Spring Cloud Gateway实现了请求的解密和响应的加密,主要使用的是Hutool工具类中的AES加密算法。这种加密方式不仅用于请求数据的解密,还用于响应数据的加密。通过在网关中添加过滤器GlobalFilter,可以实现这一功能。具体来说,Spring Cloud Gateway的加密和解密流程包括以下几个步骤:
- 前端获取RSA公钥:首先,前端客户端通过访问一个特定的接口从服务器获取RSA公钥。
- 对称密钥加密:客户端生成一个随机的对称密钥,然后使用服务器的RSA公钥对这个对称密钥进行加密。
- 发送加密的对称密钥:客户端将加密后的对称密钥发送到服务器。
- 对称密钥解密:服务器使用自己的RSA私钥解密客户端发送的加密对称密钥,从而得到原始的对称密钥。
- 加密通信:从这一步开始,客户端和服务器都会使用这个对称密钥来加密和解密他们之间的通信。这包括URL的动态加密、请求和响应的加密解密,以及数字签名的验证等。
- 响应数据加密:在响应数据发送回客户端之前,使用相同的对称密钥对响应数据进行加密,确保数据在传输过程中的安全性。
通过这种方式,Spring Cloud Gateway确保了客户端和服务器之间的通信安全,防止数据被截获或篡改,同时也提供了一个有效的机制来验证通信双方的身份。
AES方法:CSDN
Gateway响应数据加密:如下,只有返回数据为json才加密,对于下载还是返回的流这些都不做处理加密;
package com.puwang.springcloud.gateway.filter;import com.google.common.base.Charsets;
import com.puwang.springcloud.gateway.util.AESUtil;
import lombok.extern.slf4j.Slf4j;
import org.apache.logging.log4j.util.Strings;
import org.reactivestreams.Publisher;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.core.io.buffer.DataBufferFactory;
import org.springframework.core.io.buffer.DataBufferUtils;
import org.springframework.core.io.buffer.DefaultDataBufferFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.http.server.reactive.ServerHttpResponseDecorator;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;import java.net.URI;
import java.util.Objects;@Slf4j
@Component
public class EncryptResponseFilter implements GlobalFilter, Ordered {@Overridepublic Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {URI uri = exchange.getRequest().getURI();log.info("URI的参数 "+uri.toString());log.info("============================Return data encryption============================");HttpStatus statusCode = exchange.getResponse().getStatusCode();if(Objects.equals(statusCode, HttpStatus.BAD_REQUEST)|| Objects.equals(statusCode, HttpStatus.TOO_MANY_REQUESTS)||uri.getPath().contains(unCheckUrl) ||uri.getPath().contains(randomUrl)||uri.getPath().contains(fileDownLoad) ||uri.getPath().contains(LOGIN_BUTT) ||uri.getPath().contains(ISC_SSO_LOGIN)){// 如果是特殊的请求,已处理响应内容,这里不再处理return chain.filter(exchange);}// 根据具体业务内容,修改响应体ServerHttpResponse originalResponse = exchange.getResponse();HttpHeaders headers = originalResponse.getHeaders();DataBufferFactory bufferFactory = originalResponse.bufferFactory();ServerHttpResponseDecorator responseDecorator = new ServerHttpResponseDecorator(originalResponse){@Overridepublic Mono<Void> writeWith(Publisher<? extends DataBuffer> body) {if (getStatusCode().equals(HttpStatus.OK) && body instanceof Flux) {Flux<? extends DataBuffer> fluxBody = Flux.from(body);return super.writeWith(fluxBody.buffer().map(dataBuffers -> {DataBufferFactory dataBufferFactory = new DefaultDataBufferFactory();DataBuffer join = dataBufferFactory.join(dataBuffers);String contentType = headers.getFirst(HttpHeaders.CONTENT_TYPE);System.err.println(contentType); //if (contentType.contains("application/json")){byte[] content = new byte[join.readableByteCount()];join.read(content);DataBufferUtils.release(join);// 流转为字符串String responseData = new String(content, Charsets.UTF_8);if(Strings.isNotBlank(responseData)){responseData = AESUtil.encrypt(responseData);}byte[] uppedContent = responseData.getBytes(Charsets.UTF_8);originalResponse.getHeaders().setContentLength(uppedContent.length);return bufferFactory.wrap(uppedContent);}return join;}));} else {log.error("获取响应体数据 :"+getStatusCode());}return super.writeWith(body);}@Overridepublic Mono<Void> writeAndFlushWith(Publisher<? extends Publisher<? extends DataBuffer>> body) {return writeWith(Flux.from(body).flatMapSequential(p -> p));}};return chain.filter(exchange.mutate().response(responseDecorator).build());}@Overridepublic int getOrder() {return -200;}}喜欢的朋友点个赞,加个收藏吧
)
