a.优点:实现简单,比明文传输安全
b.缺点:1)由于加密所有参数,效率低下 2)信息全加密,不利于前后端联调 3)密钥传输不安全,容易被拦截
优化点:前端生成AES对称加密密钥,用rsa私钥非对称加密将AES密钥加密,传给到后端,后端用rsa公钥解密后获取到AES密钥,这样前后端就有了公共的AES密钥了
加密流程:
a.前端调用接口/web/security/v1/getAesKey 并将其保存在sesssionStrage中
b.后端在前端调用/web/security/v1/getAesKey时,生成AES密钥并保存在session中,并返回给前端
c.前端访问其他接口传入的参数都用此AES密钥加密,接收到的响应数据都用此AES密钥解密,可以拦截器,对所有请求和响应加解密
d.后端和前端一样用此AES密钥进行加解密
前端加解密
<script src="https://cdn.bootcss.com/crypto-js/3.1.9-1/crypto-js.min.js"></script> /** * 加密 **/ function encrypt(value,key) { var tempValue = JSON.stringify(value); var tempKey = CryptoJS.enc.Utf8.parse(key); var srcs = CryptoJS.enc.Utf8.parse(tempValue); var encrypted = CryptoJS.AES.encrypt(srcs, key, { mode: CryptoJS.mode.ECB, padding:CryptoJS.pad.Pkcs7 }); var encryptedValue = encrypted.toString(); return encryptedValue; } /** *解密 **/ function decrypt(value,key) { var keyStr = CryptoJS.enc.Utf8.parse(key) var decrypt = CryptoJS.AES.decrypt(value, keyStr, { mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7 }) return CryptoJS.enc.Utf8.stringify(decrypt).toString() }
b.后端加解密
public class AesEncrypt {
/**
* 加密
*
* @param value数据
* @param key 密钥
* @return 加密后内容
*/
public static byte[] encrypt(byte[] value, String key) throw Exception{
Cipher cipher = Cipher.getInstance(DEFAULT_CIPHER_ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key.getBytes("UTF-8"), "AES"));
return cipher.doFinal(value);
}
/**
* 解密
*
* @param value数据
* @param key 密钥
* @return 解密后内容
*/
public static byte[] decrypt(byte[] value, String key) throw Exception {
Cipher cipher = Cipher.getInstance(DEFAULT_CIPHER_ALGORITHM);
SecretKeySpec secretKeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
//使用密钥初始化,设置为解密模式
cipher.init(Cipher.DECRYPT_MODE, secretKeySpec);
//执行操作
return cipher.doFinal(value);
}
}c.后端拦截代码实现
/**
* 请求过滤器,记得注册
**/
public EncryptFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
String uri = request.getRequestURI();
LOGGER.debug("进入加解密过滤器,URI:{}", uri);
HttpServletResponse response = (HttpServletResponse) servletResponse;
AesHttpServletRequestWrapper aesHttpServletRequestWrapper = new AesHttpServletRequestWrapper(request);
filterChain.doFilter(aesHttpServletRequestWrapper, response);
}
}/**
* (1)请求拦截,解密
**/
public class AesHttpServletRequestWrapper extends HttpServletRequestWrapper {
private String bodyContent;
private Parameters parameters = new Parameters();
private HttpServletRequest request;
public AesHttpServletRequestWrapper (HttpServletRequest request) {
request = request;
initWrapper();
}
private void initWrapper() {
this.parameters.setCharset(charset);
readBodyBytes();
this.parseParameterMap();
}
private void readBodyBytes() {
if (this.bodyContent == null) {
try {
byte[] bodyBytes = readInputBody(request.getInputStream());
this.bodyContent = new String(AesEncrypt.decrypt(bodyBytes), charset);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}
private byte[] readInputBody(InputStream inputStream) throws IOException {
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
byte[] buffer = new byte[1024];
int len;
while ((len = inputStream.read(buffer)) > -1) {
byteArrayOutputStream.write(buffer, 0, len);
}
byteArrayOutputStream.flush();
return byteArrayOutputStream.toByteArray();
}
@Override
public String getQueryString() {
return queryString;
