Home Explore Help
Register Sign In
wuyongqiang
/
framework
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

优化数据加密异常处理逻辑

woody 2 years ago
parent
526c9ac24d
commit
b34633fd74
3 changed files with 28 additions and 18 deletions
Unified View Show Diff Stats
  1. 4 9
      framework-security/src/main/java/com/chelvc/framework/security/config/SecurityConfigurer.java
  2. 23 0
      framework-security/src/main/java/com/chelvc/framework/security/context/SecurityContextHolder.java
  3. 1 9
      framework-security/src/main/java/com/chelvc/framework/security/interceptor/JacksonEncryptSerializer.java

+ 4 - 9
framework-security/src/main/java/com/chelvc/framework/security/config/SecurityConfigurer.java
View File 

@@ -6,9 +6,9 @@ import javax.servlet.Filter;
 
 
 
 import com.chelvc.framework.base.interceptor.StandardUnifiedResponseWrapper;
 
 import com.chelvc.framework.base.interceptor.StandardUnifiedResponseWrapper;
 
 import com.chelvc.framework.base.interceptor.UnifiedResponseWrapper;
 
 import com.chelvc.framework.base.interceptor.UnifiedResponseWrapper;
 
+import com.chelvc.framework.base.util.StringUtils;
 
 import com.chelvc.framework.security.annotation.Encrypt;
 
 import com.chelvc.framework.security.annotation.Encrypt;
 
 import com.chelvc.framework.security.context.SecurityContextHolder;
 
 import com.chelvc.framework.security.context.SecurityContextHolder;
 
-import lombok.extern.slf4j.Slf4j;
 
 import org.aopalliance.intercept.MethodInvocation;
 
 import org.aopalliance.intercept.MethodInvocation;
 
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 
 import org.springframework.context.annotation.Bean;
 
 import org.springframework.context.annotation.Bean;
 
@@ -35,7 +35,6 @@ import org.springframework.web.filter.CorsFilter;
 
  * @author Woody
 
  * @author Woody
 
  * @date 2023/4/5
 
  * @date 2023/4/5
 
  */
 
  */
 
-@Slf4j
 
 @Configuration
 
 @Configuration
 
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 
 public class SecurityConfigurer extends GlobalMethodSecurityConfiguration {
 
 public class SecurityConfigurer extends GlobalMethodSecurityConfiguration {
 
@@ -70,13 +69,9 @@ public class SecurityConfigurer extends GlobalMethodSecurityConfiguration {
 
             public Object wrap(NativeWebRequest request, MethodParameter method, Object value) {
 
             public Object wrap(NativeWebRequest request, MethodParameter method, Object value) {
 
                 // 判断方法返回值是否需要加密
 
                 // 判断方法返回值是否需要加密
 
                 Method target = Objects.requireNonNull(method.getMethod());
 
                 Method target = Objects.requireNonNull(method.getMethod());
 
-                if (target.getReturnType() == String.class && target.isAnnotationPresent(Encrypt.class)) {
 
-                    try {
 
-                        value = SecurityContextHolder.encrypt((String) value);
 
-                    } catch (Exception e) {
 
-                        // 如果加密失败则回退到明文传输
 
-                        log.error("Data encrypt failed: {}", e.getMessage());
 
-                    }
 
+                if (target.getReturnType() == String.class && target.isAnnotationPresent(Encrypt.class)
 
+                        && StringUtils.nonEmpty(value)) {
 
+                    value = SecurityContextHolder.encrypt((String) value, true);
 
                 }
 
                 }
 
                 return super.wrap(request, method, value);
 
                 return super.wrap(request, method, value);
 
             }
 
             }

+ 23 - 0
framework-security/src/main/java/com/chelvc/framework/security/context/SecurityContextHolder.java
View File 

@@ -73,6 +73,29 @@ public class SecurityContextHolder {
 
         return CODEC_CHARACTERISTIC_PREFIX + ciphertext + CODEC_CHARACTERISTIC_SUFFIX;
 
         return CODEC_CHARACTERISTIC_PREFIX + ciphertext + CODEC_CHARACTERISTIC_SUFFIX;
 
     }
 
     }
 
 
 
+    /**
 
+     * 数据加密
 
+     *
 
+     * @param plaintext 数据明文
 
+     * @param safety    是否使用安全模式(如果加密失败则返回明文)
 
+     * @return 数据密文
 
+     */
 
+    public static String encrypt(String plaintext, boolean safety) {
 
+        // 非安全模式
 
+        if (!safety) {
 
+            return encrypt(plaintext);
 
+        }
 
+
 
+        // 安全模式
 
+        try {
 
+            return encrypt(plaintext);
 
+        } catch (Exception e) {
 
+            // 如果加密失败则返回明文
 
+            log.error("Data encrypt failed: {}", e.getMessage());
 
+            return plaintext;
 
+        }
 
+    }
 
+
 
     /**
 
     /**
 
      * 数据解密
 
      * 数据解密
 
      *
 
      *

+ 1 - 9
framework-security/src/main/java/com/chelvc/framework/security/interceptor/JacksonEncryptSerializer.java
View File 

@@ -11,7 +11,6 @@ import com.fasterxml.jackson.databind.JsonSerializer;
 
 import com.fasterxml.jackson.databind.SerializerProvider;
 
 import com.fasterxml.jackson.databind.SerializerProvider;
 
 import com.fasterxml.jackson.databind.ser.ContextualSerializer;
 
 import com.fasterxml.jackson.databind.ser.ContextualSerializer;
 
 import com.fasterxml.jackson.databind.ser.std.StdSerializer;
 
 import com.fasterxml.jackson.databind.ser.std.StdSerializer;
 
-import lombok.extern.slf4j.Slf4j;
 
 
 
 /**
 
 /**
 
  * 敏感数据加密序列化处理器
 
  * 敏感数据加密序列化处理器
 
@@ -19,7 +18,6 @@ import lombok.extern.slf4j.Slf4j;
 
  * @author Woody
 
  * @author Woody
 
  * @date 2023/7/28
 
  * @date 2023/7/28
 
  */
 
  */
 
-@Slf4j
 
 public class JacksonEncryptSerializer extends StdSerializer<String> implements ContextualSerializer {
 
 public class JacksonEncryptSerializer extends StdSerializer<String> implements ContextualSerializer {
 
     /**
 
     /**
 
      * 敏感字段加密注解实例
 
      * 敏感字段加密注解实例
 
@@ -40,13 +38,7 @@ public class JacksonEncryptSerializer extends StdSerializer<String> implements C
 
         if (this.encrypt == null || StringUtils.isEmpty(plaintext)) {
 
         if (this.encrypt == null || StringUtils.isEmpty(plaintext)) {
 
             generator.writeString(plaintext);
 
             generator.writeString(plaintext);
 
         } else {
 
         } else {
 
-            try {
 
-                generator.writeString(SecurityContextHolder.encrypt(plaintext));
 
-            } catch (Exception e) {
 
-                // 如果加密失败则回退到明文传输
 
-                log.error("Data encrypt failed: {}", e.getMessage());
 
-                generator.writeString(plaintext);
 
-            }
 
+            generator.writeString(SecurityContextHolder.encrypt(plaintext, true));
 
         }
 
         }
 
     }
 
     }