1 gadu atpakaļ · 21eb1ab17d
--- a/src/main/java/com/sqx/modules/sys/oauth2/OAuth2Filter.java
+++ b/src/main/java/com/sqx/modules/sys/oauth2/OAuth2Filter.java
@@ -3,6 +3,10 @@ package com.sqx.modules.sys.oauth2;
 
				 import com.google.gson.Gson;
			
 
				 import com.sqx.common.utils.HttpContextUtils;
			
 
				 import com.sqx.common.utils.Result;
			
 
				+import icu.xuyijie.secureapi.cipher.CipherAlgorithmEnum;
			
 
				+import icu.xuyijie.secureapi.model.SecureApiProperties;
			
 
				+import icu.xuyijie.secureapi.model.SecureApiPropertiesConfig;
			
 
				+import lombok.RequiredArgsConstructor;
			
 
				 import org.apache.commons.lang.StringUtils;
			
 
				 import org.apache.http.HttpStatus;
			
 
				 import org.apache.shiro.authc.AuthenticationException;
			
@@ -20,8 +24,11 @@ import java.io.IOException;
 
				  * oauth2过滤器
			
 
				  *
			
 
				  */
			
 
				+@RequiredArgsConstructor
			
 
				 public class OAuth2Filter extends AuthenticatingFilter {
			
 
				 
			
 
				+    private final SecureApiPropertiesConfig secureApiPropertiesConfig;
			
 
				+
			
 
				     @Override
			
 
				     protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception {
			
 
				         //获取请求token
			
@@ -54,7 +61,7 @@ public class OAuth2Filter extends AuthenticatingFilter {
 
				 
			
 
				             String json = new Gson().toJson(Result.error(HttpStatus.SC_UNAUTHORIZED, "invalid token"));
			
 
				 
			
 
				-            httpResponse.getWriter().print(json);
			
 
				+            httpResponse.getWriter().print(encryptStr(json));
			
 
				 
			
 
				             return false;
			
 
				         }
			
@@ -74,7 +81,7 @@ public class OAuth2Filter extends AuthenticatingFilter {
 
				             Result r = Result.error(HttpStatus.SC_UNAUTHORIZED, throwable.getMessage());
			
 
				 
			
 
				             String json = new Gson().toJson(r);
			
 
				-            httpResponse.getWriter().print(json);
			
 
				+            httpResponse.getWriter().print(encryptStr(json));
			
 
				         } catch (IOException e1) {
			
 
				 
			
 
				         }
			
@@ -97,5 +104,17 @@ public class OAuth2Filter extends AuthenticatingFilter {
 
				         return token;
			
 
				     }
			
 
				 
			
 
				+    private String encryptStr(String content) {
			
 
				+        if (StringUtils.isBlank(content) || !secureApiPropertiesConfig.isEnabled()) {
			
 
				+            return content;
			
 
				+        }
			
 
				 
			
 
				+        CipherAlgorithmEnum cipherAlgorithmEnum = secureApiPropertiesConfig.getCipherAlgorithmEnum();
			
 
				+        // 如果是会话密钥模式
			
 
				+        if (SecureApiProperties.Mode.SESSION_KEY == secureApiPropertiesConfig.getMode()) {
			
 
				+            // 使用会话密钥加密算法加密返回值
			
 
				+            cipherAlgorithmEnum = secureApiPropertiesConfig.getSessionKeyCipherAlgorithm();
			
 
				+        }
			
 
				+        return cipherAlgorithmEnum.encrypt(content, secureApiPropertiesConfig);
			
 
				+    }
			
 
				 }