解决json解析顺序导致签名不通过的问题

guns-rest/src/main/java/com/stylefeng/guns/rest/common/SimpleObject.java

@@ -10,6 +10,36 @@ public class SimpleObject {
 
     private String user;
 
+    private String name;
+
+    private String tips;
+
+    private Integer age;
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getTips() {
+        return tips;
+    }
+
+    public void setTips(String tips) {
+        this.tips = tips;
+    }
+
+    public Integer getAge() {
+        return age;
+    }
+
+    public void setAge(Integer age) {
+        this.age = age;
+    }
+
     public String getUser() {
         return user;
     }

guns-rest/src/main/java/com/stylefeng/guns/rest/config/WebConfig.java

 package com.stylefeng.guns.rest.config;
 
 import com.stylefeng.guns.rest.modular.auth.filter.AuthFilter;
+import com.stylefeng.guns.rest.modular.auth.security.DataSecurityAction;
+import com.stylefeng.guns.rest.modular.auth.security.impl.Base64SecurityAction;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
@@ -17,4 +19,9 @@ public class WebConfig {
     public AuthFilter jwtAuthenticationTokenFilter() {
         return new AuthFilter();
     }
+
+    @Bean
+    public DataSecurityAction dataSecurityAction() {
+        return new Base64SecurityAction();
+    }
 }

guns-rest/src/main/java/com/stylefeng/guns/rest/modular/auth/converter/BaseTransferEntity.java

@@ -8,20 +8,20 @@ package com.stylefeng.guns.rest.modular.auth.converter;
  */
 public class BaseTransferEntity {
 
-    private Object object;
+    private String object; //base64编码的json字符串
 
-    private String sign;
+    private String sign;   //签名
 
-    public Object getObject() {
+    public String getObject() {
         return object;
     }
 
-    public String getSign() {
-        return sign;
+    public void setObject(String object) {
+        this.object = object;
     }
 
-    public void setObject(Object object) {
-        this.object = object;
+    public String getSign() {
+        return sign;
     }
 
     public void setSign(String sign) {

guns-rest/src/main/java/com/stylefeng/guns/rest/modular/auth/converter/WithSignMessageConverter.java

@@ -7,6 +7,7 @@ import com.stylefeng.guns.core.util.MD5Util;
 import com.stylefeng.guns.rest.common.exception.BizExceptionEnum;
 import com.stylefeng.guns.rest.common.exception.BussinessException;
 import com.stylefeng.guns.rest.config.properties.JwtProperties;
+import com.stylefeng.guns.rest.modular.auth.security.DataSecurityAction;
 import com.stylefeng.guns.rest.modular.auth.util.JwtTokenUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpInputMessage;
@@ -30,6 +31,9 @@ public class WithSignMessageConverter extends FastJsonHttpMessageConverter4 {
     @Autowired
     JwtTokenUtil jwtTokenUtil;
 
+    @Autowired
+    DataSecurityAction dataSecurityAction;
+
     @Override
     public Object read(Type type, Class<?> contextClass, HttpInputMessage inputMessage) throws IOException, HttpMessageNotReadableException {
 
@@ -43,8 +47,9 @@ public class WithSignMessageConverter extends FastJsonHttpMessageConverter4 {
         String token = HttpKit.getRequest().getHeader(jwtProperties.getHeader()).substring(7);
         String md5KeyFromToken = jwtTokenUtil.getMd5KeyFromToken(token);
 
-        String json = JSON.toJSONString(baseTransferEntity.getObject());
-        String encrypt = MD5Util.encrypt(json + md5KeyFromToken);
+        String object = baseTransferEntity.getObject();
+        String json = dataSecurityAction.unlock(object);
+        String encrypt = MD5Util.encrypt(object + md5KeyFromToken);
 
         if (encrypt.equals(baseTransferEntity.getSign())) {
             System.out.println("签名校验成功!");

guns-rest/src/main/java/com/stylefeng/guns/rest/modular/auth/security/DataSecurityAction.java

+package com.stylefeng.guns.rest.modular.auth.security;
+
+/**
+ * 信息传递的保护措施(传递的数据为json)
+ *
+ * @author fengshuonan
+ * @date 2017-09-18 20:41
+ */
+public interface DataSecurityAction {
+
+    /**
+     * 执行数据的保护措施(可以实现自定义的保护措施)
+     *
+     * @author stylefeng
+     * @Date 2017/9/18 20:42
+     */
+    String doAction(String beProtected);
+
+    /**
+     * 解除保护
+     *
+     * @author stylefeng
+     * @Date 2017/9/18 20:45
+     */
+    String unlock(String securityCode);
+}

guns-rest/src/main/java/com/stylefeng/guns/rest/modular/auth/security/impl/Base64SecurityAction.java

