如何放行bladex框架对请求参数的处理

Blade 未结 1 588
qqww
qqww 2023-02-01 14:04

一、该问题的重现步骤是什么?

1. 使用原生的springboot接收stripe的webhook回调,进行校验是否是stripe发送的请求

2. 使用bladex接收stripe的webhook回调,进行校验是否是stripe发送的请求


二、你期待的结果是什么?实际看到的又是什么?

springboot打印参数

image.png

bladex

image.png


image.png

三、你正在使用的是什么产品,什么版本?在什么操作系统上?

image.png


windows10

四、请提供详细的错误堆栈信息,这很重要。

com.stripe.exception.SignatureVerificationException: No signatures found matching the expected signature for payload

at com.stripe.net.Webhook$Signature.verifyHeader(Webhook.java:102)

at com.stripe.net.Webhook.constructEvent(Webhook.java:50)

at com.stripe.net.Webhook.constructEvent(Webhook.java:30)

at org.springblade.platform.controller.Weebhook.processWebHook(Weebhook.java:49)

at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.base/java.lang.reflect.Method.invoke(Method.java:566)

at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)

at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)

at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)

at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)

at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)

at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)

at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067)

at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963)

at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)

at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:517)

at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:584)

at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)

at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)

at org.springblade.core.log.filter.LogTraceFilter.doFilter(LogTraceFilter.java:39)

at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)

at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)

at org.springblade.core.boot.request.BladeRequestFilter.doFilter(BladeRequestFilter.java:58)

at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)

at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)

at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:124)

at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)

at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)

at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)

at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)

at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)

at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)

at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)

at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)

at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)

at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)

at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)

at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)

at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)

at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)

at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)

at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)

at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)

at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)

at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)

at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)

at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:275)

at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:79)

at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134)

at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131)

at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)

at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)

at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255)

at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:79)

at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:100)

at io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)

at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:852)

at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)

at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:2019)

at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1558)

at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1423)

at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282)

at java.base/java.lang.Thread.run(Thread.java:829)

五、若有更多详细信息,请在下面提供。

通过request获取参数也尝试过,但还是不能通过stripe的校验,大致定位的问题就是bladex框架在某一步处理了请求的参数

1条回答
  •  zhx1994
    zhx1994 (楼主)
    2023-02-01 14:53

    这个是你引入的jar包报的错。

    com.stripe.exception.SignatureVerificationException: No signatures found matching the expected signature for payload

    at com.stripe.net.Webhook$Signature.verifyHeader(Webhook.java:102)

    at com.stripe.net.Webhook.constructEvent(Webhook.java:50)

    at com.stripe.net.Webhook.constructEvent(Webhook.java:30)


    作者追问:2023-02-01 14:53

    jar包报错是因为验签没有通过

    两个项目用的第三方jar包都是同一个,包括webhook这个类都是复制的

    我的意思是可能在到达webhook这个回调类之前bladex框架可能对请求做了一些处理,导致我获取的json字符串不是原文,我需要知道在如何让bladex框架放行这个webhook请求,不对该接口进行校验或者其他操作

    我debug发现是这个一步在bladex框架下报错

    image.png

    下面是Webhook.constructEvent的代码

    image.png


    作者追问:2023-02-01 14:53

    有人能帮下忙吗,谢谢

    0 讨论(0)
提交回复