我正在获取一个加密的String作为Spring rest Controller 方法的Query参数。
我想在字符串到达基于某种注释(例如@Decrypt)的方法之前解密,如下所示
@RequestMapping(value = "/customer", method = RequestMethod.GET)
public String getAppointmentsForDay(@RequestParam("secret") @Decrypt String customerSecret) {
System.out.println(customerSecret); // Needs to be a decrypted value.
...
}
在这种用例中,自定义
Formatter是否正确?还是应该使用自定义的
HandlerMethodArgumentResolver? 最佳答案
对于此用例,定制的org.springframework.format.Formatter实现是一种有效的方法。这就是Spring本身如何实现日期,货币,数字样式等格式器的方式。
脚步:
Decrypt:import java.lang.annotation.*;
@Documented
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.METHOD, ElementType.FIELD, ElementType.PARAMETER, ElementType.ANNOTATION_TYPE})
public @interface Decrypt {
}
AnnotationFormatterFactory:import org.springframework.context.support.EmbeddedValueResolutionSupport;
import org.springframework.format.AnnotationFormatterFactory;
import org.springframework.format.Formatter;
import org.springframework.format.Parser;
import org.springframework.format.Printer;
import java.text.ParseException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Locale;
import java.util.Set;
public class DecryptAnnotationFormatterFactory extends EmbeddedValueResolutionSupport
implements AnnotationFormatterFactory<Decrypt> {
@Override
public Set<Class<?>> getFieldTypes() {
Set<Class<?>> fieldTypes = new HashSet<>();
fieldTypes.add(String.class);
return Collections.unmodifiableSet(fieldTypes);
}
@Override
public Printer<String> getPrinter(Decrypt annotation, Class<?> fieldType) {
return configureFormatterFrom(annotation);
}
@Override
public Parser<String> getParser(Decrypt annotation, Class<?> fieldType) {
return configureFormatterFrom(annotation);
}
private Formatter<String> configureFormatterFrom(Decrypt annotation) {
// you could model something on the Decrypt annotation for use in the decryption call
// in this example the 'decryption' call is stubbed, it just reverses the given String
// presumaby you implementaion of this Formatter will be different e.g. it will invoke your encryption routine
return new Formatter<String>() {
@Override
public String print(String object, Locale locale) {
return object;
}
@Override
public String parse(String text, Locale locale) throws ParseException {
return new StringBuilder(text).reverse().toString();
}
};
}
}
import org.springframework.context.annotation.Configuration;
import org.springframework.format.FormatterRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
public class WebConfigurer extends WebMvcConfigurerAdapter {
@Override
public void addFormatters(FormatterRegistry registry) {
super.addFormatters(registry);
registry.addFormatterForFieldAnnotation(new DecryptAnnotationFormatterFactory());
}
}
完成上述操作后,所有符合
@RequestParam的@Decrypt用法都将通过parse()中声明的DecryptAnnotationFormatterFactory方法传递,以便您可以在此处实现解密调用。为了证明这一点,通过了以下测试:
@RunWith(SpringRunner.class)
@WebMvcTest(controllers = YourController.class)
public class YourControllerTest {
@Autowired
private MockMvc mockMvc;
@Test
public void theSecretRequestParameterWillBeConverted() throws Exception {
MvcResult mvcResult = mockMvc.perform(get("/customer?secret=abcdef")).andExpect(status().isOk()).andReturn();
// the current implementation of the 'custom' endpoint returns the value if the secret request parameter and
// the current decrypt implementation just reverses the given value ...
assertThat(mvcResult.getResponse().getContentAsString(), is("fedcba"));
}
}