SpringBoot中怎么实现接口数据的加解密功能

这篇文章给大家介绍SpringBoot中怎么实现接口数据的加解密功能，内容非常详细，感兴趣的小伙伴们可以参考借鉴，希望对大家能有所帮助。

创新互联-专业网站定制、快速模板网站建设、高性价比铜川网站开发、企业建站全套包干低至880元,成熟完善的模板库,直接使用。一站式铜川网站制作公司更省心,省钱,快速模板网站建设找我们，业务覆盖铜川地区。费用合理售后完善，十载实体公司更值得信赖。

一、加密方案介绍

对接口的加密解密操作主要有下面两种方式：

自定义消息转换器

优势：仅需实现接口，配置简单。劣势：仅能对同一类型的MediaType进行加解密操作，不灵活。

使用spring提供的接口RequestBodyAdvice和ResponseBodyAdvice优势：可以按照请求的Referrer、Header或url进行判断，按照特定需要进行加密解密。

比如在一个项目升级的时候，新开发功能的接口需要加解密，老功能模块走之前的逻辑不加密，这时候就只能选择上面的第二种方式了，下面主要介绍下第二种方式加密、解密的过程。

二、实现原理

RequestBodyAdvice可以理解为在@RequestBody之前需要进行的 操作，ResponseBodyAdvice可以理解为在@ResponseBody之后进行的操作，所以当接口需要加解密时，在使用@RequestBody接收前台参数之前可以先在RequestBodyAdvice的实现类中进行参数的解密，当操作结束需要返回数据时，可以在@ResponseBody之后进入ResponseBodyAdvice的实现类中进行参数的加密。

RequestBodyAdvice处理请求的过程：

RequestBodyAdvice源码如下：

public interface RequestBodyAdvice { boolean supports(MethodParameter methodParameter, Type targetType,   Class> converterType); HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter,   Type targetType, Class> converterType) throws IOException; Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter,   Type targetType, Class> converterType); @Nullable Object handleEmptyBody(@Nullable Object body, HttpInputMessage inputMessage, MethodParameter parameter,   Type targetType, Class> converterType);}

调用RequestBodyAdvice实现类的部分代码如下：

protected Object readWithMessageConverters(HttpInputMessage inputMessage, MethodParameter parameter,   Type targetType) throws IOException, HttpMediaTypeNotSupportedException, HttpMessageNotReadableException {  MediaType contentType;  boolean noContentType = false;  try {   contentType = inputMessage.getHeaders().getContentType();  }  catch (InvalidMediaTypeException ex) {   throw new HttpMediaTypeNotSupportedException(ex.getMessage());  }  if (contentType == null) {   noContentType = true;   contentType = MediaType.APPLICATION_OCTET_STREAM;  }  Class contextClass = parameter.getContainingClass();  Class targetClass = (targetType instanceof Class ? (Class) targetType : null);  if (targetClass == null) {   ResolvableType resolvableType = ResolvableType.forMethodParameter(parameter);   targetClass = (Class) resolvableType.resolve();  }  HttpMethod httpMethod = (inputMessage instanceof HttpRequest ? ((HttpRequest) inputMessage).getMethod() : null);  Object body = NO_VALUE;  EmptyBodyCheckingHttpInputMessage message;  try {   message = new EmptyBodyCheckingHttpInputMessage(inputMessage);   for (HttpMessageConverter converter : this.messageConverters) {    Class> converterType = (Class>) converter.getClass();    GenericHttpMessageConverter genericConverter =      (converter instanceof GenericHttpMessageConverter ? (GenericHttpMessageConverter) converter : null);    if (genericConverter != null ? genericConverter.canRead(targetType, contextClass, contentType) :      (targetClass != null && converter.canRead(targetClass, contentType))) {     if (logger.isDebugEnabled()) {      logger.debug("Read [" + targetType + "] as \"" + contentType + "\" with [" + converter + "]");     }     if (message.hasBody()) {      HttpInputMessage msgToUse =        getAdvice().beforeBodyRead(message, parameter, targetType, converterType);      body = (genericConverter != null ? genericConverter.read(targetType, contextClass, msgToUse) :        ((HttpMessageConverter) converter).read(targetClass, msgToUse));      body = getAdvice().afterBodyRead(body, msgToUse, parameter, targetType, converterType);     }     else {      body = getAdvice().handleEmptyBody(null, message, parameter, targetType, converterType);     }     break;    }   }  }  catch (IOException ex) {   throw new HttpMessageNotReadableException("I/O error while reading input message", ex);  }  if (body == NO_VALUE) {   if (httpMethod == null || !SUPPORTED_METHODS.contains(httpMethod) ||     (noContentType && !message.hasBody())) {    return null;   }   throw new HttpMediaTypeNotSupportedException(contentType, this.allSupportedMediaTypes);  }  return body; }

