接口簽名目的是為了，確保請求參數不會被篡改，請求的數據是否已超時，數據是否重復提交等。

接口簽名示意圖

客戶端提交請求時，將以下參數按照約定簽名方式進行簽名，隨后將參數和簽名一同提交服務端：

1.請求頭部分（header）appid：針對不同的調用方分配不同的appid。noce：請求的流水號，防止重復提交。timestamp：請求時間戳，驗證請求是否已超時失效。

2.數據部分Path：按照path中的參數將所有key=value進行拼接。Query：按照所有key=value進行拼接。Form：按照所有key=value進行拼接Body：Json，按照所有key=value進行拼接。String，整個字符串作為一個拼接。

簽名

服務端提接收交請求后，同樣通過接收的“請求頭部分”、“數據部分”的參數進行拼接。隨后驗證客戶端提交的簽名是否正確。

客戶端（Vue）首先需要安裝“jsrsasign”庫，以便實現 RSA 加密、解密、簽名、驗簽等功能。官方地址：http://kjur.github.io/jsrsasign/執行以下命令：

npm install jsrsasign -save

安裝完成后，封裝sign.js

import {KJUR, KEYUTIL, hex2b64, b64tohex} from ’jsrsasign’// 簽名算法const ALGORITHM = ’SHA256withRSA’// 私鑰簽名const RSA_SIGN = (privateKey, src) => { const signature = new KJUR.crypto.Signature({’alg’: ALGORITHM}) // 來解析密鑰 const priKey = KEYUTIL.getKey(privateKey) signature.init(priKey) // 傳入待簽明文 signature.updateString(src) const a = signature.sign() // 轉換成base64，返回 return hex2b64(a) }// 公鑰驗簽const RSA_VERIFY_SIGN = (publicKey, src, data) => { const signature = new KJUR.crypto.Signature({’alg’: ALGORITHM, ’prvkeypem’: publicKey}) signature.updateString(src) return signature.verify(b64tohex(data))}export { RSA_SIGN, RSA_VERIFY_SIGN}

客戶端（Vue）通過sign.js進行加簽、驗簽。

const src = ’我是一段測試字符串2’const publicKey = ’-----BEGIN PUBLIC KEY-----n’ + ’MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC35wxzdTzseajkYL06hEKBCEJun’ + ’JQ/nySId2oTnsxbLiSTEjpAESSbML1lqkKaIwjrSFZzyLMH6DirsoEQcATqqoCDUn’ + ’/H9QNVb5jMSAxxdQusQkTWz6k07bEuy1ppVjpGxNi8o2OGNd+lwPC/hOSDR7lpfmn’ + ’aXLIjEwKSXzil7YAHQIDAQABn’ + ’-----END PUBLIC KEY-----’const privateKey = ’-----BEGIN PRIVATE KEY-----n’ + ’MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALfnDHN1POx5qORgn’ + ’vTqEQoEIQm4lD+fJIh3ahOezFsuJJMSOkARJJswvWWqQpojCOtIVnPIswfoOKuygn’ + ’RBwBOqqgINT8f1A1VvmMxIDHF1C6xCRNbPqTTtsS7LWmlWOkbE2LyjY4Y136XA8Ln’ + ’+E5INHuWl+ZpcsiMTApJfOKXtgAdAgMBAAECgYB2PAcGSC7mPoW2ZvfiIlx7hurmn’ + ’0885D1hu5yohqUOTklXgRWQUTU+zYRHU8LERJgcZQKoKDXqdIPS584Q2mRe0uZMrn’ + ’vaiaBVEnHQreUJUQ8UN12pPUdBHDZvOk3L7/fZHk6A8uy5e09p2rsn+Vfki3zijpn’ + ’7Pd758HMtjuiHBb2QQJBAOuN6jdWBr/zb7KwM9N/cD1jJd6snOTNsLazH/Z3Yt0Tn’ + ’jlsFmRJ6rIt/+jaLKG6YTR8SFyW5LIQTbreeQHPw4FECQQDH3Wpd/mBMMcgpxLZ0n’ + ’F5p1ieza+VA5fbxkQ0hdubEP26B6YwhkTB/xMSOwEjmUI57kfgOTvub36/peb8rIn’ + ’JdwNAkB3fzwlrGeqMzYkIU15avomuki46TqCvHJ8jOyXHUOzQbuDI5jfDgrAjkECn’ + ’MKBnUq41J/lEMueJbU5KqmaqKrWxAkAyexlHnl1iQVymOBpBXkjUET8y26/IpZp0n’ + ’1I2tpp4zPCzfXK4c7yFOQTQbX68NXKXgXne21Ivv6Ll3KtNUFEPtAkBcx5iWU430n’ + ’0/s6218/enaa8jgdqw8Iyirnt07uKabQXqNnvbPYCgpeswEcSvQqMVZVKOaMrjKOn’ + ’G319Es83iq/mn’ + ’-----END PRIVATE KEY-----n’console.log(’明文:’, src)const data = RSA_SIGN(privateKey, src)console.log(’簽名后的結果:’, data)const res = RSA_VERIFY_SIGN(publicKey, src, data)console.log(’驗簽結果:’, res)

