}
- WebMvcConfiguration
private static final String[] excludePathPatterns= {"/api/token/api_token"};@Autowiredprivate TokenInterceptor tokenInterceptor;@Overridepublic void addInterceptors(InterceptorRegistry registry) {super.addInterceptors(registry);registry.addInterceptor(tokenInterceptor).addPathPatterns("/api/**").excludePathPatterns(excludePathPatterns);}复制代码} 5. TokenInterceptor @Component public class TokenInterceptor extends HandlerInterceptorAdapter {@Autowiredprivate RedisTemplate redisTemplate;/** * * @param request * @param response * @param handler 访问的目标方法 * @return * @throws Exception */@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {String token = request.getHeader("token");String timestamp = request.getHeader("timestamp");// 随机字符串String nonce = request.getHeader("nonce");String sign = request.getHeader("sign");Assert.isTrue(!StringUtils.isEmpty(token) && !StringUtils.isEmpty(timestamp) && !StringUtils.isEmpty(sign), "参数错误");// 获取超时时间NotRepeatSubmit notRepeatSubmit = ApiUtil.getNotRepeatSubmit(handler);long expireTime = notRepeatSubmit == null ? 5 * 60 * 1000 : notRepeatSubmit.value();// 2. 请求时间间隔long reqeustInterval = System.currentTimeMillis() - Long.valueOf(timestamp);Assert.isTrue(reqeustInterval < expireTime, "请求超时,请重新请求");// 3. 校验Token是否存在ValueOperations<String, TokenInfo> tokenRedis = redisTemplate.opsForValue();TokenInfo tokenInfo = tokenRedis.get(token);Assert.notNull(tokenInfo, "token错误");// 4. 校验签名(将所有的参数加进来,防止别人篡改参数) 所有参数看参数名升续排序拼接成url// 请求参数 + token + timestamp + nonceString signString = ApiUtil.concatSignString(request) + tokenInfo.getAppInfo().getKey() + token + timestamp + nonce;String signature = MD5Util.encode(signString);boolean flag = signature.equals(sign);Assert.isTrue(flag, "签名错误");// 5. 拒绝重复调用(第一次访问时存储,过期时间和请求超时时间保持一致), 只有标注不允许重复提交注解的才会校验if (notRepeatSubmit != null) {ValueOperations<String, Integer> signRedis = redisTemplate.opsForValue();boolean exists = redisTemplate.hasKey(sign);Assert.isTrue(!exists, "请勿重复提交");signRedis.set(sign, 0, expireTime, TimeUnit.MILLISECONDS);}return super.preHandle(request, response, handler);}复制代码}- MD5Util ----MD5工具类,加密生成数字签名
private static final String hexDigits[] = { "0", "1", "2", "3", "4", "5","6", "7", "8", "9", "a", "b", "c", "d", "e", "f" };private static String byteArrayToHexString(byte b[]) {StringBuffer resultSb = new StringBuffer();for (int i = 0; i < b.length; i++)resultSb.append(byteToHexString(b[i]));return resultSb.toString();}private static String byteToHexString(byte b) {int n = b;if (n < 0)n += 256;int d1 = n / 16;int d2 = n % 16;return hexDigits[d1] + hexDigits[d2];}public static String encode(String origin) {return encode(origin, "UTF-8");}public static String encode(String origin, String charsetname) {String resultString = null;try {resultString = new String(origin);MessageDigest md = MessageDigest.getInstance("MD5");if (charsetname == null || "".equals(charsetname))resultString = byteArrayToHexString(md.digest(resultString.getBytes()));elseresultString = byteArrayToHexString(md.digest(resultString.getBytes(charsetname)));} catch (Exception exception) {}return resultString;}复制代码}- @NotRepeatSubmit -----自定义注解,防止重复提交 。
- 禁止重复提交
推荐阅读
![[大河财立方]星巴克与红杉中国达成战略合作,加速零售创新](https://imgcdn.toutiaoyule.com/20200427/20200427195343329819a_t.jpeg)
- 保护好你的交易平台api接口,不然这样的下场就是你要面对的
- 我也没想到,Java开发 API接口可以不用写 Controller了
- Postman接口自测,有了这个脚本,以后不用复制粘贴token
- 几例实用shell脚本分享
- 阿里开源的限流神器 Sentinel,轻松搞定接口限流
- 电脑操作实用400个快捷键
- 实用小脚本,教你Python自动化备份邮箱
- 3分钟就能看懂 电脑小白实用购机攻略
- 穿衣搭配|领导们秘而不宣的3款软件,实用强大,办公效率和职场升迁利器
- 揭秘CSS实用技巧总结