1、vue 申请传值为:工夫戳 (timeStamp)、随机数(nonce)、sign(url+params 参数排序并进行加密)
2、后盾获取申请内容,
a、先验证拜访工夫戳是否超出申请范畴
b、验证随机数(nonce) 是否曾经应用过
c、后盾对获取的参数进行排序并加密,验证获取的标签是否与 sign 是否同一值
注:传参模式 vue 传参模式为 params
@PostMapping(“/add”)
public AjaxResult add(ServletRequest req) throws IOException, ParseException {
HttpServletRequest request = (HttpServletRequest)req;
HttpServletRequest requestWrapper = new BodyReaderHttpServletRequestWrapper(request);
SortedMap<String, String> allParams = HttpUtils.getAllParams(requestWrapper);
String timeStamp = StringUtils.getString(allParams, "timeStamp");
String nonce = StringUtils.getString(allParams, "nonce");
Long validateTime = DateUtil.stampToDate(timeStamp);
if (validateTime < StringConstants.BALIDATETIME) {Object obj = redisService.getCacheObject(nonce);
if (StringUtils.isNull(obj)) {redisService.setCacheObject(nonce, nonce);
boolean isSigned = SignUtil.verifySign(allParams);
if (isSigned) {return toAjax(countService.insertAccount(allParams));
} else {return AjaxResult.error();
}
} else {return AjaxResult.error();
}
} else {return AjaxResult.error();
}
}