|
|
|
@ -11,7 +11,6 @@ import org.dromara.common.core.utils.StringUtils;
|
|
|
|
import org.dromara.common.encrypt.annotation.ApiEncrypt;
|
|
|
|
import org.dromara.common.encrypt.annotation.ApiEncrypt;
|
|
|
|
import org.dromara.common.encrypt.properties.ApiDecryptProperties;
|
|
|
|
import org.dromara.common.encrypt.properties.ApiDecryptProperties;
|
|
|
|
import org.springframework.http.HttpMethod;
|
|
|
|
import org.springframework.http.HttpMethod;
|
|
|
|
import org.springframework.http.MediaType;
|
|
|
|
|
|
|
|
import org.springframework.web.method.HandlerMethod;
|
|
|
|
import org.springframework.web.method.HandlerMethod;
|
|
|
|
import org.springframework.web.servlet.HandlerExceptionResolver;
|
|
|
|
import org.springframework.web.servlet.HandlerExceptionResolver;
|
|
|
|
import org.springframework.web.servlet.HandlerExecutionChain;
|
|
|
|
import org.springframework.web.servlet.HandlerExecutionChain;
|
|
|
|
@ -43,27 +42,25 @@ public class CryptoFilter implements Filter {
|
|
|
|
ServletResponse responseWrapper = null;
|
|
|
|
ServletResponse responseWrapper = null;
|
|
|
|
EncryptResponseBodyWrapper responseBodyWrapper = null;
|
|
|
|
EncryptResponseBodyWrapper responseBodyWrapper = null;
|
|
|
|
|
|
|
|
|
|
|
|
// 是否为 json 请求
|
|
|
|
// 是否为 put 或者 post 请求
|
|
|
|
if (StringUtils.startsWithIgnoreCase(request.getContentType(), MediaType.APPLICATION_JSON_VALUE)) {
|
|
|
|
if (HttpMethod.PUT.matches(servletRequest.getMethod()) || HttpMethod.POST.matches(servletRequest.getMethod())) {
|
|
|
|
// 是否为 put 或者 post 请求
|
|
|
|
// 是否存在加密标头
|
|
|
|
if (HttpMethod.PUT.matches(servletRequest.getMethod()) || HttpMethod.POST.matches(servletRequest.getMethod())) {
|
|
|
|
String headerValue = servletRequest.getHeader(properties.getHeaderFlag());
|
|
|
|
// 是否存在加密标头
|
|
|
|
if (StringUtils.isNotBlank(headerValue)) {
|
|
|
|
String headerValue = servletRequest.getHeader(properties.getHeaderFlag());
|
|
|
|
// 请求解密
|
|
|
|
if (StringUtils.isNotBlank(headerValue)) {
|
|
|
|
requestWrapper = new DecryptRequestBodyWrapper(servletRequest, properties.getPrivateKey(), properties.getHeaderFlag());
|
|
|
|
// 请求解密
|
|
|
|
} else {
|
|
|
|
requestWrapper = new DecryptRequestBodyWrapper(servletRequest, properties.getPrivateKey(), properties.getHeaderFlag());
|
|
|
|
// 是否有注解,有就报错,没有放行
|
|
|
|
} else {
|
|
|
|
if (ObjectUtil.isNotNull(apiEncrypt)) {
|
|
|
|
// 是否有注解,有就报错,没有放行
|
|
|
|
HandlerExceptionResolver exceptionResolver = SpringUtils.getBean("handlerExceptionResolver", HandlerExceptionResolver.class);
|
|
|
|
if (ObjectUtil.isNotNull(apiEncrypt)) {
|
|
|
|
exceptionResolver.resolveException(
|
|
|
|
HandlerExceptionResolver exceptionResolver = SpringUtils.getBean("handlerExceptionResolver", HandlerExceptionResolver.class);
|
|
|
|
servletRequest, servletResponse, null,
|
|
|
|
exceptionResolver.resolveException(
|
|
|
|
new ServiceException("没有访问权限,请联系管理员授权", HttpStatus.FORBIDDEN));
|
|
|
|
servletRequest, servletResponse, null,
|
|
|
|
return;
|
|
|
|
new ServiceException("没有访问权限,请联系管理员授权", HttpStatus.FORBIDDEN));
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 判断是否响应加密
|
|
|
|
// 判断是否响应加密
|
|
|
|
if (responseFlag) {
|
|
|
|
if (responseFlag) {
|
|
|
|
responseBodyWrapper = new EncryptResponseBodyWrapper(servletResponse);
|
|
|
|
responseBodyWrapper = new EncryptResponseBodyWrapper(servletResponse);
|
|
|
|
|
疯狂的狮子Li
11 months ago