Spring Cloud Gateway 响应数据加密

Spring Cloud Gateway实现了请求的解密和响应的加密,‌主要使用的是Hutool工具类中的AES加密算法。‌这种加密方式不仅用于请求数据的解密,‌还用于响应数据的加密。‌通过在网关中添加过滤器GlobalFilter,‌可以实现这一功能。‌具体来说,‌Spring Cloud Gateway的加密和解密流程包括以下几个步骤:‌

  1. 前端获取RSA公钥:‌首先,‌前端客户端通过访问一个特定的接口从服务器获取RSA公钥。‌
  2. 对称密钥加密:‌客户端生成一个随机的对称密钥,‌然后使用服务器的RSA公钥对这个对称密钥进行加密。‌
  3. 发送加密的对称密钥:‌客户端将加密后的对称密钥发送到服务器。‌
  4. 对称密钥解密:‌服务器使用自己的RSA私钥解密客户端发送的加密对称密钥,‌从而得到原始的对称密钥。‌
  5. 加密通信:‌从这一步开始,‌客户端和服务器都会使用这个对称密钥来加密和解密他们之间的通信。‌这包括URL的动态加密、‌请求和响应的加密解密,‌以及数字签名的验证等。‌
  6. 响应数据加密:‌在响应数据发送回客户端之前,‌使用相同的对称密钥对响应数据进行加密,‌确保数据在传输过程中的安全性。‌

通过这种方式,‌Spring Cloud Gateway确保了客户端和服务器之间的通信安全,‌防止数据被截获或篡改,‌同时也提供了一个有效的机制来验证通信双方的身份。

AES方法:CSDN

Gateway响应数据加密:如下,只有返回数据为json才加密,对于下载还是返回的流这些都不做处理加密;

package com.puwang.springcloud.gateway.filter;

import com.google.common.base.Charsets;
import com.puwang.springcloud.gateway.util.AESUtil;
import lombok.extern.slf4j.Slf4j;
import org.apache.logging.log4j.util.Strings;
import org.reactivestreams.Publisher;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.core.io.buffer.DataBufferFactory;
import org.springframework.core.io.buffer.DataBufferUtils;
import org.springframework.core.io.buffer.DefaultDataBufferFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.http.server.reactive.ServerHttpResponseDecorator;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

import java.net.URI;
import java.util.Objects;

@Slf4j
@Component
public class EncryptResponseFilter implements GlobalFilter, Ordered {

	@Override
	public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
		URI uri = exchange.getRequest().getURI();
		log.info("URI的参数 "+uri.toString());
		log.info("============================Return data encryption============================");
		HttpStatus statusCode = exchange.getResponse().getStatusCode();
		if(Objects.equals(statusCode, HttpStatus.BAD_REQUEST)
				|| Objects.equals(statusCode, HttpStatus.TOO_MANY_REQUESTS)
				||uri.getPath().contains(unCheckUrl) ||uri.getPath().contains(randomUrl)
				||uri.getPath().contains(fileDownLoad) ||uri.getPath().contains(LOGIN_BUTT) ||uri.getPath().contains(ISC_SSO_LOGIN)){
			// 如果是特殊的请求,已处理响应内容,这里不再处理
			return chain.filter(exchange);
		}

		// 根据具体业务内容,修改响应体
		ServerHttpResponse originalResponse = exchange.getResponse();
		HttpHeaders headers = originalResponse.getHeaders();
		DataBufferFactory bufferFactory = originalResponse.bufferFactory();
		ServerHttpResponseDecorator responseDecorator = new ServerHttpResponseDecorator(originalResponse){
			@Override
			public Mono<Void> writeWith(Publisher<? extends DataBuffer> body) {
				if (getStatusCode().equals(HttpStatus.OK) && body instanceof Flux) {
					Flux<? extends DataBuffer> fluxBody = Flux.from(body);
					return super.writeWith(fluxBody.buffer().map(dataBuffers -> {
						DataBufferFactory dataBufferFactory = new DefaultDataBufferFactory();
						DataBuffer join = dataBufferFactory.join(dataBuffers);
						String contentType = headers.getFirst(HttpHeaders.CONTENT_TYPE);
						System.err.println(contentType); //
						if (contentType.contains("application/json")){
							byte[] content = new byte[join.readableByteCount()];
							join.read(content);
							DataBufferUtils.release(join);
							// 流转为字符串
							String responseData = new String(content, Charsets.UTF_8);
							if(Strings.isNotBlank(responseData)){
								responseData = AESUtil.encrypt(responseData);
							}
							byte[] uppedContent = responseData.getBytes(Charsets.UTF_8);
							originalResponse.getHeaders().setContentLength(uppedContent.length);
							return bufferFactory.wrap(uppedContent);
						}
						return join;
					}));
				} else {
					log.error("获取响应体数据 :"+getStatusCode());
				}
				return super.writeWith(body);
			}

			@Override
			public Mono<Void> writeAndFlushWith(Publisher<? extends Publisher<? extends DataBuffer>> body) {
				return writeWith(Flux.from(body).flatMapSequential(p -> p));
			}
		};
		return chain.filter(exchange.mutate().response(responseDecorator).build());
	}

	@Override
	public int getOrder() {
		return -200;
	}


}

喜欢的朋友点个赞,加个收藏吧

相关推荐

  1. SpringCloudGateway

    2024-07-21 02:04:01       31 阅读
  2. Spring Cloud Gateway 响应数据加密

    2024-07-21 02:04:01       42 阅读
  3. 最新得物data参数加密分析与响应数据解密

    2024-07-21 02:04:01       27 阅读

最近更新

  1. docker php8.1+nginx base 镜像 dockerfile 配置

    2024-07-21 02:04:01       171 阅读
  2. Could not load dynamic library ‘cudart64_100.dll‘

    2024-07-21 02:04:01       189 阅读
  3. 在Django里面运行非项目文件

    2024-07-21 02:04:01       157 阅读
  4. Python语言-面向对象

    2024-07-21 02:04:01       170 阅读

热门阅读

  1. HTTP爬虫IP流量和数量计费模式选择指南

    2024-07-21 02:04:01       32 阅读
  2. PHP项目开发流程概述

    2024-07-21 02:04:01       33 阅读
  3. Go知识点记录

    2024-07-21 02:04:01       33 阅读
  4. DAY05 CSS

    DAY05 CSS

    2024-07-21 02:04:01      40 阅读
  5. MacOS命令行运行fortran程序|编程私教解答

    2024-07-21 02:04:01       38 阅读
  6. 类与对象-多态-案例3-电脑组装具体实现

    2024-07-21 02:04:01       36 阅读
  7. OpenPyXL 写入 Excel 文件

    2024-07-21 02:04:01       36 阅读
  8. 量化机器人如何实现无缝交易?

    2024-07-21 02:04:01       35 阅读