您的位置: 首页  >  IT文章  >  sign 阻截

sign 阻截

分类: IT文章 2023-11-22 08:32:31
sign 拦截
<beans profile="product,test_sce,test,local">
		<context:component-scan base-package="cn.focus.dc.jiajing.interceptors">
			<context:include-filter type="regex"
				expression=".*Interceptor" />
		</context:component-scan>
	</beans>



package cn.focus.dc.jiajing.interceptors;

import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeMap;

import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;

import cn.focus.dc.commons.controllers.CommonsController;
import cn.focus.dc.config.MsgConstant;

import net.paoding.rose.web.ControllerInterceptorAdapter;
import net.paoding.rose.web.Invocation;

/**
 * 拦截所有controller方法,对于sign不匹配的连接均拦截
 */
public class SignInterceptor extends ControllerInterceptorAdapter {

    private static Logger logger = Logger.getLogger(SignInterceptor.class);
    
    public SignInterceptor(){
        this.setPriority(200);
    }
    
    @Override
    protected boolean isForAction(Method actionMethod, Class<?> controllerClazz) {
        if (controllerClazz.equals(CommonsController.class)) {
            return Boolean.FALSE;
        }
        return super.isForAction(actionMethod, controllerClazz);
    }
    
    @Override
    public Object before(Invocation inv) throws Exception {
        String sign = inv.getRequest().getParameter("sign");
        Map<String, String[]> params = inv.getRequest().getParameterMap();
        
        String result = DigestUtils.md5Hex(getSignedParams(convertMap(params), MsgConstant.SIGN_MD5_KEY));
        logger.info("result===" + result + "\n\t\tsign===" + sign);
        
        if (result.equals(sign)) {
            String accessToken = inv.getRequest().getParameter("access_token");
            logger.debug("uri===" + result + "\n\t\taccess_token===" + accessToken);
            return Boolean.TRUE;
        }
        logger.info("result===:" + result + "\t\ttime:" + System.nanoTime());
        return "@sign error!";
    }
    
    private Map<String, String> convertMap(Map<String, String[]> params) {
        Map<String, String> map = new HashMap<String, String>();
        if (params == null || params.size() == 0) {
            return map;
        }
        for (Map.Entry<String, String[]> entry : params.entrySet()) {
            if (entry.getValue() != null && entry.getValue().length > 0) {
                map.put(entry.getKey(), entry.getValue()[0]);
            }
        }
        return map;
    }

    private String getSignedParams(Map<String, String> params, String secretKey) {
        Map<String, String> ret = new TreeMap<String, String>(params);
        StringBuilder sb = new StringBuilder();
        for (String key : ret.keySet()) {
            sb.append(key).append("=").append(params.get(key));
            sb.append("&");
        }
        return StringUtils.chomp(sb.toString(), "&") + secretKey;
    }
}




String SIGN_MD5_TEST_KEY = new PropertiesUtil().getProperties("/config.properties", "sign.test");
    public static String SIGN_MD5_ONLINE_KEY = new PropertiesUtil().getProperties("/config.properties", "sign.online");




sign.test=**********
sign.online=*************************

相关推荐