从上面源码可以到当converter.canRead()和message.hasBody()都为true的时候，会调用beforeBodyRead()和afterBodyRead()方法，所以我们在实现类的afterBodyRead()中添加解密代码即可。

ResponseBodyAdvice处理响应的过程：

ResponseBodyAdvice源码如下：

public interface ResponseBodyAdvice { boolean supports(MethodParameter returnType, Class> converterType); @Nullable T beforeBodyWrite(@Nullable T body, MethodParameter returnType, MediaType selectedContentType,   Class> selectedConverterType,   ServerHttpRequest request, ServerHttpResponse response);}

调用ResponseBodyAdvice实现类的部分代码如下：

if (selectedMediaType != null) {   selectedMediaType = selectedMediaType.removeQualityValue();   for (HttpMessageConverter converter : this.messageConverters) {    GenericHttpMessageConverter genericConverter =      (converter instanceof GenericHttpMessageConverter ? (GenericHttpMessageConverter) converter : null);    if (genericConverter != null ?      ((GenericHttpMessageConverter) converter).canWrite(declaredType, valueType, selectedMediaType) :      converter.canWrite(valueType, selectedMediaType)) {     outputValue = (T) getAdvice().beforeBodyWrite(outputValue, returnType, selectedMediaType,       (Class>) converter.getClass(),       inputMessage, outputMessage);     if (outputValue != null) {      addContentDispositionHeader(inputMessage, outputMessage);      if (genericConverter != null) {       genericConverter.write(outputValue, declaredType, selectedMediaType, outputMessage);      }      else {       ((HttpMessageConverter) converter).write(outputValue, selectedMediaType, outputMessage);      }      if (logger.isDebugEnabled()) {       logger.debug("Written [" + outputValue + "] as \"" + selectedMediaType +         "\" using [" + converter + "]");      }     }     return;    }   }  }

从上面源码可以到当converter.canWrite()为true的时候，会调用beforeBodyWrite()方法，所以我们在实现类的beforeBodyWrite()中添加解密代码即可。

三、实战

新建一个spring boot项目spring-boot-encry，按照下面步骤操作。

pom.xml中引入jar

    org.springframework.boot   spring-boot-starter-web       org.projectlombok   lombok   true       org.springframework.boot   spring-boot-starter-test   test           org.junit.vintage     junit-vintage-engine             com.alibaba   fastjson   1.2.60  

请求参数解密拦截类

DecryptRequestBodyAdvice代码如下：

/** * 请求参数 解密操作 * * @Author: Java碎碎念 * @Date: 2019/10/24 21:31 * */@Component@ControllerAdvice(basePackages = "com.example.springbootencry.controller")@Slf4jpublic class DecryptRequestBodyAdvice implements RequestBodyAdvice { @Override public boolean supports(MethodParameter methodParameter, Type targetType, Class> converterType) {  return true; } @Override public HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter methodParameter, Type targetType, Class> selectedConverterType) throws IOException {  return inputMessage; } @Override public Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class> converterType) {  String dealData = null;  try {   //解密操作   Map dataMap = (Map)body;   String srcData = dataMap.get("data");   dealData = DesUtil.decrypt(srcData);  } catch (Exception e) {   log.error("异常！", e);  }  return dealData; } @Override public Object handleEmptyBody(@Nullable Object var1, HttpInputMessage var2, MethodParameter var3, Type var4, Class> var5) {  log.info("3333");  return var1; }}

响应参数加密拦截类

EncryResponseBodyAdvice代码如下：

/** * 请求参数 解密操作 * * @Author: Java碎碎念 * @Date: 2019/10/24 21:31 * */@Component@ControllerAdvice(basePackages = "com.example.springbootencry.controller")@Slf4jpublic class EncryResponseBodyAdvice implements ResponseBodyAdvice