解决json解析顺序导致签名不通过的问题

27cd2068 · naan1993 · 949fb98b · 27cd2068 · 27cd2068 · 27cd2068
Commit 27cd2068 authored Sep 18, 2017 by naan1993
8 changed files
--- a/guns-rest/src/main/java/com/stylefeng/guns/rest/common/SimpleObject.java
+++ b/guns-rest/src/main/java/com/stylefeng/guns/rest/common/SimpleObject.java
@@ -10,6 +10,36 @@ public class SimpleObject {
    private String user;
+    private String name;
+    private String tips;
+    private Integer age;
+    public String getName() {
+        return name;
+    }
+    public void setName(String name) {
+        this.name = name;
+    }
+    public String getTips() {
+        return tips;
+    }
+    public void setTips(String tips) {
+        this.tips = tips;
+    }
+    public Integer getAge() {
+        return age;
+    }
+    public void setAge(Integer age) {
+        this.age = age;
+    }
    public String getUser() {
        return user;
    }

--- a/guns-rest/src/main/java/com/stylefeng/guns/rest/config/WebConfig.java
+++ b/guns-rest/src/main/java/com/stylefeng/guns/rest/config/WebConfig.java
 package com.stylefeng.guns.rest.config;
 import com.stylefeng.guns.rest.modular.auth.filter.AuthFilter;
+import com.stylefeng.guns.rest.modular.auth.security.DataSecurityAction;
+import com.stylefeng.guns.rest.modular.auth.security.impl.Base64SecurityAction;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -17,4 +19,9 @@ public class WebConfig {
    public AuthFilter jwtAuthenticationTokenFilter() {
        return new AuthFilter();
    }
+    @Bean
+    public DataSecurityAction dataSecurityAction() {
+        return new Base64SecurityAction();
+    }
 }
--- a/guns-rest/src/main/java/com/stylefeng/guns/rest/modular/auth/converter/BaseTransferEntity.java
+++ b/guns-rest/src/main/java/com/stylefeng/guns/rest/modular/auth/converter/BaseTransferEntity.java
@@ -8,20 +8,20 @@ package com.stylefeng.guns.rest.modular.auth.converter;
 */
 public class BaseTransferEntity {
-    private Object object;
+    private String object; //base64编码的json字符串
-    private String sign;
+    private String sign;   //签名
-    public Object getObject() {
+    public String getObject() {
        return object;
    }
-    public String getSign() {
+    public void setObject(String object) {
-        return sign;
+        this.object = object;
    }
-    public void setObject(Object object) {
+    public String getSign() {
-        this.object = object;
+        return sign;
    }
    public void setSign(String sign) {

--- a/guns-rest/src/main/java/com/stylefeng/guns/rest/modular/auth/converter/WithSignMessageConverter.java
+++ b/guns-rest/src/main/java/com/stylefeng/guns/rest/modular/auth/converter/WithSignMessageConverter.java
@@ -7,6 +7,7 @@ import com.stylefeng.guns.core.util.MD5Util;
 import com.stylefeng.guns.rest.common.exception.BizExceptionEnum;
 import com.stylefeng.guns.rest.common.exception.BussinessException;
 import com.stylefeng.guns.rest.config.properties.JwtProperties;
+import com.stylefeng.guns.rest.modular.auth.security.DataSecurityAction;
 import com.stylefeng.guns.rest.modular.auth.util.JwtTokenUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpInputMessage;
@@ -30,6 +31,9 @@ public class WithSignMessageConverter extends FastJsonHttpMessageConverter4 {
    @Autowired
    JwtTokenUtil jwtTokenUtil;
+    @Autowired
+    DataSecurityAction dataSecurityAction;
    @Override
    public Object read(Type type, Class<?> contextClass, HttpInputMessage inputMessage) throws IOException, HttpMessageNotReadableException {
@@ -43,8 +47,9 @@ public class WithSignMessageConverter extends FastJsonHttpMessageConverter4 {
        String token = HttpKit.getRequest().getHeader(jwtProperties.getHeader()).substring(7);
        String md5KeyFromToken = jwtTokenUtil.getMd5KeyFromToken(token);
-        String json = JSON.toJSONString(baseTransferEntity.getObject());
+        String object = baseTransferEntity.getObject();
-        String encrypt = MD5Util.encrypt(json + md5KeyFromToken);
+        String json = dataSecurityAction.unlock(object);
+        String encrypt = MD5Util.encrypt(object + md5KeyFromToken);
        if (encrypt.equals(baseTransferEntity.getSign())) {
            System.out.println("签名校验成功!");

