnnotationPresent(DecryptRequestBody.class)) {
DecryptRequestBody body = methodParameter.getMethodAnnotation(DecryptRequestBody.class);
dencrypt = body.dencrypt();
}
if(dencrypt) {
InputStream is = httpInputMessage.getBody();
//
returnInputMessage = new DecryptHttpInputMessage(httpInputMessage.getHeaders(), this.toDencrypt(is));
//returnInputMessage =
}else {
returnInputMessage = httpInputMessage;
}
return returnInputMessage;
}
@Override
public Object afterBodyRead(Object o, HttpInputMessage httpInputMessage, MethodParameter methodParameter, Type type, Class<? extends HttpMessageConverter<?>> aClass) {
return o;
}
public InputStream toDencrypt(InputStream is) throws IOException {
ByteArrayOutputStream out = new ByteArrayOutputStream();
byte[] b = new byte[4096];
int n = 0;
while ((n = is.read(b)) > 0) {
out.write(b, 0, n);
}
byte[] buf = out.toByteArray();
// buf
//
ByteArrayInputStream bis = new ByteArrayInputStream(buf);
return bis;
}
class DecryptHttpInputMessage implements HttpInputMessage{
private HttpHeaders headers = null;
private InputStream is = null;
public DecryptHttpInputMessage(HttpHeaders headers, InputStream is) {
this.headers = headers;
this.is = is;
}
@Override
public HttpHeaders getHeaders() {
// TODO Auto-generated method stub
return headers;
}
@Override
public InputStream getBody() throws IOException {
// TODO Auto-generated method stub
return is;
}
}
}
ResponseBody暗号化
package com.base.project.advice;
import com.base.project.commcon.annotation.des.EncryptResponBody;
import org.springframework.core.MethodParameter;
import org.springframework.http.MediaType;
import org.springframework.http.converter.json.GsonHttpMessageConverter;
import org.springframework.http.server.ServerHttpRequest;
import org.springframework.http.server.ServerHttpResponse;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;
import java.io.IOException;
/**
* application/json
*/
@ControllerAdvice
public class AppResponseBodyAdvice implements ResponseBodyAdvice {
@Override
public boolean supports(MethodParameter methodParameter, Class aClass) {
if(GsonHttpMessageConverter.class.isAssignableFrom(aClass)){
return true;
}
return false;
}
@Override
public Object beforeBodyWrite(Object o, MethodParameter methodParameter, MediaType mediaType, Class aClass, ServerHttpRequest serverHttpRequest, ServerHttpResponse serverHttpResponse) {
boolean encrypt = false;
if(methodParameter.getMethod().isAnnotationPresent(EncryptResponBody.class)) {
EncryptResponBody encryptBody = methodParameter.getMethodAnnotation(EncryptResponBody.class);
encrypt = encryptBody.encrypt();
}
if(encrypt) {
try {
//
byte[] buf = this.toEncrypt(o);
serverHttpResponse.getBody().write(buf);
return null;
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
return o;
}
private byte[] toEncrypt(Object o){
//object
return o.toString().getBytes();
}
}
使用
注釈を復号化または復号化、または復号化するactionメソッドに設定すればよい.