添加服务端签名验证类

framework/src/main/java/io/geekidea/springbootplus/framework/shiro/signature/RequestWrapper.java

+package io.geekidea.springbootplus.framework.shiro.signature;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+
+import javax.servlet.ReadListener;
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+
+import org.apache.commons.io.IOUtils;
+
+/**
+ * 对HttpServletRequest进行重写，
+ * 1、用来接收application/json参数数据类型，即@RequestBody注解标注的参数,解决多次读取问题
+ * 2、用来解决注解@RequestParam通过POST/PUT/DELETE/PATCH方法传递参数，解决多次读取问题
+ * 首先看一下springboot控制器三个注解：
+ * 1、@PathVariable注解是REST风格url获取参数的方式，只能用在GET请求类型，通过getParameter获取参数
+ * 2、@RequestParam注解支持GET和POST/PUT/DELETE/PATCH方式，Get方式通过getParameter获取参数和post方式通过getInputStream或getReader获取参数
+ * 3、@RequestBody注解支持POST/PUT/DELETE/PATCH，可以通过getInputStream和getReader获取参数
+ * @Author luozh
+ * @Date 2022年04月14日 05:56:57
+ * @Version 1.0
+ */
+public class RequestWrapper extends HttpServletRequestWrapper {
+
+    //参数字节数组
+    private byte[] requestBody;
+    //Http请求对象
+    private HttpServletRequest request;
+
+    public RequestWrapper(HttpServletRequest request) throws IOException {
+        super(request);
+        this.request = request;
+    }
+
+    /**
+     * @return
+     * @throws IOException
+     */
+    @Override
+    public ServletInputStream getInputStream() throws IOException {
+        /**
+         * 每次调用此方法时将数据流中的数据读取出来，然后再回填到InputStream之中
+         * 解决通过@RequestBody和@RequestParam（POST方式）读取一次后控制器拿不到参数问题
+         */
+        if (null == this.requestBody) {
+            ByteArrayOutputStream baos = new ByteArrayOutputStream();
+            IOUtils.copy(request.getInputStream(), baos);
+            this.requestBody = baos.toByteArray();
+        }
+
+        final ByteArrayInputStream bais = new ByteArrayInputStream(requestBody);
+        return new ServletInputStream() {
+
+            @Override
+            public boolean isFinished() {
+                return false;
+            }
+
+            @Override
+            public boolean isReady() {
+                return false;
+            }
+
+            @Override
+            public void setReadListener(ReadListener listener) {
+
+            }
+
+            @Override
+            public int read() {
+                return bais.read();
+            }
+        };
+    }
+
+    public byte[] getRequestBody() {
+        return requestBody;
+    }
+
+    @Override
+    public BufferedReader getReader() throws IOException {
+        return new BufferedReader(new InputStreamReader(this.getInputStream()));
+    }
+}

framework/src/main/java/io/geekidea/springbootplus/framework/shiro/signature/SignatureAuthFilter.java

+package io.geekidea.springbootplus.framework.shiro.signature;
+
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+/**
+ * shiro 用户签名认证
+ * @Author luozh
+ * @Date 2022年04月14日 16:43
+ * @Version 1.0
+ */
+public class SignatureAuthFilter extends AuthenticatingFilter {
+
+    private static final String AUTHORIZATION = "Authorization";
+
+    @Override
+    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
+
+        HttpServletRequest request =
+                ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+
+        String token = request.getHeader(AUTHORIZATION);
+        if (StringUtils.isBlank(token)) {
+            throw new AuthenticationException("token不能为空");
+        }
+
+
+        return null;
+    }
+
+    @Override
+    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
+        return false;
+    }
+}

framework/src/main/java/io/geekidea/springbootplus/framework/shiro/signature/SignatureChecker.java

+package io.geekidea.springbootplus.framework.shiro.signature;
+
+import java.nio.charset.StandardCharsets;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.util.CollectionUtils;
+
+import com.alibaba.fastjson.JSON;
+import com.google.common.collect.Maps;
+
+/**
+ * 签名检验员
+ * @Author luozh
+ * @Date 2022年04月14日 17:31
+ * @Version 1.0
+ */
+public class SignatureChecker {
+
+    /**
+     * 时间戳请求最小限制(600s)
+     * 设置的越小，安全系数越高，但是要注意一定的容错性
+     */
+    private static final long MAX_REQUEST = 10 * 60 * 1000L;
+
+    /**
+     * 签名校验
+     * @Author luozh
+     * @Date 2022年04月14日 05:32:32
+     * @param request 请求信息
+     * @param signature 签名
+     * @Return appKey
+     */
+    public static String check(HttpServletRequest request, String signature) {
+
+
+        return "";
+    }
+
+    /**
+     * 获取请求入参
+     *
+     * @param request
+     * @return
+     */
+    public static Map<String, Object> getParameterMap(HttpServletRequest request) {
+        Map<String, Object> paramMap = new LinkedHashMap<>();
+        if (request instanceof RequestWrapper) {
+            RequestWrapper requestWrapper = (RequestWrapper) request;
+            Map<String, Object> body = getParameterMap(requestWrapper.getRequestBody());
+            if (!CollectionUtils.isEmpty(body)) {
+                paramMap.putAll(body);
+            }
+        }
+        Enumeration<String> names = request.getParameterNames();
+        while (names.hasMoreElements()) {
+            String key = names.nextElement();
+            paramMap.put(key, request.getParameter(key));
+        }
+
+        return paramMap;
+    }
+
+    /**
+     * 获取参数对象
+     *
+     * @param params
+     * @return
+     */
+    public static Map<String, Object> getParameterMap(byte[] params) {
+        try {
+            return JSON.parseObject(new String(params), Map.class);
+        } catch (Exception e) {
+            return convertParameterToMap(new String(params, StandardCharsets.UTF_8));
+        }
+    }
+
+
+    /**
+     * 将参数转换为Map类型
+     *
+     * @param param
+     * @return
+     */
+    public static Map<String, Object> convertParameterToMap(String param) {
+        if (StringUtils.isEmpty(param)) {
+            return Collections.emptyMap();
+        }
+        Map<String, Object> pMap = Maps.newLinkedHashMap();
+        String[] pArray = StringUtils.split(param, "&");
+        for (int i = 0; i < pArray.length; i++) {
+            String[] array = StringUtils.split(pArray[i], "=");
+            if (array.length == 2) {
+                pMap.put(array[0], array[1]);
+            }
+        }
+        return pMap;
+    }
+
+}