添加userCode校验

a92b51b3 · Lenovo · 295b4532 · a92b51b3 · a92b51b3
Commit a92b51b3 authored Jan 10, 2020 by Lenovo
Show whitespace changes
Inline Side-by-side

Showing with 12 additions and 8 deletions

web.xml WebContent/WEB-INF/web.xml +1 -1

BasicVerifyFilter.java src/com/ejweb/core/filter/BasicVerifyFilter.java +11 -7

No files found.
--- a/WebContent/WEB-INF/web.xml
+++ b/WebContent/WEB-INF/web.xml
@@ -57,7 +57,7 @@
        <filter-class>com.ejweb.core.filter.BasicVerifyFilter</filter-class>
        <init-param>
            <param-name>excludedPages</param-name>
-            <param-value>app</param-value>
+            <param-value>/api/user/login</param-value>
        </init-param>
    </filter>
    <filter-mapping>

--- a/src/com/ejweb/core/filter/BasicVerifyFilter.java
+++ b/src/com/ejweb/core/filter/BasicVerifyFilter.java
@@ -5,10 +5,13 @@ import com.ejweb.core.base.BaseBean;
 import com.ejweb.core.base.BaseUserBean;
 import com.ejweb.core.conf.GConstants;
 import com.ejweb.core.security.GlobalUtil;
+import com.ejweb.modules.user.entity.User;
 import com.ejweb.modules.user.entity.UserEntity;
 import com.ejweb.modules.user.service.UserService;
 import org.apache.commons.fileupload.servlet.ServletFileUpload;
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.context.ApplicationContext;
+import org.springframework.web.context.support.WebApplicationContextUtils;
 import javax.servlet.*;
 import javax.servlet.http.HttpServletRequest;
@@ -21,7 +24,6 @@ import java.util.Set;
 * 对请求接口进行基本信息验证类 excludedPages * .* .+ 三种均为不验证数据
 */
 public class BasicVerifyFilter implements Filter {
    private String excludedPages;// 例外列表，支持正则匹配，多个地址以分号“;”分隔
    private String[] excludedPageArray;// 例外列表
    private boolean isExcludedPage = false;// 是否有例外请求链接
@@ -115,16 +117,18 @@ public class BasicVerifyFilter implements Filter {
        String message = "content及sign不允许为空";
        if (content != null && sign != null) { // 基本参数不为NULL
            BaseBean baseBean = JSON.parseObject(content, BaseBean.class);
-            message = "app_code或 userCode不允许为空";
+            message = "无效请求";
            BaseUserBean baseUserBean = JSON.parseObject(content, BaseUserBean.class);
            String userCode = baseUserBean.getUserCode();
            if (userCode != null && !"".equals(userCode) && !"undefind".equals(userCode)) {
-                UserService userService= new UserService();
+                ServletContext context = request.getServletContext();
-                UserEntity ue=new UserEntity();
+                ApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(context);
+                UserService userService = ctx.getBean(UserService.class);
+                UserEntity ue = new UserEntity();
                ue.setUsercode(userCode);
-                String  userIdByCode = userService.getUserIdByCode(userCode);
+                User user = userService.getUserByUserCode(ue);
-                message = "用户不存在";
+                message = "无效请求";
-                if (userIdByCode != null) {
+                if (user != null) {
                    if (baseBean.getAppCode() != null) { // 基本必要参数验证通过
                        message = "签名验证不匹配";
                        if (GConstants.IS_VERIFY_CONTENT_SIGN == false