关于vue.js:spingbootvue防止多次请求参数篡改数据完整

47次阅读

共计 996 个字符,预计需要花费 3 分钟才能阅读完成。

1、vue 申请传值为:工夫戳 (timeStamp)、随机数(nonce)、sign(url+params 参数排序并进行加密)
2、后盾获取申请内容,
a、先验证拜访工夫戳是否超出申请范畴
b、验证随机数(nonce) 是否曾经应用过
c、后盾对获取的参数进行排序并加密,验证获取的标签是否与 sign 是否同一值
注:传参模式 vue 传参模式为 params

@PostMapping(“/add”)
public AjaxResult add(ServletRequest req) throws IOException, ParseException {

HttpServletRequest request = (HttpServletRequest)req;
HttpServletRequest requestWrapper = new BodyReaderHttpServletRequestWrapper(request);
SortedMap<String, String> allParams = HttpUtils.getAllParams(requestWrapper);
String timeStamp = StringUtils.getString(allParams, "timeStamp");
String nonce = StringUtils.getString(allParams, "nonce");
Long validateTime = DateUtil.stampToDate(timeStamp);
if (validateTime < StringConstants.BALIDATETIME) {Object obj = redisService.getCacheObject(nonce);
    if (StringUtils.isNull(obj)) {redisService.setCacheObject(nonce, nonce);
        boolean isSigned = SignUtil.verifySign(allParams);
        if (isSigned) {return toAjax(countService.insertAccount(allParams));
        } else {return AjaxResult.error();
        }
    } else {return AjaxResult.error();
    }
} else {return AjaxResult.error();
}

}

正文完
 0