您的位置:上海毫米网络优化公司 > 网站优化分享 >
相关推荐recommended
- RabbitMQ与RocketMQ:消息队列的两大强者对比
- 基于在线学习的分布式流量实时分析系统设计与实现
- 基于YOLOv的目标追踪与无人机前端查看系统开发
- Idea Spring Initializr没有 Java 8选项解决
- 刷题之Leetcode24题(超级详细)
- 分割一切?手把手教你部署SAM+LabelStudio实现自动标注
- 高级DBA手把手教你Mysql大数据量批量导入人大金仓国产数据库方法(
- MySQL中的any
- Node.js 连接 mysql 数据库(Navicat)超详细!!!
- 【项目实战经验】DataKit迁移MySQL到openGauss(下)
- 每日五道java面试题之spring篇(六)
- 【已解决】.nginx: error while loading sh
- Spring Boot 整合 Druid
- go: go.mod file not found in curren
- SpringBoot【问题 05】PostgreSQL数据库启用SSL
- 【实战Flask API项目指南】之七 用JWT进行用户认证与授权
- 如何在SpringBoot集成mapstruct实现类型转换?一篇文章
- 【接口测试】常见HTTP面试题
- vue+element+springboot实现多张图片上传
- 云计算——ACA学习 阿里云云计算服务概述
- The error occurred while executing
- 【Java EE】关于Spring MVC 响应
- SQL之CASE WHEN用法详解
- 如何使用群晖Synology Drive结合cpolar内网穿透实现同
- Java实战:SpringBoot 业务操作日志功能设计
- 【猫头虎科技角】解决Mysqlcom.mysql.cj.jdbc.ex
- SpringBoot部署一 Windows服务器部署
- 前馈神经网络解密:深入理解人工智能的基石
- Java连接PostGreSql
- 机器学习是什么
Java:SpringBoot使用AES对JSON数据加密和解密
作者:mmseoamin日期:2024-02-05
目录
- 1、加密解密原理
- 2、项目示例
- 2.1、项目结构
- 2.2、常规业务代码
- 2.3、加密的实现
- 2.4、接口测试
- 2.5、总结
1、加密解密原理
客户端和服务端都可以加密和解密,使用base64进行网络传输
加密方
字符串 -> AES加密 -> base64
解密方
base64 -> AES解密 -> 字符串
2、项目示例
2.1、项目结构
$ tree -I target -I test . ├── pom.xml └── src └── main ├── java │ └── com │ └── example │ └── demo │ ├── Application.java │ ├── annotation │ │ └── SecretData.java │ ├── config │ │ ├── CrossConfig.java │ │ ├── DecryptRequestBodyAdvice.java │ │ ├── EncryptResponseBodyAdvice.java │ │ ├── SecretConfig.java │ │ └── WebMvcConfig.java │ ├── controller │ │ ├── IndexController.java │ │ └── UserController.java │ ├── request │ │ └── JsonRequest.java │ ├── response │ │ ├── JsonResult.java │ │ └── JsonResultVO.java │ ├── service │ │ ├── SecretDataService.java │ │ └── impl │ │ └── SecretDataServiceImpl.java │ └── utils │ └── CipherUtil.java └── resources ├── application.yml ├── static │ ├── axios.min.js │ └── crypto-js.min.js └── templates └── index.html2.2、常规业务代码
pom.xml
4.0.0 org.springframework.boot spring-boot-starter-parent 2.7.7 com.example demo 0.0.1-SNAPSHOT demo Demo project for Spring Boot 1.8 3.5.2 org.springframework.boot spring-boot-starter-web commons-codec commons-codec 1.15 org.springframework.boot spring-boot-starter-thymeleaf org.projectlombok lombok true org.springframework.boot spring-boot-devtools runtime true org.springframework.boot spring-boot-starter-test test junit junit test org.springframework.boot spring-boot-maven-plugin org.projectlombok lombok Application.java
package com.example.demo; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; @SpringBootApplication public class Application { public static void main(String[] args) { SpringApplication.run(Application.class, args); } }WebMvcConfig.java
package com.example.demo.config; import lombok.extern.slf4j.Slf4j; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport; @Slf4j @Configuration public class WebMvcConfig extends WebMvcConfigurationSupport { // 设置静态资源映射 @Override protected void addResourceHandlers(ResourceHandlerRegistry registry) { registry.addResourceHandler("/static/**") .addResourceLocations("classpath:/static/"); } }CrossConfig.java
package com.example.demo.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import org.springframework.web.filter.CorsFilter; /** * 处理跨域问题 */ @Configuration public class CrossConfig { @Bean public CorsFilter corsFilter() { CorsConfiguration config = new CorsConfiguration(); config.addAllowedOrigin("*"); config.setAllowCredentials(false); config.addAllowedMethod("*"); config.addAllowedHeader("*"); config.setMaxAge(3600L); UrlBasedCorsConfigurationSource configSource = new UrlBasedCorsConfigurationSource(); configSource.registerCorsConfiguration("/**", config); return new CorsFilter(configSource); } }JsonRequest.java
package com.example.demo.request; import lombok.Data; /** * 统一的请求体数据 */ @Data public class JsonRequest { /** * 未加密数据 */ private Object data; /** * 加密数据 */ private String encryptData; }
JsonResult.java
package com.example.demo.response; import lombok.Data; /** * 统一的返回体数据 不加密 */ @Data public class JsonResult
{ private String message; private T data; private Integer code; public static JsonResult success(T data){ JsonResult jsonResult = new JsonResult<>(); jsonResult.setCode(0); jsonResult.setData(data); jsonResult.setMessage("success"); return jsonResult; } } JsonResultVO.java
