x

src/main/java/com/egolm/shop/common/interceptor/OpenInterceptor.java

-package com.egolm.shop.common.interceptor;
-
-import java.util.Map;
-import java.util.Set;
-import java.util.SortedMap;
-import java.util.TreeMap;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.data.redis.core.RedisTemplate;
-import org.springframework.stereotype.Component;
-import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
-
-import com.egolm.common.GsonUtil;
-import com.egolm.common.MD5Util;
-import com.egolm.common.StringUtil;
-import com.egolm.shop.common.XException;
-import com.egolm.shop.common.utils.I18NUtils;
-import com.egolm.shop.common.utils.ShopContstrant; 
-
-@Component
-public class OpenInterceptor extends HandlerInterceptorAdapter {
-	Log logger = LogFactory.getLog(OpenInterceptor.class);
-	String encoding = "UTF-8";
-	
-	@Autowired
-	private RedisTemplate<String, Object> redisTemplate;
-	
-	/*签名规则：1.按照参数字段名ASCII码排序；2.参数进行url拼接；3.加上签名字符串secret；4.得到字符串后进行SHA1签名；5.将签名得到的字符串加入参数列表中，字段名为sig*/
-	@Override
-	public boolean preHandle(HttpServletRequest req, HttpServletResponse resp, Object handler) throws Exception {
-		String uri = req.getRequestURI(); 
-		if((uri.indexOf("swagger") == -1 && uri.indexOf("/v2/api-docs") == -1)  ) {
-			Map<String, String[]> paramMap = req.getParameterMap();
-			logger.info(GsonUtil.toJson(paramMap));
-			String sign = req.getParameter("sign");
-			String timestamp = req.getParameter("timestamp");
-			String langID = req.getParameter("langID");
-			String terminal = req.getParameter("terminal");
-			
-			if(!StringUtil.isNotBlank(sign,timestamp,langID,terminal)) {
-				throw new XException(I18NUtils.getMessage(langID, "Msg_Paramter_Empty","[sign,timestamp,langID,terminal]")) ;
-			}
-			
-			SortedMap<Object,Object> parameters = new TreeMap<Object,Object>(); 
-			Set<String> keys = paramMap.keySet() ;
-	        for (String key : keys) {
-	        	 String value = req.getParameter(key); 
-	        	 parameters.put(key,value);
-	        }
-	        redisTemplate.opsForHash().put("SystemCtl1111", "test","111");
-	        System.out.println(redisTemplate.opsForHash().get("SystemCtl1111", "test"));
-	        
- 	        Map<?, ?> map =  (Map<?, ?>)redisTemplate.opsForHash().get(ShopContstrant.SystemCtl_Redis_Base_Key, ShopContstrant.CLIENT_MD5KEY);
-	        System.out.println(map);
-	        if(map != null) {
-	        	parameters.put("md5Key", map.get("sValue1")+"");
-	        }else {
-	        	logger.info("从redis中获取 计算签名用的md5key 获取失败");
-	        	throw new XException(I18NUtils.getMessage(langID, "Msg_Sign_failure"));
-	        } 
-			
-			logger.info("request sign  >>>>>>"+sign);
-			String createSign = MD5Util.createSign(encoding, parameters);
-			logger.info("create  sign >>>>>>>"+createSign);
-			if(createSign.toUpperCase().equals(sign.toUpperCase())) {
-				return super.preHandle(req, resp, handler);
-			} else {
-				throw new XException(I18NUtils.getMessage(langID, "Msg_Sign_failure"));
-			}
-		}else { 
-			return super.preHandle(req, resp, handler);  //swagger-ui.html  界面不进行验证
-		}
-	}
-	
-	public static void main(String[] args) {
-		String a= "/A0001/20181023/2018_10_23_17_27_00_58303479.png";
-		System.out.println(a.length());
-	}
-}
+package com.egolm.shop.common.interceptor;