服務端（Spring boot）接收請求后，需要對數據和簽名，進行驗證。

首先引入依賴——hutool工具包，Hutool是一個Java工具包，也只是一個工具包，它幫助我們簡化每一行代碼，減少每一個方法，讓Java語言也可以“甜甜的”。

官網地址：https://www.hutool.cn/

在pom.xml下增加如下配置：

<dependency> <groupId>cn.hutool</groupId> <artifactId>hutool-all</artifactId> <version>5.3.5</version></dependency>

服務端（Spring boot）首先要獲取客戶端（Vue）請求的數據，上文已經描述了請求的數據有兩部分，分別是“請求頭部分”、“數據部分”。所以需要配置攔截器，對以上兩部分進行獲取。

配置攔截器（MyInterceptor.java），代碼如下：

import lombok.extern.slf4j.Slf4j;import org.springframework.beans.factory.annotation.Value;import org.springframework.stereotype.Component;import org.springframework.util.StreamUtils;import org.springframework.web.servlet.HandlerInterceptor;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;@Slf4j@Componentpublic class MyInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {//獲取請求參數String queryString = request.getQueryString();log.info('請求參數:{}', queryString);// 獲取headerlog.info('key:{}',request.getHeader('timestamp'));MyHttpServletRequestWrapper myRequestWrapper = new MyHttpServletRequestWrapper(request);//獲取請求bodybyte[] bodyBytes = StreamUtils.copyToByteArray(myRequestWrapper.getInputStream());String body = new String(bodyBytes, request.getCharacterEncoding());log.info('請求體：{}', body);return true; }}

在獲取“請求體body”時，由于“HttpServletRequest”只能讀取一次，攔截器讀取后，后續Controller在讀取時為空，所以需要重寫HttpServletRequestWrapper：

import org.springframework.util.StreamUtils;import javax.servlet.ReadListener;import javax.servlet.ServletInputStream;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletRequestWrapper;import java.io.*;public class MyHttpServletRequestWrapper extends HttpServletRequestWrapper { /** * 緩存下來的HTTP body */ private byte[] body; public MyHttpServletRequestWrapper(HttpServletRequest request) throws IOException {super(request);body = StreamUtils.copyToByteArray(request.getInputStream()); } @Override public ServletInputStream getInputStream() throws IOException {InputStream bodyStream = new ByteArrayInputStream(body);return new ServletInputStream(){ @Override public int read() throws IOException {return bodyStream.read(); } @Override public boolean isFinished() {return false; } @Override public boolean isReady() {return true; } @Override public void setReadListener(ReadListener readListener) { }}; } @Override public BufferedReader getReader() throws IOException {return new BufferedReader(new InputStreamReader(getInputStream())); }}