}
@Override
public String getParameter(String name) {
String[] values = getParameterValues(name);
return values == null || values.length == 0 ? null : values[0];
}
@Override
public int getContentLength() {
return bodyContent.getBytes(charset).length;
}
@Override
public long getContentLengthLong() {
return bodyContent.getBytes(charset).length;
}
@Override
public Map<String, String[]> getParameterMap() {
if (paramsMap == null) {
paramsMap = new HashMap<>();
Enumeration<String> nameEnum = this.parameters.getParameterNames();
while (nameEnum.hasMoreElements()) {
String name = nameEnum.nextElement();
paramsMap.put(name, getParameterValues(name));
}
}
return paramsMap;
}
@Override
public Enumeration<String> getParameterNames() {
return this.parameters.getParameterNames();
}
@Override
public String[] getParameterValues(String name) {
return parameters.getParameterValues(name);
}
}/**
* (2) 响应拦截 加密
**/
@ControllerAdvice
public class AesResponseAdvice implements ResponseBodyAdvice<Object> {
private static final String AES_KEY= "AES_KEY";
@Override
public Object beforeBodyWrite(Object body, MethodParameter methodParameter,
MediaType mediaType,
Class<? extends HttpMessageConverter<?>> converterClass,
ServerHttpRequest serverHttpRequest,
ServerHttpResponse serverHttpResponse) {
ServletServerHttpRequest request = (ServletServerHttpRequest) serverHttpRequest;
if (body != null) {
ServletServerHttpResponse response = (ServletServerHttpResponse) serverHttpResponse;
try {
byte[] contentBytes = null;
contentBytes = String.valueOf(body).getBytes(Charset.forName("UTF-8"));
Object aesKey = request.getServletRequest().getSession().getAttribute(AES_KEY);
body = AesEncrypt.encrypt(contentBytes,String.value(aesKey));
} catch (IOException e) {
LOGGER.error("加密数据失败", e);
}
}
return body;
}
}a.优点:效率高,只加密某些重要字段
b.缺点:实现复杂
@JacksonAnnotation
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.FIELD, ElementType.PARAMETER})
public @interface Encrypt {
String value() default "";
String fieldName() default "";
String[] ignoreValue() default {};
}
public class EncryptRequestParamMethodArgumentResolver extends RequestParamMethodArgumentResolver {
IEncryptionService encryptionService;
@Override
@Nullable
protected Object resolveName(String name, MethodParameter parameter, NativeWebRequest request) throws Exception {
Object result = super.resolveName(name, parameter, request);
if (EncryptContext.isEncrypt() && result != null && parameter.hasParameterAnnotation(Encrypt.class)) {
Encrypt encrypt = parameter.getParameterAnnotation(Encrypt.class);
if (result instanceof String && !EncryptUtils.ignoreValue(encrypt, (String) result)) {
if (isArray(parameter)) {
result = ((String) result).split(",");
} else {
result = encryptionService.decrypt(((String) result), encrypt.value());
return result;
}
}
if (result instanceof String[]) {
String[] oldResult = (String[]) result;
String[] newResult = new String[oldResult.length];
for (int i = 0; i < oldResult.length; i++) {
if (EncryptUtils.ignoreValue(encrypt, oldResult[i])) {
newResult[i] = oldResult[i];
} else {
newResult[i] = encryptionService.decrypt(oldResult[i], encrypt.value());
}
}
return newResult;
}
}
return result;
}
public class EncryptRequestResponseBodyMethodProcessor extends RequestResponseBodyMethodProcessor {
