Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
A
api
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
首航-临时账号
api
Commits
295b4532
Commit
295b4532
authored
Jan 10, 2020
by
zhangyu
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
导出
parent
71f771f6
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
80 additions
and
8 deletions
+80
-8
BaseUserBean.java
src/com/ejweb/core/base/BaseUserBean.java
+57
-0
BasicVerifyFilter.java
src/com/ejweb/core/filter/BasicVerifyFilter.java
+23
-8
No files found.
src/com/ejweb/core/base/BaseUserBean.java
0 → 100644
View file @
295b4532
package
com
.
ejweb
.
core
.
base
;
import
com.alibaba.fastjson.JSON
;
import
com.alibaba.fastjson.annotation.JSONField
;
import
com.ejweb.core.conf.GConstants
;
import
org.hibernate.validator.constraints.NotEmpty
;
/**
*
* 请求接口基本数据
*
* @team IT Team
* @author renmb
* @version 1.0
* @time 2016-03-10
*
*/
public
class
BaseUserBean
{
@JSONField
(
deserialize
=
false
,
serialize
=
false
)
public
static
final
String
DEL_FLAG_NORMAL
=
"0"
;
// @JSONField(deserialize=false, serialize=false)
// protected String dbprefix=GConstants.getValue("db.table.prefix", "");//
// 数据库表前缀
@JSONField
(
serialize
=
false
)
@NotEmpty
(
message
=
"appCode不允许为空"
)
// @JSONField(name="app_code")
protected
String
userCode
;
@JSONField
(
deserialize
=
false
,
serialize
=
false
)
public
String
getDbprefix
()
{
return
GConstants
.
getValue
(
"db.table.prefix"
,
""
);
// 数据库表前缀;
}
// public void setDbprefix(String dbprefix) {
// this.dbprefix = dbprefix;
// }
@JSONField
(
deserialize
=
false
,
serialize
=
false
)
public
String
getDbName
()
{
return
GConstants
.
getValue
(
"jdbc.type"
);
}
public
String
getUserCode
()
{
return
userCode
;
}
public
void
setUserCode
(
String
appCode
)
{
this
.
userCode
=
appCode
;
}
@Override
public
String
toString
()
{
return
JSON
.
toJSONString
(
this
);
}
}
src/com/ejweb/core/filter/BasicVerifyFilter.java
View file @
295b4532
...
@@ -2,8 +2,11 @@ package com.ejweb.core.filter;
...
@@ -2,8 +2,11 @@ package com.ejweb.core.filter;
import
com.alibaba.fastjson.JSON
;
import
com.alibaba.fastjson.JSON
;
import
com.ejweb.core.base.BaseBean
;
import
com.ejweb.core.base.BaseBean
;
import
com.ejweb.core.base.BaseUserBean
;
import
com.ejweb.core.conf.GConstants
;
import
com.ejweb.core.conf.GConstants
;
import
com.ejweb.core.security.GlobalUtil
;
import
com.ejweb.core.security.GlobalUtil
;
import
com.ejweb.modules.user.entity.UserEntity
;
import
com.ejweb.modules.user.service.UserService
;
import
org.apache.commons.fileupload.servlet.ServletFileUpload
;
import
org.apache.commons.fileupload.servlet.ServletFileUpload
;
import
org.apache.commons.lang3.StringUtils
;
import
org.apache.commons.lang3.StringUtils
;
...
@@ -36,7 +39,7 @@ public class BasicVerifyFilter implements Filter {
...
@@ -36,7 +39,7 @@ public class BasicVerifyFilter implements Filter {
throws
IOException
,
ServletException
{
throws
IOException
,
ServletException
{
// 由于tomcat漏洞,在不升级的情况下,过滤PUT请求,直接返回
// 由于tomcat漏洞,在不升级的情况下,过滤PUT请求,直接返回
if
(
"PUT"
.
equals
(((
HttpServletRequest
)
request
).
getMethod
()))
{
if
(
"PUT"
.
equals
(((
HttpServletRequest
)
request
).
getMethod
()))
{
request
.
getRequestDispatcher
(
"/WEB-INF/views/errors/401.jsp"
).
forward
(
request
,
response
);
// 跳转到验证错误页面
request
.
getRequestDispatcher
(
"/WEB-INF/views/errors/401.jsp"
).
forward
(
request
,
response
);
// 跳转到验证错误页面
return
;
return
;
}
}
...
@@ -112,15 +115,27 @@ public class BasicVerifyFilter implements Filter {
...
@@ -112,15 +115,27 @@ public class BasicVerifyFilter implements Filter {
String
message
=
"content及sign不允许为空"
;
String
message
=
"content及sign不允许为空"
;
if
(
content
!=
null
&&
sign
!=
null
)
{
// 基本参数不为NULL
if
(
content
!=
null
&&
sign
!=
null
)
{
// 基本参数不为NULL
BaseBean
baseBean
=
JSON
.
parseObject
(
content
,
BaseBean
.
class
);
BaseBean
baseBean
=
JSON
.
parseObject
(
content
,
BaseBean
.
class
);
message
=
"app_code不允许为空"
;
message
=
"app_code或 userCode不允许为空"
;
if
(
baseBean
.
getAppCode
()
!=
null
)
{
// 基本必要参数验证通过
BaseUserBean
baseUserBean
=
JSON
.
parseObject
(
content
,
BaseUserBean
.
class
);
message
=
"签名验证不匹配"
;
String
userCode
=
baseUserBean
.
getUserCode
();
if
(
GConstants
.
IS_VERIFY_CONTENT_SIGN
==
false
if
(
userCode
!=
null
&&
!
""
.
equals
(
userCode
)
&&
!
"undefind"
.
equals
(
userCode
))
{
||
GlobalUtil
.
verifySign
(
content
,
GConstants
.
SIGN_PRIVATE_KEY
,
sign
))
{
// 签名验证通过
UserService
userService
=
new
UserService
();
filterChain
.
doFilter
(
request
,
response
);
UserEntity
ue
=
new
UserEntity
();
return
;
ue
.
setUsercode
(
userCode
);
String
userIdByCode
=
userService
.
getUserIdByCode
(
userCode
);
message
=
"用户不存在"
;
if
(
userIdByCode
!=
null
)
{
if
(
baseBean
.
getAppCode
()
!=
null
)
{
// 基本必要参数验证通过
message
=
"签名验证不匹配"
;
if
(
GConstants
.
IS_VERIFY_CONTENT_SIGN
==
false
||
GlobalUtil
.
verifySign
(
content
,
GConstants
.
SIGN_PRIVATE_KEY
,
sign
))
{
// 签名验证通过
filterChain
.
doFilter
(
request
,
response
);
return
;
}
}
}
}
}
}
}
}
request
.
setAttribute
(
"message"
,
message
);
request
.
setAttribute
(
"message"
,
message
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
