diff --git a/pom.xml b/pom.xml
index 67309a22..1642e808 100644
--- a/pom.xml
+++ b/pom.xml
@@ -243,6 +243,19 @@
1.0.0
+
+ wzy
+
+ dev
+
+ 172.16.46.63:30848
+ wzy
+ DEFAULT_GROUP
+ nacos
+ P@ssword25
+ 1.0.0
+
+
klw-dev
diff --git a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java
index b37dfb76..7bd4e98f 100644
--- a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java
+++ b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java
@@ -108,7 +108,9 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
credential = credentialService.findActiveCredential(appId)
.orElseThrow(() -> new SecurityValidationException(HttpStatus.UNAUTHORIZED, "应用凭证不存在或已禁用"));
boolean allowAnonymous = Boolean.TRUE.equals(credential.getAllowAnonymous());
+ boolean enableEncryption = Boolean.TRUE.equals(credential.getEnableEncryption());
ApiAnonymousUserService.AnonymousUserDetails anonymousDetails = null;
+ byte[] requestBody = StreamUtils.copyToByteArray(request.getInputStream());
if (allowAnonymous) {
Long anonymousUserId = credential.getAnonymousUserId();
if (anonymousUserId == null) {
@@ -117,24 +119,25 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
anonymousDetails = anonymousUserService.find(anonymousUserId)
.orElseThrow(() -> new SecurityValidationException(HttpStatus.UNAUTHORIZED, "匿名访问固定用户不可用"));
}
-
String timestampHeader = requireHeader(request, TIMESTAMP_HEADER, "缺少时间戳");
// 校验时间戳与随机数,防止请求被重放
validateTimestamp(timestampHeader, security);
- String nonce = requireHeader(request, NONCE_HEADER, "缺少随机数");
- if (nonce.length() < 8) {
- throw new SecurityValidationException(HttpStatus.BAD_REQUEST, "随机数长度不足");
- }
- String signature = requireHeader(request, SIGNATURE_HEADER, "缺少签名");
+ if (enableEncryption){
+ String nonce = requireHeader(request, NONCE_HEADER, "缺少随机数");
+ if (nonce.length() < 8) {
+ throw new SecurityValidationException(HttpStatus.BAD_REQUEST, "随机数长度不足");
+ }
+ String signature = requireHeader(request, SIGNATURE_HEADER, "缺少签名");
- byte[] originalBody = StreamUtils.copyToByteArray(request.getInputStream());
- // 尝试按凭证配置解密请求体,并构建签名载荷进行校验
- byte[] decryptedBody = decryptRequestBody(originalBody, credential, security);
- verifySignature(request, decryptedBody, signature, credential, security, appId, timestampHeader);
- ensureNonce(tenantId, appId, nonce, security);
+ // 尝试按凭证配置解密请求体,并构建签名载荷进行校验
+ byte[] decryptedBody = decryptRequestBody(requestBody, credential, security);
+ verifySignature(request, decryptedBody, signature, credential, security, appId, timestampHeader);
+ ensureNonce(tenantId, appId, nonce, security);
+ requestBody = decryptedBody;
+ }
// 使用可重复读取的请求包装,供后续过滤器继续消费
- CachedBodyHttpServletRequest securedRequest = new CachedBodyHttpServletRequest(request, decryptedBody);
+ CachedBodyHttpServletRequest securedRequest = new CachedBodyHttpServletRequest(request, requestBody);
securedRequest.setHeader(APP_ID_HEADER, credential.getAppId());
securedRequest.setHeader(HEADER_CREDENTIAL_ID, credential.getId() != null ? String.valueOf(credential.getId()) : null);
ApiGatewayAccessLogger.propagateLogIdHeader(securedRequest, accessLogId);