更细依赖包

FRAMEWORK.md

@@ -93,6 +93,15 @@ Jetty 更加轻量化，更符合Spring Cloud 分布式部署；当然，这个
 - 解决docker 从容器无法限制JVM内存问题
 - 更改基础镜像为openjdk:8-jre-alpine （以前为8-jdk-alpine）,减小镜像体积。
 
+#### 2019/2/26 添加加密解密方法
+
+数据从后端返回前端，后端对重要数据进行对称加密，并实现签名，保证数据不会被中途拦截篡改；
+数据从前端发送到后端，前端用公钥对数据进行加密，保证数据安全，不会被拦截，并且也需要实现签名，保证数据不被伪造。
+
+- 在 安全（auth） 依赖包中添加了关于加密解密相关功能。
+- 修改ClientInfo 实体类，添加了非对称加密的密钥信息
+
+
 ### 后期我的工作计划
 
 - 将继续精简shiro相关配置，直至完全移除；（已完成）

build.gradle

@@ -17,8 +17,8 @@ buildscript {
         shiro_version = '1.4.0'
         pinyin4j_version = '2.5.1'
         rxJavaVersion='2.2.3'
-        jwtVersion = '1.3.8.3'
-        authVersion='1.1.5.5'
+        jwtVersion = '1.3.9'
+        authVersion='1.1.6'
     }
     repositories {
         mavenCentral()

zen-core/src/main/kotlin/cn/gygxzc/envir/core/CoreConst.kt

@@ -0,0 +1,11 @@
+package cn.gygxzc.envir.core
+
+/**
+ * @author tuonina
+ * @createTime 2019/2/26
+ * 系统界别的常量
+ */
+
+
+const val REQ_HEADER_ENCRYPT_CLIENT="Origin_Client" //前端表明身份，该字段需要用公钥加密传递
+const val REQ_HEADER_CLIENT="Client"  //每个请求头都必须标明自己的身份

zen-core/src/main/kotlin/cn/gygxzc/envir/core/exceptions/InvalidRequestException.kt

@@ -0,0 +1,11 @@
+package cn.gygxzc.envir.core.exceptions
+
+import java.lang.RuntimeException
+
+/**
+ * @author tuonina
+ * @createTime 2019/2/26
+ * 无效请求，比如请求头不满足约定
+ */
+class InvalidRequestException(errMsg:String) :RuntimeException(errMsg) {
+}

zen-web/src/main/java/cn/gygxzc/envir/api/test/controller/TestEncryptController.java

@@ -0,0 +1,30 @@
+package cn.gygxzc.envir.api.test.controller;
+
+import cn.gygxzc.envir.encrypt.SerializedField;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author tuonina
+ * @createTime 2019/2/26
+ */
+@RestController
+@RequestMapping("/test/encrypt")
+public class TestEncryptController {
+
+
+    @GetMapping
+    @SerializedField
+    public Object encrypt(){
+        Map<String,Object> resp = new HashMap<>();
+        resp.put("content","我爱北京天安门！");
+        resp.put("code",1);
+        return resp;
+    }
+
+}

zen-web/src/main/java/cn/gygxzc/envir/api/test/controller/TestSimpController.java

@@ -0,0 +1,30 @@
+package cn.gygxzc.envir.api.test.controller;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author tuonina
+ * @createTime 2019/2/26
+ */
+@RestController
+@RequestMapping("/test")
+public class TestSimpController {
+
+    @GetMapping
+    public Object test(){
+        Map<String,Object>  resp = new HashMap<>();
+        resp.put("data","您好!");
+        resp.put("code",123);
+        return resp;
+    }
+
+    @GetMapping("/text")
+    public String text(){
+        return  "我们都有一个家，名字叫中国！";
+    }
+}

zen-web/src/main/kotlin/cn/gygxzc/envir/encrypt/DecodeRequestBodyAdvice.java

@@ -0,0 +1,35 @@
+package cn.gygxzc.envir.encrypt;
+
+import org.springframework.core.MethodParameter;
+import org.springframework.http.HttpInputMessage;
+import org.springframework.http.converter.HttpMessageConverter;
+import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice;
+
+import java.io.IOException;
+import java.lang.reflect.Type;
+
+/**
+ * @author tuonina
+ * @createTime 2019/2/26
+ */
+public class DecodeRequestBodyAdvice implements RequestBodyAdvice {
+    @Override
+    public boolean supports(MethodParameter methodParameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
+        return false;
+    }
+
+    @Override
+    public HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) throws IOException {
+        return null;
+    }
+
+    @Override
+    public Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
+        return null;
+    }
+
+    @Override
+    public Object handleEmptyBody(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
+        return null;
+    }
+}

zen-web/src/main/kotlin/cn/gygxzc/envir/encrypt/EncodeResponseBodyAdvice.java

@@ -0,0 +1,55 @@
+package cn.gygxzc.envir.encrypt;
+
+import cn.gygxzc.cloud.tina.auth.encrypt.AESUtils;
+import cn.gygxzc.envir.core.CoreConstKt;
+import cn.gygxzc.envir.core.exceptions.InvalidRequestException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.MethodParameter;
+import org.springframework.http.MediaType;
+import org.springframework.http.server.ServerHttpRequest;
+import org.springframework.http.server.ServerHttpResponse;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;
+
+import java.lang.reflect.Method;
+
+/**
+ * @author tuonina
+ * @createTime 2019/2/26
+ */
+@ControllerAdvice("cn.gygxzc.envir")
+public class EncodeResponseBodyAdvice implements ResponseBodyAdvice {
+    private Logger logger = LoggerFactory.getLogger(EncodeResponseBodyAdvice.class);
+
+    @Autowired
+    private ObjectMapper objectMapper;
+
+    @Override
+    public boolean supports(MethodParameter returnType, Class converterType) {
+        Method method = returnType.getMethod();
+        if (method == null) return false;
+        SerializedField serializedField = method.getAnnotation(SerializedField.class);
+        return serializedField != null && serializedField.encode();
+    }
+
+    @Override
+    public Object beforeBodyWrite(Object body, MethodParameter returnType,
+                                  MediaType selectedContentType, Class selectedConverterType,
+                                  ServerHttpRequest request, ServerHttpResponse response) {
+        String clientKey = request.getHeaders().getFirst(CoreConstKt.REQ_HEADER_CLIENT);
+        if (StringUtils.isBlank(clientKey)) {
+            logger.info("beforeBodyWrite 缺少请求头：{}", CoreConstKt.REQ_HEADER_CLIENT);
+            throw new InvalidRequestException("缺少请求头!");
+        }
+        try {
+            String result = objectMapper.writeValueAsString(body);
+            return AESUtils.encode(result, clientKey);
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+}

zen-web/src/main/kotlin/cn/gygxzc/envir/encrypt/SerializedField.java

@@ -0,0 +1,20 @@
+package cn.gygxzc.envir.encrypt;
+
+import java.lang.annotation.*;
+
+/**
+ * @author tuonina
+ * @createTime 2019/2/26
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+@Target({ElementType.METHOD, ElementType.TYPE, ElementType.FIELD})
+public @interface SerializedField {
+
+    /**
+     * 是否对数据进行家吗
+     *
+     * @return 默认为true
+     */
+    boolean encode() default true;
+}