package com.example.demo.response; import lombok.Data; /** * 统一的返回体数据 加密 */ @Data public class JsonResultVO { private String message; private String encryptData; private Integer code; }IndexController.java
package com.example.demo.controller; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.GetMapping; @Controller public class IndexController { @GetMapping("/") public String index(){ return "index"; } }UserController.java
package com.example.demo.controller; import com.example.demo.annotation.SecretData; import com.example.demo.response.JsonResult; import org.springframework.web.bind.annotation.*; import java.util.HashMap; import java.util.Map; /** * 对该Controller中的所有方法进行加解密处理 */ @RestController @SecretData public class UserController { @GetMapping("/user/getUser") public JsonResult getUser() { Map2.3、加密的实现
application.yml
secret: key: 1234567890123456 # 密钥位数为16位 enabled: true # 开启加解密功能
SecretData.java
package com.example.demo.annotation; import org.springframework.web.bind.annotation.Mapping; import java.lang.annotation.*; /** * 只有添加有该注解的Controller类或是具体接口方法才进行数据的加密解密 */ @Target({ElementType.METHOD, ElementType.TYPE}) @Retention(RetentionPolicy.RUNTIME) @Mapping @Documented public @interface SecretData { }
DecryptRequestBodyAdvice.java
package com.example.demo.config; import com.example.demo.annotation.SecretData; import com.example.demo.request.JsonRequest; import com.example.demo.service.SecretDataService; import com.fasterxml.jackson.databind.ObjectMapper; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.core.MethodParameter; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpInputMessage; import org.springframework.http.converter.HttpMessageConverter; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdviceAdapter; import javax.annotation.Resource; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.lang.reflect.Type; /** * 对请求内容进行解密 * 只有开启了加解密功能才会生效 * 仅对使用了@RqestBody注解的生效 * https://blog.csdn.net/xingbaozhen1210/article/details/98189562 */ @ControllerAdvice // @ConditionalOnProperty(name = "secret.enabled", havingValue = "true") public class DecryptRequestBodyAdvice extends RequestBodyAdviceAdapter { @Resource private SecretDataService secretDataService; @Override public boolean supports(MethodParameter methodParameter, Type targetType, Class> converterType) { return methodParameter.getMethod().isAnnotationPresent(SecretData.class) || methodParameter.getMethod().getDeclaringClass().isAnnotationPresent(SecretData.class); } @Override public HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class> converterType) throws IOException { System.out.println("beforeBodyRead"); String body = inToString(inputMessage.getBody()); System.out.println(body); ObjectMapper objectMapper = new ObjectMapper(); JsonRequest jsonRequest = objectMapper.readValue(body, JsonRequest.class); // 默认取data数据,如果提交加密数据则解密 String decryptData = null; if (jsonRequest.getEncryptData() != null) { decryptData = secretDataService.decrypt(jsonRequest.getEncryptData()); } else{ decryptData = objectMapper.writeValueAsString(jsonRequest.getData()); } String data = decryptData; // 解密后的数据 System.out.println(data); return new HttpInputMessage() { @Override public HttpHeaders getHeaders() { return inputMessage.getHeaders(); } @Override public InputStream getBody() throws IOException { return new ByteArrayInputStream(data.getBytes()); } }; } /** * 读取输入流为字符串 * * @param is * @return */ private String inToString(InputStream is) { byte[] buf = new byte[10 * 1024]; int length = -1; StringBuilder sb = new StringBuilder(); try { while ((length = is.read(buf)) != -1) { sb.append(new String(buf, 0, length)); } return sb.toString(); } catch (IOException e) { throw new RuntimeException(e); } } }EncryptResponseBodyAdvice.java