@Override
public Object resolveArgument(MethodParameter parameter, @Nullable ModelAndViewContainer mavContainer,
NativeWebRequest webRequest, @Nullable WebDataBinderFactory binderFactory) throws Exception {
if (!EncryptContext.isEncrypt()) {
return super.resolveArgument(parameter, mavContainer, webRequest, binderFactory);
}
Encrypt encrypt = parameter.getParameterAnnotation(Encrypt.class);
if (encrypt == null) {
return super.resolveArgument(parameter, mavContainer, webRequest, binderFactory);
}
// 如果是集合类,且范型类型是基础类型的包装类型
if (Collection.class.isAssignableFrom(parameter.getParameterType())) {
return resolveCollectionArgument(parameter, mavContainer, webRequest, binderFactory, encrypt);
}
// 如果是集合类,且范型类型是基础类型的包装类型
if (parameter.getParameterType().isArray()) {
return resolveArrayArgument(parameter, mavContainer, webRequest, binderFactory, encrypt);
}
// 如果是 Map 类,且泛型类型是基础类型顶的包装类型
if (Map.class.isAssignableFrom(parameter.getParameterType())) {
return resolveMapArgument(parameter, mavContainer, webRequest, binderFactory, encrypt);
}
return super.resolveArgument(parameter, mavContainer, webRequest, binderFactory);
}
}
public class WebBeanPostProcessor implements BeanPostProcessor, PriorityOrdered {
@Nullable
@Override
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
if (bean instanceof RequestMappingHandlerAdapter) {
RequestMappingHandlerAdapter adapter = (RequestMappingHandlerAdapter) bean;
List<HandlerMethodArgumentResolver> currentResolvers = adapter.getArgumentResolvers();
if (currentResolvers == null) {
throw new IllegalStateException(
String.format("No HandlerMethodArgumentResolvers found in RequestMappingHandlerAdapter %s!", beanName));
}
//IEncryptionService encryptionService = new EncryptionService();
//替换PathVariableMethodArgumentResolver 和 RequestParamMethodArgumentResolver
PathVariableMethodArgumentResolver pathVariableMethodArgumentResolver = new EncryptPathVariableMethodArgumentResolver(encryptionService);
RequestParamMethodArgumentResolver requestParamMethodArgumentResolverFalse = new EncryptRequestParamMethodArgumentResolver(encryptionService, beanFactory, false);
RequestParamMethodArgumentResolver requestParamMethodArgumentResolverTrue = new EncryptRequestParamMethodArgumentResolver(encryptionService, beanFactory, true);
EncryptRequestResponseBodyMethodProcessor encryptRequestResponseBodyMethodProcessor;
try {
encryptRequestResponseBodyMethodProcessor = new EncryptRequestResponseBodyMethodProcessor(adapter.getMessageConverters(),
(List<Object>) FieldUtils.readDeclaredField(adapter, "requestResponseBodyAdvice", true));
} catch (IllegalAccessException e) {
throw new CommonException(e);
}
encryptRequestResponseBodyMethodProcessor.setEncryptionService(encryptionService);
List<HandlerMethodArgumentResolver> resolvers = new ArrayList<>(adapter.getArgumentResolvers().size());
//spring 默认注册了2个requestParamMethodArgumentResolver
boolean isFirst = true;
for (HandlerMethodArgumentResolver resolver : adapter.getArgumentResolvers()) {
if (resolver instanceof PathVariableMethodArgumentResolver) {
resolvers.add(pathVariableMethodArgumentResolver);
continue;
}
if (resolver instanceof RequestParamMethodArgumentResolver) {
if (isFirst) {
resolvers.add(requestParamMethodArgumentResolverFalse);
