2.创建切面类org.springframework.boot spring-boot-starter-aop
@Aspect
@Component
public class SjztDynamicApiAspect {
@Resource
private SjztDynamicApiLogService sjztDynamicApiLogService;
@Resource
private SjztDynamicApiUserService sjztDynamicApiUserService;
@Resource
private SjztDynamicApiWhitelistService sjztDynamicApiWhitelistService;
}
3.实现简单API调用认证
@Pointcut("execution(* com.yeyoo.sjzt.platform.controller.rest.SjztUserServiceRestController.exec(..))")
public void apiUserFilter() {
}
@Before(value = "apiUserFilter()")
public void userFilter(JoinPoint joinPoint) {
// 获取当前请求对象
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
HttpServletRequest request = attributes.getRequest();
// 获取请求参数ak、sn
String ak = request.getParameter("ak");
String sn = request.getParameter("sn");
if(ak==null||ak.equals("")||sn==null||sn.equals("")){
throw new DynamicApiException(ResultCode.BAD_REQUEST,"缺少请求参数");
}
String userName = "";
String sk = "";
// 判断服务平台用户是否已创建
SjztDynamicApiUser user = sjztDynamicApiUserService.selectApiUser(ak);
if(user==null){
throw new DynamicApiException(ResultCode.UNAUTHORIZED,"用户未授权,请联系服务平台管理员");
}else {
userName = user.getUserName();
sk = user.getSeckey();
}
// 获取被调用的签名
Signature signature = joinPoint.getSignature();
// 转换为方法签名
MethodSignature methodSignature = (MethodSignature) signature;
// 获取 controller 的方法
Method method = methodSignature.getMethod();
// 获取serviceApi
com.yeyoo.dynamic.api.beans.DynamicApiExecRequest reqMap = (DynamicApiExecRequest) getParameter(method, joinPoint.getArgs());
String serviceApi = reqMap.getServiceApi();
// 判断用户是否在接口白名单中
SjztDynamicApiWhitelist whitelist = sjztDynamicApiWhitelistService.selectApiWhitelist(serviceApi,userName);
if(whitelist==null){
throw new DynamicApiException(ResultCode.FORBIDDEN,"接口未授权,请联系服务平台管理员");
}
// 拼接未加密字符串
String str = ********;
// 加密字符串获得本地sn
String localSn = ************;
// 对比参数sn和localSn
if(!localSn.equals(sn)){
throw new DynamicApiException(ResultCode.VALIDATE_FAILED,"sn校验失败");
}
}
4.调用日志记录
@Pointcut("execution(* com.yeyoo.sjzt.platform.controller.rest.SjztUserServiceRestController.exec(..))")
public void apiLog() {
}
@AfterReturning(value = "apiLog()", returning = "responseBody")
public void saveApiLog(JoinPoint joinPoint, Object responseBody) {
// 获取当前请求对象
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
HttpServletRequest request = attributes.getRequest();
SjztDynamicApiLog sjztDynamicApiLog = new SjztDynamicApiLog();
// 获取被调用的签名
Signature signature = joinPoint.getSignature();
// 转换为方法签名
MethodSignature methodSignature = (MethodSignature) signature;
// 获取 controller 的方法
Method method = methodSignature.getMethod();
// 获取Status Code
com.yeyoo.sjzt.beans.ResultData resMap = (ResultData) responseBody;
Integer code = resMap.getCode();
// 获取动态接口名称
com.yeyoo.dynamic.api.beans.DynamicApiExecRequest reqMap = (DynamicApiExecRequest) getParameter(method, joinPoint.getArgs());
String apiName = reqMap.getServiceApi();
// 动态接口调用日志组装入库
sjztDynamicApiLog.setCode(code);
sjztDynamicApiLog.setApiName(apiName);
sjztDynamicApiLog.setMethod(request.getMethod());
sjztDynamicApiLog.setRequestBody(JSON.toJSONString(getParameter(method, joinPoint.getArgs())));
sjztDynamicApiLog.setResponseBody(JSON.toJSONString(responseBody));
sjztDynamicApiLogService.addApiLog(sjztDynamicApiLog);
}
private Object getParameter(Method method, Object[] args) {
List
5.异常日志记录
@AfterThrowing(value = "apiLog()", throwing = "exception")
public void saveExceptionLog(JoinPoint joinPoint, DynamicApiException exception) {
// 获取当前请求对象
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
HttpServletRequest request = attributes.getRequest();
SjztDynamicApiLog sjztDynamicApiLog = new SjztDynamicApiLog();
// 获取被调用的签名
Signature signature = joinPoint.getSignature();
// 转换为方法签名
MethodSignature methodSignature = (MethodSignature) signature;
// 获取 controller 的方法
Method method = methodSignature.getMethod();
Integer code = exception.getErrorCode().getCode();
// 获取动态接口名称
com.yeyoo.dynamic.api.beans.DynamicApiExecRequest reqMap = (DynamicApiExecRequest) getParameter(method, joinPoint.getArgs());
String apiName = reqMap.getServiceApi();
// 动态接口调用日志组装入库
sjztDynamicApiLog.setCode(code);
sjztDynamicApiLog.setApiName(apiName);
sjztDynamicApiLog.setMethod(request.getMethod());
sjztDynamicApiLog.setRequestBody(JSON.toJSONString(getParameter(method, joinPoint.getArgs())));
sjztDynamicApiLog.setResponseBody(JSON.toJSONString(exception.getMessage()));
sjztDynamicApiLogService.addApiLog(sjztDynamicApiLog);
}
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)