+package com.stylefeng.guns.rest.modular.auth.security.impl;
+
+import com.stylefeng.guns.rest.modular.auth.security.DataSecurityAction;
+import org.springframework.util.Base64Utils;
+
+/**
+ * 对数据进行base64编码的方式
+ *
+ * @author fengshuonan
+ * @date 2017-09-18 20:43
+ */
+public class Base64SecurityAction implements DataSecurityAction {
+
+    @Override
+    public String doAction(String beProtected) {
+        return Base64Utils.encodeToString(beProtected.getBytes());
+    }
+
+    @Override
+    public String unlock(String securityCode) {
+        byte[] bytes = Base64Utils.decodeFromString(securityCode);
+        return new String(bytes);
+    }
+}

guns-rest/src/test/java/com/stylefeng/guns/fastjson/JsonTest.java

@@ -21,7 +21,7 @@ public class JsonTest {
         BaseTransferEntity baseTransferEntity = new BaseTransferEntity();
         SimpleObject simpleObject = new SimpleObject();
         simpleObject.setUser("fsn");
-        baseTransferEntity.setObject(simpleObject);
+        baseTransferEntity.setObject("123123");
 
         String json = JSON.toJSONString(simpleObject);
 

guns-rest/src/test/java/com/stylefeng/guns/jwt/DecryptTest.java

@@ -4,6 +4,7 @@ import com.alibaba.fastjson.JSON;
 import com.stylefeng.guns.core.util.MD5Util;
 import com.stylefeng.guns.rest.common.SimpleObject;
 import com.stylefeng.guns.rest.modular.auth.converter.BaseTransferEntity;
+import com.stylefeng.guns.rest.modular.auth.security.impl.Base64SecurityAction;
 
 /**
  * jwt测试
@@ -17,18 +18,24 @@ public class DecryptTest {
 
         String key = "mySecret";
 
-        String compactJws = "eyJhbGciOiJIUzUxMiJ9.eyJyYW5kb21LZXkiOiJ0dDA5emciLCJzdWIiOiJhZG1pbiIsImV4cCI6MTUwNTIyMjU1MiwiaWF0IjoxNTA0NjE3NzUyfQ.wFn1U3qBDZNDlPOkTxOnsbn8U1qjMveyqvbARviJ1tOQ_giFhbToIup4r-Xvy0AaiFnGt2YFB25MA-YFXGDl9Q";
-        String salt = "tt09zg";
+        String compactJws = "eyJhbGciOiJIUzUxMiJ9.eyJyYW5kb21LZXkiOiJxczV4ZjciLCJzdWIiOiJhZG1pbiIsImV4cCI6MTUwNjM0Mzk4NywiaWF0IjoxNTA1NzM5MTg3fQ.N5_npknF-w_pq_3bi-cRp0HkjQqOVlK_dTh5QPIDYcWYCujp4uQ5-QrHDB86azHhsNKVgwpvh1_0ZkxmmEFsEQ";
+        String salt = "qs5xf7";
 
         SimpleObject simpleObject = new SimpleObject();
         simpleObject.setUser("stylefeng");
-        String md5 = MD5Util.encrypt(JSON.toJSONString(simpleObject) + salt);
+        simpleObject.setAge(12);
+        simpleObject.setName("ffff");
+        simpleObject.setTips("code");
+
+        String jsonString = JSON.toJSONString(simpleObject);
+        String encode = new Base64SecurityAction().doAction(jsonString);
+        String md5 = MD5Util.encrypt(encode + salt);
 
         BaseTransferEntity baseTransferEntity = new BaseTransferEntity();
-        baseTransferEntity.setObject(simpleObject);
+        baseTransferEntity.setObject(encode);
         baseTransferEntity.setSign(md5);
 
-        System.out.println(JSON.toJSON(baseTransferEntity));
+        System.out.println(JSON.toJSONString(baseTransferEntity));
 
         //System.out.println("body = " + Jwts.parser().setSigningKey(key).parseClaimsJws(compactJws).getBody());
         //System.out.println("header = " + Jwts.parser().setSigningKey(key).parseClaimsJws(compactJws).getHeader());