isFirst = false;
continue;
}
resolvers.add(requestParamMethodArgumentResolverTrue);
continue;
}
if (resolver instanceof RequestResponseBodyMethodProcessor) {
resolvers.add(encryptRequestResponseBodyMethodProcessor);
continue;
}
resolvers.add(resolver);
}
adapter.setArgumentResolvers(resolvers);
}
我主要使用Ruby来执行此操作,但到目前为止我的攻击计划如下:使用gemsrdf、rdf-rdfa和rdf-microdata或mida来解析给定任何URI的数据。我认为最好映射到像schema.org这样的统一模式,例如使用这个yaml文件,它试图描述数据词汇表和opengraph到schema.org之间的转换:#SchemaXtoschema.orgconversion#data-vocabularyDV:name:namestreet-address:streetAddressregion:addressRegionlocality:addressLocalityphoto:i
在MRIRuby中我可以这样做:deftransferinternal_server=self.init_serverpid=forkdointernal_server.runend#Maketheserverprocessrunindependently.Process.detach(pid)internal_client=self.init_client#Dootherstuffwithconnectingtointernal_server...internal_client.post('somedata')ensure#KillserverProcess.kill('KILL',
有时我需要处理键/值数据。我不喜欢使用数组,因为它们在大小上没有限制(很容易不小心添加超过2个项目,而且您最终需要稍后验证大小)。此外,0和1的索引变成了魔数(MagicNumber),并且在传达含义方面做得很差(“当我说0时,我的意思是head...”)。散列也不合适,因为可能会不小心添加额外的条目。我写了下面的类来解决这个问题:classPairattr_accessor:head,:taildefinitialize(h,t)@head,@tail=h,tendend它工作得很好并且解决了问题,但我很想知道:Ruby标准库是否已经带有这样一个类? 最佳
我正在尝试使用Curbgem执行以下POST以解析云curl-XPOST\-H"X-Parse-Application-Id:PARSE_APP_ID"\-H"X-Parse-REST-API-Key:PARSE_API_KEY"\-H"Content-Type:image/jpeg"\--data-binary'@myPicture.jpg'\https://api.parse.com/1/files/pic.jpg用这个:curl=Curl::Easy.new("https://api.parse.com/1/files/lion.jpg")curl.multipart_form_
无论您是想搭建桌面端、WEB端或者移动端APP应用,HOOPSPlatform组件都可以为您提供弹性的3D集成架构,同时,由工业领域3D技术专家组成的HOOPS技术团队也能为您提供技术支持服务。如果您的客户期望有一种在多个平台(桌面/WEB/APP,而且某些客户端是“瘦”客户端)快速、方便地将数据接入到3D应用系统的解决方案,并且当访问数据时,在各个平台上的性能和用户体验保持一致,HOOPSPlatform将帮助您完成。利用HOOPSPlatform,您可以开发在任何环境下的3D基础应用架构。HOOPSPlatform可以帮您打造3D创新型产品,HOOPSSDK包含的技术有:快速且准确的CAD
本教程将在Unity3D中混合Optitrack与数据手套的数据流,在人体运动的基础上,添加双手手指部分的运动。双手手背的角度仍由Optitrack提供,数据手套提供双手手指的角度。 01 客户端软件分别安装MotiveBody与MotionVenus并校准人体与数据手套。MotiveBodyMotionVenus数据手套使用、校准流程参照:https://gitee.com/foheart_1/foheart-h1-data-summary.git02 数据转发打开MotiveBody软件的Streaming,开始向Unity3D广播数据;MotionVenus中设置->选项选择Unit
文章目录一、概述简介原理模块二、配置Mysql使用版本环境要求1.操作系统2.mysql要求三、配置canal-server离线下载在线下载上传解压修改配置单机配置集群配置分库分表配置1.修改全局配置2.实例配置垂直分库水平分库3.修改group-instance.xml4.启动监听四、配置canal-adapter1修改启动配置2配置映射文件3启动ES数据同步查询所有订阅同步数据同步开关启动4.验证五、配置canal-admin一、概述简介canal是Alibaba旗下的一款开源项目,Java开发。基于数据库增量日志解析,提供增量数据订阅&消费。Git地址:https://github.co
我正在尝试在Rails上安装ruby,到目前为止一切都已安装,但是当我尝试使用rakedb:create创建数据库时,我收到一个奇怪的错误:dyld:lazysymbolbindingfailed:Symbolnotfound:_mysql_get_client_infoReferencedfrom:/Library/Ruby/Gems/1.8/gems/mysql2-0.3.11/lib/mysql2/mysql2.bundleExpectedin:flatnamespacedyld:Symbolnotfound:_mysql_get_client_infoReferencedf
文章目录1.开发板选择*用到的资源2.串口通信(个人理解)3.代码分析(注释比较详细)1.主函数2.串口1配置3.串口2配置以及中断函数4.注意问题5.源码链接1.开发板选择我用的是STM32F103RCT6的板子,不过代码大概在F103系列的板子上都可以运行,我试过在野火103的霸道板上也可以,主要看一下串口对应的引脚一不一样就行了,不一样的就更改一下。*用到的资源keil5软件这里用到了两个串口资源,采集数据一个,串口通信一个,板子对应引脚如下:串口1,TX:PA9,RX:PA10串口2,TX:PA2,RX:PA32.串口通信(个人理解)我就从串口采集传感器数据这个过程说一下我自己的理解,
SPI接收数据左移一位问题目录SPI接收数据左移一位问题一、问题描述二、问题分析三、探究原理四、经验总结最近在工作在学习调试SPI的过程中遇到一个问题——接收数据整体向左移了一位(1bit)。SPI数据收发是数据交换,因此接收数据时从第二个字节开始才是有效数据,也就是数据整体向右移一个字节(1byte)。请教前辈之后也没有得到解决,通过在网上查阅前人经验终于解决问题,所以写一个避坑经验总结。实际背景:MCU与一款芯片使用spi通信,MCU作为主机,芯片作为从机。这款芯片采用的是它规定的六线SPI,多了两根线:RDY和INT,这样从机就可以主动请求主机给主机发送数据了。一、问题描述根据从机芯片手