Example 1 with HttpServletRequestReader
use of com.jeesuite.springweb.servlet.HttpServletRequestReader in project jeesuite-libs by vakinge.
the class SignatureRequestHandler method process.
@Override
public Object process(RequestContext ctx, HttpServletRequest request, BizSystemModule module) {
String sign = request.getHeader(X_SIGN_HEADER);
if (StringUtils.isBlank(sign))
return null;
String timestamp = request.getHeader(TIMESTAMP_HEADER);
String appId = request.getHeader(APP_ID_HEADER);
if (StringUtils.isAnyBlank(timestamp, appId)) {
throw new JeesuiteBaseException("认证头信息不完整");
}
String secret = appIdSecretMappings.get(appId);
if (StringUtils.isBlank(secret)) {
throw new JeesuiteBaseException("appId不存在");
}
Map<String, Object> requestDatas = new HttpServletRequestReader(request).getRequestDatas();
String signBaseString = StringUtils.trimToEmpty(ParameterUtils.mapToQueryParams(requestDatas)) + timestamp + secret;
String expectSign = DigestUtils.md5(signBaseString);
if (!expectSign.equals(sign)) {
throw new JeesuiteBaseException("签名错误");
}
ctx.set(AbstractZuulFilter.CTX_IGNORE_AUTH, Boolean.TRUE);
return null;
}
Also used :
JeesuiteBaseException(com.jeesuite.common.JeesuiteBaseException)
HttpServletRequestReader(com.jeesuite.springweb.servlet.HttpServletRequestReader)
Aggregations
JeesuiteBaseException (com.jeesuite.common.JeesuiteBaseException)1
HttpServletRequestReader (com.jeesuite.springweb.servlet.HttpServletRequestReader)1
