APP端ajax请求进行了加密,所以服务端需要对指定Controller的请求参数进行解密,以及一些通用的操作。
不完善,仅作思路参考。
/**
* 功 能: AOP切面类,用于处理方法参数如:参数解密、加密等
*/
@Aspect
@Component
public class HttpAspect {
private final String httpPonit = "execution(public * com.haiyisoft.gcwz.ui.appbase..*Controller.*(..))";
@Pointcut(httpPonit)
public void excuteHttpPoint() {
}
/**
* 环绕执行方法
*/
@Around("excuteHttpPoint()")
public Object around(ProceedingJoinPoint joinPoint) throws Throwable {
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
// 获取header中reqEncrypt的值,如果为true则需要解密请求参数
String reqEncrypt = request.getHeader(AppConstants.HEADER_REQ_ENCRYPT);
String drop = request.getHeader(AppConstants.HEADER_REQ_Drop);
String method = request.getMethod();
Object[] obj = joinPoint.getArgs();
// 只有POST请求,且加密标志为true时才进行解密
if ("POST".equals(method) && "true".equals(reqEncrypt)) {
for (int i = 0, length = obj.length; i < length; i++) {
// 如果是String字符串,直接进行解密
if (obj[i] instanceof String) {
String param = String.valueOf(obj[i]);
if (StringUtils.isNotBlank(param)) {
obj[i] = RSAUtil.decrypt(param, AppConstants.RSA_PRI_KEY);
}
} else if (obj[i] instanceof Object[]) {
// 如果是数组,直接进行解密
Object[] arr = (Object[]) obj[i];
for (int j = 0, len = arr.length; j < len; j++) {
if (arr[j] instanceof String) {
arr[j] = RSAUtil.decrypt(String.valueOf(arr[j]), AppConstants.RSA_PRI_KEY);
}
}
} else if (obj[i] != null && !(obj[i] instanceof HttpServletRequest) && !(obj[i] instanceof HttpServletResponse)) {
Class clazz = obj[i].getClass();
if (clazz == null || clazz.getClassLoader() == null) {
continue;
}
Field[] fs = clazz.getDeclaredFields();
for (Field f : fs) {
// 设置些属性是可以访问的
f.setAccessible(true);
// 得到此属性的类型
System.out.println(f.get(obj[i]));
System.out.println(f.getName());
String fieldType = f.getType().toString();
Object fieldValue = f.get(obj[i]);
if (fieldValue != null) {
if (fieldType.endsWith("String")) {
// 给属性设值
f.set(obj[i], RSAUtil.decrypt(String.valueOf(fieldValue), AppConstants.RSA_PRI_KEY));
} else if (fieldType.endsWith("List")) {
System.out.println(fieldValue.getClass());
List obj1 = (List) fieldValue;
for (Object t : obj1) {
Class listClazz = t.getClass();
if (listClazz == null || listClazz.getClassLoader() == null) {
continue;
}
Field[] listFs = listClazz.getDeclaredFields();
for (Field listF : listFs) {
// 设置些属性是可以访问的
listF.setAccessible(true);
String listFileType = listF.getType().toString();
Object listFieldValue = listF.get(t);
if (listFieldValue != null && listFileType.endsWith("String")) {
// 给属性设值
listF.set(t, RSAUtil.decrypt(String.valueOf(listFieldValue), AppConstants.RSA_PRI_KEY));
}
}
}
}
}
}
}
}
}
// 获取下拉
List<DropVO> droplist = new ArrayList<DropVO>();
if(drop != null && !"".equals(drop)){
DropBeanUtil dropBeanUtil = new DropBeanUtil();
droplist = JSON.parseArray(drop, DropVO.class);
for(DropVO dropvo : droplist){
List<DropBean> dropitem = new ArrayList<DropBean>();
if(dropvo.getFilter() != null && !"".equals(dropvo.getFilter())){//传入filter
if(dropvo.getService() != null && !"".equals(dropvo.getService())){//没有传入service
dropitem = dropBeanUtil.getDrop(dropvo.getDropname(), dropvo.getFilter());
}else{//传入service
dropitem = dropBeanUtil.getDropFromService(dropvo.getService(), dropvo.getDropname(), dropvo.getFilter());
}
}else{//没有传入filter
if(dropvo.getService() != null && !"".equals(dropvo.getService())){//传入service
dropitem = dropBeanUtil.getDropFromService(dropvo.getService(), dropvo.getDropname());
}else{//没有传入service
dropitem = dropBeanUtil.getDrop(dropvo.getDropname());
}
}
Map<String, String> map = dropitem.stream().collect(Collectors.toMap(DropBean::getValue, DropBean::getLabel));
dropvo.setDropmap(map);
}
}
Object result = joinPoint.proceed(obj);
// 对请求结果进行处理 如加密等等
if(droplist.size() > 0 && droplist != null){
ResultVO resultvo = (ResultVO) result;
resultvo.setDrop(droplist);
}
return result;
}
}
