1. 修复 databus 在多层嵌套的 json 报文，签名存在异常的 bug

2025-12-16 21:34:58 +08:00
parent 13403ea027
commit 12157d5dcb
2 changed files with 7 additions and 3 deletions
--- a/zt-framework/zt-common/src/main/java/com/zt/plat/framework/common/util/security/CryptoSignatureUtils.java
+++ b/zt-framework/zt-common/src/main/java/com/zt/plat/framework/common/util/security/CryptoSignatureUtils.java
@@ -1,6 +1,7 @@
 package com.zt.plat.framework.common.util.security;

 import cn.hutool.crypto.SecureUtil;
+import com.zt.plat.framework.common.util.json.JsonUtils;

 import javax.crypto.Cipher;
 import javax.crypto.KeyGenerator;
@@ -126,7 +127,11 @@ public final class CryptoSignatureUtils {
                continue;
            }
            sb.append(key).append('=');
+            if (value instanceof String || value instanceof Number || value instanceof Boolean) {
                sb.append(value);
+            } else {
+                sb.append(JsonUtils.toJsonString(value));
+            }
            sb.append('&');
        }
        if (sb.length() > 0) {
--- a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java
+++ b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java
@@ -286,8 +286,7 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
        try {
            boolean valid = CryptoSignatureUtils.verifySignature(signaturePayload, signatureType);
            if (!valid) {
-                log.error("[API-PORTAL] 签名校验失败");
-                return;
+                throw new SecurityValidationException(HttpStatus.UNAUTHORIZED, "签名校验失败");
            }
        } catch (IllegalArgumentException ex) {
            throw new SecurityValidationException(HttpStatus.INTERNAL_SERVER_ERROR, "签名算法配置异常");