--- a/guns-rest/src/main/java/com/stylefeng/guns/rest/modular/auth/security/DataSecurityAction.java
+++ b/guns-rest/src/main/java/com/stylefeng/guns/rest/modular/auth/security/DataSecurityAction.java
+package com.stylefeng.guns.rest.modular.auth.security;
+/**
+ * 信息传递的保护措施(传递的数据为json)
+ *
+ * @author fengshuonan
+ * @date 2017-09-18 20:41
+ */
+public interface DataSecurityAction {
+    /**
+     * 执行数据的保护措施(可以实现自定义的保护措施)
+     *
+     * @author stylefeng
+     * @Date 2017/9/18 20:42
+     */
+    String doAction(String beProtected);
+    /**
+     * 解除保护
+     *
+     * @author stylefeng
+     * @Date 2017/9/18 20:45
+     */
+    String unlock(String securityCode);
+}
--- a/guns-rest/src/main/java/com/stylefeng/guns/rest/modular/auth/security/impl/Base64SecurityAction.java
+++ b/guns-rest/src/main/java/com/stylefeng/guns/rest/modular/auth/security/impl/Base64SecurityAction.java
+package com.stylefeng.guns.rest.modular.auth.security.impl;
+import com.stylefeng.guns.rest.modular.auth.security.DataSecurityAction;
+import org.springframework.util.Base64Utils;
+/**
+ * 对数据进行base64编码的方式
+ *
+ * @author fengshuonan
+ * @date 2017-09-18 20:43
+ */
+public class Base64SecurityAction implements DataSecurityAction {
+    @Override
+    public String doAction(String beProtected) {
+        return Base64Utils.encodeToString(beProtected.getBytes());
+    }
+    @Override
+    public String unlock(String securityCode) {
+        byte[] bytes = Base64Utils.decodeFromString(securityCode);
+        return new String(bytes);
+    }
+}
--- a/guns-rest/src/test/java/com/stylefeng/guns/fastjson/JsonTest.java
+++ b/guns-rest/src/test/java/com/stylefeng/guns/fastjson/JsonTest.java
@@ -21,7 +21,7 @@ public class JsonTest {
        BaseTransferEntity baseTransferEntity = new BaseTransferEntity();
        SimpleObject simpleObject = new SimpleObject();
        simpleObject.setUser("fsn");
-        baseTransferEntity.setObject(simpleObject);
+        baseTransferEntity.setObject("123123");
        String json = JSON.toJSONString(simpleObject);

--- a/guns-rest/src/test/java/com/stylefeng/guns/jwt/DecryptTest.java
+++ b/guns-rest/src/test/java/com/stylefeng/guns/jwt/DecryptTest.java
@@ -4,6 +4,7 @@ import com.alibaba.fastjson.JSON;
 import com.stylefeng.guns.core.util.MD5Util;
 import com.stylefeng.guns.rest.common.SimpleObject;
 import com.stylefeng.guns.rest.modular.auth.converter.BaseTransferEntity;
+import com.stylefeng.guns.rest.modular.auth.security.impl.Base64SecurityAction;
 /**
 * jwt测试
@@ -17,18 +18,24 @@ public class DecryptTest {
        String key = "mySecret";
-        String compactJws = "eyJhbGciOiJIUzUxMiJ9.eyJyYW5kb21LZXkiOiJ0dDA5emciLCJzdWIiOiJhZG1pbiIsImV4cCI6MTUwNTIyMjU1MiwiaWF0IjoxNTA0NjE3NzUyfQ.wFn1U3qBDZNDlPOkTxOnsbn8U1qjMveyqvbARviJ1tOQ_giFhbToIup4r-Xvy0AaiFnGt2YFB25MA-YFXGDl9Q";
+        String compactJws = "eyJhbGciOiJIUzUxMiJ9.eyJyYW5kb21LZXkiOiJxczV4ZjciLCJzdWIiOiJhZG1pbiIsImV4cCI6MTUwNjM0Mzk4NywiaWF0IjoxNTA1NzM5MTg3fQ.N5_npknF-w_pq_3bi-cRp0HkjQqOVlK_dTh5QPIDYcWYCujp4uQ5-QrHDB86azHhsNKVgwpvh1_0ZkxmmEFsEQ";
-        String salt = "tt09zg";
+        String salt = "qs5xf7";
        SimpleObject simpleObject = new SimpleObject();
        simpleObject.setUser("stylefeng");
-        String md5 = MD5Util.encrypt(JSON.toJSONString(simpleObject) + salt);
+        simpleObject.setAge(12);
+        simpleObject.setName("ffff");
+        simpleObject.setTips("code");
+        String jsonString = JSON.toJSONString(simpleObject);
+        String encode = new Base64SecurityAction().doAction(jsonString);
+        String md5 = MD5Util.encrypt(encode + salt);
        BaseTransferEntity baseTransferEntity = new BaseTransferEntity();
-        baseTransferEntity.setObject(simpleObject);
+        baseTransferEntity.setObject(encode);
        baseTransferEntity.setSign(md5);
-        System.out.println(JSON.toJSON(baseTransferEntity));
+        System.out.println(JSON.toJSONString(baseTransferEntity));
        //System.out.println("body = " + Jwts.parser().setSigningKey(key).parseClaimsJws(compactJws).getBody());
        //System.out.println("header = " + Jwts.parser().setSigningKey(key).parseClaimsJws(compactJws).getHeader());