代码-pub_sign接口签名

2024-04-23 20:54:25 +08:00
parent 8ad2894a57
commit db12d443d4
7 changed files with 33 additions and 19 deletions
--- a/accompany-oauth2/accompany-oauth2-web/src/main/java/com/accompany/oauth2/config/WebMvcConfig.java
+++ b/accompany-oauth2/accompany-oauth2-web/src/main/java/com/accompany/oauth2/config/WebMvcConfig.java
@@ -36,7 +36,7 @@ public class WebMvcConfig implements WebMvcConfigurer{
     */
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
-        registry.addInterceptor(getSecurityInterceptor());
+        registry.addInterceptor(getSecurityInterceptor()).addPathPatterns("/**").excludePathPatterns("/");
        registry.addInterceptor(getLoginInterceptor());
    }

--- a/accompany-oauth2/accompany-oauth2-web/src/main/java/com/accompany/oauth2/interceptor/SecurityInterceptor.java
+++ b/accompany-oauth2/accompany-oauth2-web/src/main/java/com/accompany/oauth2/interceptor/SecurityInterceptor.java
@@ -6,6 +6,7 @@ import com.accompany.common.utils.StringUtils;
 import com.accompany.core.service.common.JedisService;
 import com.accompany.core.util.KeyStore;
 import com.accompany.core.util.MD5;
+import com.alibaba.fastjson.JSON;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -86,21 +87,24 @@ public class SecurityInterceptor extends BasicInterceptor {
 				continue;
 			}

-			builder.append(name).append("=").append(request.getParameter(name)).append("&");
+			String param = String.join(",", entry.getValue());
+			builder.append(name).append("=").append(param).append("&");
 		}

 		// 去除最后一个多余的连接符
 		if (builder.length() > 0) {
 			builder.replace(builder.length() - 1, builder.length(), "");
+			builder.append("&");
 		}

-		builder.append("&key=").append(KeyStore.DES_ENCRYPT_KEY_SMS_PARAMS);
+		builder.append("key=").append(KeyStore.DES_SIGN_KEY);
 		String serverSign = MD5.getMD5(builder.toString());
 		Matcher matcher = pattern.matcher(serverSign);
 		serverSign = matcher.replaceAll("");

 		String clientSign = request.getParameter(ApplicationConstant.PublicParameters.SIGN);
-		logger.info("uri={}, client sign={}, server sign={}, sign string={}", request.getRequestURI(), serverSign, clientSign, builder.toString());
+		logger.warn("非法请求： uri={}, headers={}, parameters={}",
+				request.getRequestURI(), JSON.toJSONString(request.getHeaderNames()), JSON.toJSONString(request.getParameterMap()));
 		return StringUtils.equalsIgnoreCase(clientSign, serverSign);
 	}