Search in sources :

Example 1 with HttpServletRequestReader

use of com.jeesuite.springweb.servlet.HttpServletRequestReader in project jeesuite-libs by vakinge.

the class SignatureRequestHandler method process.

@Override
public Object process(RequestContext ctx, HttpServletRequest request, BizSystemModule module) {
    String sign = request.getHeader(X_SIGN_HEADER);
    if (StringUtils.isBlank(sign))
        return null;
    String timestamp = request.getHeader(TIMESTAMP_HEADER);
    String appId = request.getHeader(APP_ID_HEADER);
    if (StringUtils.isAnyBlank(timestamp, appId)) {
        throw new JeesuiteBaseException("认证头信息不完整");
    }
    String secret = appIdSecretMappings.get(appId);
    if (StringUtils.isBlank(secret)) {
        throw new JeesuiteBaseException("appId不存在");
    }
    Map<String, Object> requestDatas = new HttpServletRequestReader(request).getRequestDatas();
    String signBaseString = StringUtils.trimToEmpty(ParameterUtils.mapToQueryParams(requestDatas)) + timestamp + secret;
    String expectSign = DigestUtils.md5(signBaseString);
    if (!expectSign.equals(sign)) {
        throw new JeesuiteBaseException("签名错误");
    }
    ctx.set(AbstractZuulFilter.CTX_IGNORE_AUTH, Boolean.TRUE);
    return null;
}
Also used : JeesuiteBaseException(com.jeesuite.common.JeesuiteBaseException) HttpServletRequestReader(com.jeesuite.springweb.servlet.HttpServletRequestReader)

Aggregations

JeesuiteBaseException (com.jeesuite.common.JeesuiteBaseException)1 HttpServletRequestReader (com.jeesuite.springweb.servlet.HttpServletRequestReader)1