Skip to content

A
api
Commit 295b4532 by zhangyu
Options

导出

parent 71f771f6
Showing with 80 additions and 8 deletions
src/com/ejweb/core/base/BaseUserBean.java 0 → 100644
package com.ejweb.core.base;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.annotation.JSONField;
import com.ejweb.core.conf.GConstants;
import org.hibernate.validator.constraints.NotEmpty;
/**
*
* 请求接口基本数据
*
* @team IT Team
* @author renmb
* @version 1.0
* @time 2016-03-10
*
*/
public class BaseUserBean {
@JSONField(deserialize = false, serialize = false)
public static final String DEL_FLAG_NORMAL = "0";
// @JSONField(deserialize=false, serialize=false)
// protected String dbprefix=GConstants.getValue("db.table.prefix", "");//
// 数据库表前缀
@JSONField(serialize=false)
@NotEmpty(message = "appCode不允许为空")
// @JSONField(name="app_code")
protected String userCode;
@JSONField(deserialize = false, serialize = false)
public String getDbprefix() {
return GConstants.getValue("db.table.prefix", "");// 数据库表前缀;
}
// public void setDbprefix(String dbprefix) {
// this.dbprefix = dbprefix;
// }
@JSONField(deserialize = false, serialize = false)
public String getDbName() {
return GConstants.getValue("jdbc.type");
}
public String getUserCode() {
return userCode;
}
public void setUserCode(String appCode) {
this.userCode = appCode;
}
@Override
public String toString() {
return JSON.toJSONString(this);
}
}
src/com/ejweb/core/filter/BasicVerifyFilter.java
......@@ -2,8 +2,11 @@ package com.ejweb.core.filter;
import com.alibaba.fastjson.JSON;
import com.ejweb.core.base.BaseBean;
import com.ejweb.core.base.BaseUserBean;
import com.ejweb.core.conf.GConstants;
import com.ejweb.core.security.GlobalUtil;
import com.ejweb.modules.user.entity.UserEntity;
import com.ejweb.modules.user.service.UserService;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.commons.lang3.StringUtils;
......@@ -36,7 +39,7 @@ public class BasicVerifyFilter implements Filter {
throws IOException, ServletException {
// 由于tomcat漏洞,在不升级的情况下,过滤PUT请求,直接返回
if ("PUT".equals(((HttpServletRequest)request).getMethod())) {
if ("PUT".equals(((HttpServletRequest) request).getMethod())) {
request.getRequestDispatcher("/WEB-INF/views/errors/401.jsp").forward(request, response);// 跳转到验证错误页面
return;
}
......@@ -112,15 +115,27 @@ public class BasicVerifyFilter implements Filter {
String message = "content及sign不允许为空";
if (content != null && sign != null) { // 基本参数不为NULL
BaseBean baseBean = JSON.parseObject(content, BaseBean.class);
message = "app_code不允许为空";
if (baseBean.getAppCode() != null) { // 基本必要参数验证通过
message = "签名验证不匹配";
if (GConstants.IS_VERIFY_CONTENT_SIGN == false
|| GlobalUtil.verifySign(content, GConstants.SIGN_PRIVATE_KEY, sign)) {// 签名验证通过
filterChain.doFilter(request, response);
return;
message = "app_code或 userCode不允许为空";
BaseUserBean baseUserBean = JSON.parseObject(content, BaseUserBean.class);
String userCode = baseUserBean.getUserCode();
if (userCode != null && !"".equals(userCode) && !"undefind".equals(userCode)) {
UserService userService= new UserService();
UserEntity ue=new UserEntity();
ue.setUsercode(userCode);
String userIdByCode = userService.getUserIdByCode(userCode);
message = "用户不存在";
if (userIdByCode != null) {
if (baseBean.getAppCode() != null) { // 基本必要参数验证通过
message = "签名验证不匹配";
if (GConstants.IS_VERIFY_CONTENT_SIGN == false
|| GlobalUtil.verifySign(content, GConstants.SIGN_PRIVATE_KEY, sign)) {// 签名验证通过
filterChain.doFilter(request, response);
return;
}
}
}
}
}
request.setAttribute("message", message);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment