Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
A
api
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
首航-临时账号
api
Commits
c2757cd8
Commit
c2757cd8
authored
Jan 11, 2020
by
Lenovo
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
添加userSign校验
parent
0ba59b79
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
47 additions
and
49 deletions
+47
-49
BasicVerifyFilter.java
src/com/ejweb/core/filter/BasicVerifyFilter.java
+47
-49
No files found.
src/com/ejweb/core/filter/BasicVerifyFilter.java
View file @
c2757cd8
package
com
.
ejweb
.
core
.
filter
;
import
com.alibaba.fastjson.JSON
;
import
com.ejweb.core.base.BaseBean
;
import
com.ejweb.core.base.BaseUserBean
;
import
com.ejweb.core.conf.GConstants
;
import
com.ejweb.core.security.GlobalUtil
;
import
com.ejweb.modules.user.entity.User
;
import
com.ejweb.modules.user.entity.UserEntity
;
import
com.ejweb.modules.user.service.UserService
;
...
...
@@ -42,19 +40,18 @@ public class BasicVerifyFilter implements Filter {
// 由于tomcat漏洞,在不升级的情况下,过滤PUT请求,直接返回
if
(
"PUT"
.
equals
(((
HttpServletRequest
)
request
).
getMethod
()))
{
request
.
getRequestDispatcher
(
"/WEB-INF/views/errors/401.jsp"
).
forward
(
request
,
response
);
// 跳转到验证错误页面
// 跳转到验证错误页面
request
.
getRequestDispatcher
(
"/WEB-INF/views/errors/401.jsp"
).
forward
(
request
,
response
);
return
;
}
long
maxFileSize
=
Long
.
valueOf
(
GConstants
.
getValue
(
"file.max.upload.size"
));
// HttpServletRequest reqs = (HttpServletRequest)request;
long
fileSize
=
((
HttpServletRequest
)
request
).
getContentLength
();
long
fileSize
=
request
.
getContentLength
();
if
(
fileSize
>
maxFileSize
)
{
request
.
setAttribute
(
"message"
,
"文件大小超出限制"
);
request
.
getRequestDispatcher
(
"/WEB-INF/views/errors/401.jsp"
).
forward
(
request
,
response
);
// 跳转到验证错误页面
// response.getOutputStream().print("file");
// 跳转到验证错误页面
request
.
getRequestDispatcher
(
"/WEB-INF/views/errors/401.jsp"
).
forward
(
request
,
response
);
return
;
}
...
...
@@ -63,48 +60,43 @@ public class BasicVerifyFilter implements Filter {
rep
.
setHeader
(
"Access-Control-Allow-Origin"
,
"*"
);
}
boolean
isMultipart
=
ServletFileUpload
.
isMultipartContent
((
HttpServletRequest
)
request
);
if
(
isMultipart
==
false
)
{
// 判断enctype属性是否为multipart/form-data
String
sign
=
request
.
getParameter
(
"sign"
);
// .getAttribute("sign");
// 判断enctype属性是否为multipart/form-data
if
(
isMultipart
==
false
)
{
String
sign
=
request
.
getParameter
(
"sign"
);
String
content
=
request
.
getParameter
(
"content"
);
if
(
StringUtils
.
isBlank
(
sign
))
{
request
.
setAttribute
(
"message"
,
"参数sign不能为NULL"
);
request
.
getRequestDispatcher
(
"/WEB-INF/views/errors/401.jsp"
).
forward
(
request
,
response
);
// 跳转到验证错误页面
return
;
}
else
if
(
StringUtils
.
isBlank
(
content
))
{
//
if (StringUtils.isBlank(sign)) {
//
//
request.setAttribute("message", "参数sign不能为NULL");
//
request.getRequestDispatcher("/WEB-INF/views/errors/401.jsp").forward(request, response);// 跳转到验证错误页面
//
return;
if
(
StringUtils
.
isBlank
(
content
))
{
request
.
setAttribute
(
"message"
,
"参数content不能为NULL"
);
request
.
getRequestDispatcher
(
"/WEB-INF/views/errors/401.jsp"
).
forward
(
request
,
response
);
// 跳转到验证错误页面
// 跳转到验证错误页面
request
.
getRequestDispatcher
(
"/WEB-INF/views/errors/401.jsp"
).
forward
(
request
,
response
);
return
;
}
/**
* 对有签名的进行DES签名验证,不使用下面的sha验证
*/
/*
* sign = request.getParameter("sign"); if
* (StringUtils.isNotBlank(sign)) { if (!validateSign(sign)) {
* request.setAttribute("message", "签名错误,禁止访问");
* request.getRequestDispatcher("/WEB-INF/views/errors/405.jsp").
* forward(request, response);// 跳转到验证错误页面 return; } }
*/
}
if
(
isAllowAllPage
)
{
// 所有请求通过, 不做数据验证
// 所有请求通过, 不做数据验证
if
(
isAllowAllPage
)
{
filterChain
.
doFilter
(
request
,
response
);
return
;
}
if
(
isExcludedPage
)
{
// 有例外请求链接
// 有例外请求链接
if
(
isExcludedPage
)
{
HttpServletRequest
req
=
(
HttpServletRequest
)
request
;
String
uri
=
req
.
getServletPath
();
if
(
excludedPageArray
!=
null
&&
uri
!=
null
&&
uri
.
length
()
!=
0
)
{
if
(
excludedPageSet
.
contains
(
uri
))
{
// 直接包含
// 直接包含
if
(
excludedPageSet
.
contains
(
uri
))
{
filterChain
.
doFilter
(
request
,
response
);
return
;
}
for
(
String
page
:
excludedPageArray
)
{
// 遍历例外url数组
if
(
uri
.
matches
(
page
))
{
// 在过滤url之外
// 遍历例外url数组
for
(
String
page
:
excludedPageArray
)
{
// 在过滤url之外
if
(
uri
.
matches
(
page
))
{
filterChain
.
doFilter
(
request
,
response
);
return
;
}
...
...
@@ -113,13 +105,14 @@ public class BasicVerifyFilter implements Filter {
}
// 对基本数据域进行验证
String
content
=
request
.
getParameter
(
"content"
);
String
sign
=
request
.
getParameter
(
"sign"
);
//
String sign = request.getParameter("sign");
String
message
=
"content及sign不允许为空"
;
if
(
content
!=
null
&&
sign
!=
null
)
{
// 基本参数不为NULL
BaseBean
baseBean
=
JSON
.
parseObject
(
content
,
BaseBean
.
class
);
// 基本参数不为NULL
if
(
content
!=
null
)
{
message
=
"无效请求"
;
BaseUserBean
baseUserBean
=
JSON
.
parseObject
(
content
,
BaseUserBean
.
class
);
String
userSign
=
baseUserBean
.
getUserSign
();
System
.
out
.
println
(
"userSign:"
+
userSign
);
if
(
userSign
!=
null
&&
!
""
.
equals
(
userSign
)
&&
!
"undefind"
.
equals
(
userSign
))
{
ServletContext
context
=
request
.
getServletContext
();
ApplicationContext
ctx
=
WebApplicationContextUtils
.
getWebApplicationContext
(
context
);
...
...
@@ -129,21 +122,24 @@ public class BasicVerifyFilter implements Filter {
User
user
=
userService
.
getUserByUserCode
(
ue
);
message
=
"无效请求"
;
if
(
user
!=
null
)
{
if
(
baseBean
.
getAppCode
()
!=
null
)
{
// 基本必要参数验证通过
message
=
"签名验证不匹配"
;
if
(
GConstants
.
IS_VERIFY_CONTENT_SIGN
==
false
||
GlobalUtil
.
verifySign
(
content
,
GConstants
.
SIGN_PRIVATE_KEY
,
sign
))
{
// 签名验证通过
filterChain
.
doFilter
(
request
,
response
);
return
;
}
}
filterChain
.
doFilter
(
request
,
response
);
return
;
// if (baseBean.getAppCode() != null) { // 基本必要参数验证通过
// message = "签名验证不匹配";
// if (GConstants.IS_VERIFY_CONTENT_SIGN == false
// || GlobalUtil.verifySign(content, GConstants.SIGN_PRIVATE_KEY, sign)) {// 签名验证通过
// filterChain.doFilter(request, response);
// return;
// }
// }
}
}
}
System
.
out
.
println
(
"userSign为空或查不到用户"
);
request
.
setAttribute
(
"message"
,
message
);
request
.
getRequestDispatcher
(
"/WEB-INF/views/errors/401.jsp"
).
forward
(
request
,
response
);
// 跳转到验证错误页面
// 跳转到验证错误页面
request
.
getRequestDispatcher
(
"/WEB-INF/views/errors/401.jsp"
).
forward
(
request
,
response
);
}
@Override
...
...
@@ -151,9 +147,11 @@ public class BasicVerifyFilter implements Filter {
// TODO Auto-generated method stub
excludedPages
=
filterConfig
.
getInitParameter
(
"excludedPages"
);
if
(
excludedPages
!=
null
&&
excludedPages
.
length
()
!=
0
)
{
excludedPages
=
excludedPages
.
replaceAll
(
"\\s+|^;+|;+$"
,
""
);
// 替换前后分号及所有空格
// 替换前后分号及所有空格
excludedPages
=
excludedPages
.
replaceAll
(
"\\s+|^;+|;+$"
,
""
);
if
(
excludedPages
.
length
()
!=
0
)
{
if
(
excludedPages
.
equals
(
"*"
)
||
excludedPages
.
equals
(
".*"
)
||
excludedPages
.
equals
(
".+"
))
{
// 全部不验证
// 全部不验证
if
(
excludedPages
.
equals
(
"*"
)
||
excludedPages
.
equals
(
".*"
)
||
excludedPages
.
equals
(
".+"
))
{
isAllowAllPage
=
true
;
}
else
{
excludedPageArray
=
excludedPages
.
split
(
";"
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