package com.example.demo.config; import com.example.demo.annotation.SecretData; import com.example.demo.response.JsonResult; import com.example.demo.response.JsonResultVO; import com.example.demo.service.SecretDataService; import com.fasterxml.jackson.databind.ObjectMapper; import lombok.SneakyThrows; import org.springframework.beans.BeanUtils; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.core.MethodParameter; import org.springframework.http.MediaType; import org.springframework.http.converter.HttpMessageConverter; import org.springframework.http.server.ServerHttpRequest; import org.springframework.http.server.ServerHttpResponse; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice; import javax.annotation.Resource; /** * 对响应内容加密 */ @ControllerAdvice @ConditionalOnProperty(name = "secret.enabled", havingValue = "true") public class EncryptResponseBodyAdvice implements ResponseBodyAdvice
SecretConfig.java
package com.example.demo.config; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.annotation.Configuration; @Configuration @ConfigurationProperties(prefix = "secret") public class SecretConfig { private Boolean enabled; private String key; public Boolean getEnabled() { return enabled; } public void setEnabled(Boolean enabled) { this.enabled = enabled; } public String getKey() { return key; } public void setKey(String key) { this.key = key; } }SecretDataService.java
package com.example.demo.service; /** * 加密解密的接口 */ public interface SecretDataService { /** * 数据加密 * * @param data 待加密数据 * @return String 加密结果 */ String encrypt(String data); /** * 数据解密 * * @param data 待解密数据 * @return String 解密后的数据 */ String decrypt(String data); }SecretDataServiceImpl.java
package com.example.demo.service.impl; import com.example.demo.config.SecretConfig; import com.example.demo.service.SecretDataService; import com.example.demo.utils.CipherUtil; import org.springframework.stereotype.Service; import javax.annotation.Resource; /** * 具体的加解密实现 */ @Service public class SecretDataServiceImpl implements SecretDataService { @Resource private SecretConfig secretConfig; @Override public String decrypt(String data) { return CipherUtil.decrypt(secretConfig.getKey(), data); } @Override public String encrypt(String data) { return CipherUtil.encrypt(secretConfig.getKey(), data); } }CipherUtil.java
package com.example.demo.utils; import javax.crypto.Cipher; import javax.crypto.spec.SecretKeySpec; import java.nio.charset.Charset; import java.util.Base64; /** * 数据加密解密工具类 * 加密后返回base64 */ public class CipherUtil { /** * 定义加密算法 */ private static final String ALGORITHM = "AES/ECB/PKCS5Padding"; /** * 解密 * * @param secretKey * @param cipherText base64 * @return */ public static String decrypt(String secretKey, String cipherText) { // 将Base64编码的密文解码 byte[] encrypted = Base64.getDecoder().decode(cipherText); try { Cipher cipher = Cipher.getInstance(ALGORITHM); SecretKeySpec key = new SecretKeySpec(secretKey.getBytes(), "AES"); cipher.init(Cipher.DECRYPT_MODE, key); return new String(cipher.doFinal(encrypted)); } catch (Exception e) { throw new RuntimeException(e); } } /** * 加密 * * @param secretKey * @param plainText base64 * @return */ public static String encrypt(String secretKey, String plainText) { try { Cipher cipher = Cipher.getInstance(ALGORITHM); SecretKeySpec key = new SecretKeySpec(secretKey.getBytes(), "AES"); cipher.init(Cipher.ENCRYPT_MODE, key); return Base64.getEncoder().encodeToString(cipher.doFinal(plainText.getBytes(Charset.forName("UTF-8")))); } catch (Exception e) { throw new RuntimeException(e); } } }浏览器中实现加密解密
templates/index.html
接口数据加密解密 查看控制台
2.4、接口测试
- 开发环境不加密更易于开发调试
- 生产环境需要数据加密
前后端都可以通过参数 encryptData 判断对方提交/返回的数据是否为加密数据,如果是加密数据则进行解密操作
接口返回加密数据
GET http://127.0.0.1:8080/user/getUser
未加密的数据
{ "message": "success", "data": { "name": "Tom", "age": "18" }, "code": 0 }返回数据
{ "message": "success", "encryptData": "kun2Wvk2LNKICaXIeIExA7jKRyqOV0qCv5KQXFOzfpQ=", "code": 0 }客户端提交参数
POST http://127.0.0.1:8080/user/addUser
提交数据
{ "data": { "name": "Tom", "age": "18" } }提交加密数据
{ "encryptData": "kun2Wvk2LNKICaXIeIExA7jKRyqOV0qCv5KQXFOzfpQ=" }2.5、总结
服务端
- 全局开关:通过控制secret.enabled=true全局开启返回数据加密
- 全局局部:可以通过SecretData或者自定义PassSecretData来控制单个控制器或者单个接口的需要或不需要加密
客户端
- 可以根据开发环境、测试环境、生产环境来控制是否开启加密
- 需要注意,FormData传输文件的数据格式可以考虑不加密
相同点
- 服务端和客户端都通过对方传输的encryptData来判断是否为加密数据
- 服务端和客户端都可以根据自己的环境来决定是否开启数据加密
完整代码:https://github.com/mouday/spring-boot-demo/tree/master/SpringBoot-Secret
参考文章
- 详解API接口如何安全的传输数据
上一篇:SQL优化15个技巧
- 关注我们
- 扫描二维码
- 获取更多信息
- 精彩一手掌握
Copyright © 2014-2019 seo,上海网站优化_网络制作_网站seo排名_网站建设推广_上海网络公司 版权所有
沪ICP备19022315号
沪ICP备19022315号 