之后，需要創建過濾器，將“MyHttpServletRequestWrapper” 替換“ServletRequest”，代碼如下：

import lombok.extern.slf4j.Slf4j;import javax.servlet.*;import javax.servlet.http.HttpServletRequest;import java.io.IOException;@Slf4jpublic class RepeatedlyReadFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {ServletRequest requestWrapper = null;if(servletRequest instanceof HttpServletRequest) { requestWrapper = new MyHttpServletRequestWrapper((HttpServletRequest) servletRequest);}if(requestWrapper == null) { filterChain.doFilter(servletRequest, servletResponse);} else { filterChain.doFilter(requestWrapper, servletResponse);} } @Override public void destroy() { }}

之后創建自定義配置，CorsConfig.java，將過濾器、攔截器加入配置：

import com.xyf.interceptor.MyInterceptor;import com.xyf.interceptor.RepeatedlyReadFilter;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.boot.web.servlet.FilterRegistrationBean;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.web.servlet.config.annotation.InterceptorRegistry;import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;@Configurationpublic class CorsConfig extends WebMvcConfigurationSupport { private MyInterceptor myInterceptor; @Autowired public CorsConfig (MyInterceptor myInterceptor){this.myInterceptor = myInterceptor; } // 注冊過濾器 @Bean public FilterRegistrationBean<RepeatedlyReadFilter> repeatedlyReadFilter() {FilterRegistrationBean registration = new FilterRegistrationBean();RepeatedlyReadFilter repeatedlyReadFilter = new RepeatedlyReadFilter();registration.setFilter(repeatedlyReadFilter);registration.addUrlPatterns('/*');return registration; } @Override protected void addInterceptors(InterceptorRegistry registry) {// addPathPatterns添加需要攔截的命名空間；// excludePathPatterns添加排除攔截命名空間registry.addInterceptor(myInterceptor).addPathPatterns('/**');//.excludePathPatterns('/api/sys/login') }}

最后，完成驗簽，代碼如下：

import cn.hutool.core.codec.Base64;import cn.hutool.crypto.SecureUtil;import cn.hutool.crypto.asymmetric.Sign;import cn.hutool.crypto.asymmetric.SignAlgorithm;byte[] data = '我是一段測試字符串2'.getBytes();String publicKey = 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC35wxzdTzseajkYL06hEKBCEJun' +'JQ/nySId2oTnsxbLiSTEjpAESSbML1lqkKaIwjrSFZzyLMH6DirsoEQcATqqoCDUn' +'/H9QNVb5jMSAxxdQusQkTWz6k07bEuy1ppVjpGxNi8o2OGNd+lwPC/hOSDR7lpfmn' +'aXLIjEwKSXzil7YAHQIDAQAB';Sign sign = SecureUtil.sign(SignAlgorithm.SHA256withRSA,null,publicKey);//客戶端傳來的簽名String qm = 'IhY3LNuFn0isud1Pk6BL2eJV3Jl/UzDCYsdG9CYyJwOGqwnzStsv/RiYLnVP4bnQh1NRPMazY6ux/5Zz5Ypcx6RI5W1p5BDbO2afuIZX7x/eIu5utwsanhbxEfvm3XOsyuTbnMDh6BQUrXb4gUz9qgt9IXWjQdqnQRRv3ywzWcA=';byte[] signed = Base64.decode(qm);//驗證簽名boolean verify = sign.verify(data, signed);3、公鑰、私鑰生成

可通過一些網站在線生成公鑰、私鑰網址：https://www.bejson.com/enc/rsa/

bejson在線生成公鑰、私鑰

由于客戶端加簽、服務端驗簽。所以加簽、驗簽的方式務必一致，否則將無法驗證簽名。Vue、Java有不同的簽名工具庫，使用前要做好測試。

到此這篇關于Vue+Springboot實現接口簽名的示例代碼的文章就介紹到這了,更多相關Springboot 接口簽名內容請搜索好吧啦網以前的文章或繼續瀏覽下面的相關文章希望大家以后多多支持好吧啦網！