+
+import java.util.Map;
+import java.util.Set;
+import java.util.SortedMap;
+import java.util.TreeMap;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import com.egolm.common.GsonUtil;
+import com.egolm.common.MD5Util;
+import com.egolm.common.StringUtil;
+import com.egolm.common.Util;
+import com.egolm.shop.common.XException;
+import com.egolm.shop.common.utils.I18NUtils;
+import com.egolm.shop.common.utils.ShopContstrant; 
+
+@Component
+public class OpenInterceptor extends HandlerInterceptorAdapter {
+	Log logger = LogFactory.getLog(OpenInterceptor.class);
+	String encoding = "UTF-8";
+	
+	@Value("${ignoreTimestamp:false}")
+	private Boolean ignoreTimestamp;
+	
+	@Autowired
+	private RedisTemplate<String, Object> redisTemplate;
+	
+	/*签名规则：1.按照参数字段名ASCII码排序；2.参数进行url拼接；3.加上签名字符串secret；4.得到字符串后进行SHA1签名；5.将签名得到的字符串加入参数列表中，字段名为sig*/
+	@Override
+	public boolean preHandle(HttpServletRequest req, HttpServletResponse resp, Object handler) throws Exception {
+		String uri = req.getRequestURI(); 
+		if((uri.indexOf("swagger") == -1 && uri.indexOf("/v2/api-docs") == -1)  ) {
+			Map<String, String[]> paramMap = req.getParameterMap();
+			logger.info(GsonUtil.toJson(paramMap));
+			String sign = req.getParameter("sign");
+			String timestamp = req.getParameter("timestamp");
+			String langID = req.getParameter("langID");
+			String terminal = req.getParameter("terminal");
+			
+			if(!StringUtil.isNotBlank(sign,timestamp,langID,terminal)) {
+				throw new XException(I18NUtils.getMessage(langID, "Msg_Paramter_Empty","[sign,timestamp,langID,terminal]")) ;
+			}
+			
+			Long timeLong = Util.objTo(timestamp, Long.class, 0L);
+			if(!ignoreTimestamp && Math.abs(timeLong - System.currentTimeMillis()) > (60L*5L)) {
+				throw new XException("时间戳无效");
+			}
+			
+			SortedMap<Object,Object> parameters = new TreeMap<Object,Object>(); 
+			Set<String> keys = paramMap.keySet() ;
+	        for (String key : keys) {
+	        	 String value = req.getParameter(key); 
+	        	 parameters.put(key,value);
+	        }
+	        redisTemplate.opsForHash().put("SystemCtl1111", "test","111");
+	        System.out.println(redisTemplate.opsForHash().get("SystemCtl1111", "test"));
+	        
+ 	        Map<?, ?> map =  (Map<?, ?>)redisTemplate.opsForHash().get(ShopContstrant.SystemCtl_Redis_Base_Key, ShopContstrant.CLIENT_MD5KEY);
+	        System.out.println(map);
+	        if(map != null) {
+	        	parameters.put("md5Key", map.get("sValue1")+"");
+	        }else {
+	        	logger.info("从redis中获取 计算签名用的md5key 获取失败");
+	        	throw new XException(I18NUtils.getMessage(langID, "Msg_Sign_failure"));
+	        } 
+			
+			logger.info("request sign  >>>>>>"+sign);
+			String createSign = MD5Util.createSign(encoding, parameters);
+			logger.info("create  sign >>>>>>>"+createSign);
+			if(createSign.toUpperCase().equals(sign.toUpperCase())) {
+				return super.preHandle(req, resp, handler);
+			} else {
+				throw new XException(I18NUtils.getMessage(langID, "Msg_Sign_failure"));
+			}
+		}else { 
+			return super.preHandle(req, resp, handler);  //swagger-ui.html  界面不进行验证
+		}
+	}
+	
+	public static void main(String[] args) {
+		String a= "/A0001/20181023/2018_10_23_17_27_00_58303479.png";
+		System.out.println(a.length());
+	}
+}