Skip to content

N
nouiWithSpringMVC
Commit 1ec4d7bc by fukai
Options

Merge branch 'master' of http://exam.letrd.com:8900/gechengyang/nouiWithSpringMVC

parents 8a2851c3 95150ec6
Showing with 34 additions and 13 deletions
src/main/java/org/sss/presentation/noui/controller/AbstractCommonController.java
......@@ -92,17 +92,19 @@ public abstract class AbstractCommonController {
if (DataSecurityUtil.needDecrypt(noUiRequest.getReqUrl())) {
String[] clientpars = DataSecurityUtil.getSafeConfigByReqUrl(context,noUiRequest, noUiRequest.getReqUrl() + DataSecurityUtil.DECRYPT_FIX);
if(!ArrayUtils.isEmpty(clientpars)){
if (paramsMap.containsKey(DataSecurityUtil.BACKGROUND_ID)) {
//合法性校验操作(场景:用户做修改、删除时调用)
serverEnc = (String) paramsMap.get(DataSecurityUtil.BACKGROUND_ID);
String errmsg = null;
if ((errmsg = DataSecurityUtil.checkIllegalData(serverEnc, clientpars, noUiRequest.getUserId())) != null) {
Result rt = new Result(ErrorCodes.ERROR, errmsg, null, noUiVersion.getVersion());
if(!DataSecurityUtil.isIgnoreCheck(paramsMap)){
if (paramsMap.containsKey(DataSecurityUtil.BACKGROUND_ID)) {
//合法性校验操作(场景:用户做修改、删除时调用)
serverEnc = (String) paramsMap.get(DataSecurityUtil.BACKGROUND_ID);
String errmsg = null;
if ((errmsg = DataSecurityUtil.checkIllegalData(serverEnc, clientpars, noUiRequest.getUserId())) != null) {
Result rt = new Result(ErrorCodes.ERROR, errmsg, null, noUiVersion.getVersion());
return rt;
}
} else {
Result rt = new Result(ErrorCodes.ERROR, DataSecurityUtil.ERROR_SERVERENC_NULL, null, noUiVersion.getVersion());
return rt;
}
} else {
Result rt = new Result(ErrorCodes.ERROR, DataSecurityUtil.ERROR_SERVERENC_NULL, null, noUiVersion.getVersion());
return rt;
}
}
}
......
src/main/java/org/sss/presentation/noui/util/DataSecurityUtil.java
......@@ -19,7 +19,8 @@ import java.util.*;
* 使用动态盐机制,每个盐只做一次双向校验后就失效
*/
public class DataSecurityUtil {
public static final String DEFAULT_CHECK = "selinr";
private static final String[] DEFAULT_CHECK = {"selinr","didinr"};
private static final String[] DEFAULT_IGNOR_CHECK = {"sptinr"};
public static final String ENCRYPT_FIX = "_encode";
public static final String DECRYPT_FIX = "_decode";
public static final String ENCRYPT_ERROR = "encrypt exception";
......@@ -84,6 +85,17 @@ public class DataSecurityUtil {
return securityConfig.containsKey(reqUrl + DECRYPT_FIX);
}
public static boolean isIgnoreCheck(Map<String, ?> paramsMap){
for(String ig:DEFAULT_IGNOR_CHECK){
if(paramsMap.containsKey(ig)){
String iginr=paramsMap.get(ig).toString();
if(!StringUtil.isEmpty(iginr)){
return true;
}
}
}
return false;
}
/**
* 获取指定交易的安全配置
*
......@@ -116,8 +128,10 @@ public class DataSecurityUtil {
Object valobj=dataField.getValue();
String val=null;
if(valobj==null){
if(noUiRequest.getParamsMap().containsKey(DEFAULT_CHECK)){
val=noUiRequest.getParamsMap().get(DEFAULT_CHECK).toString();
for(String ck:DEFAULT_CHECK){
if(noUiRequest.getParamsMap().containsKey(ck)){
val=noUiRequest.getParamsMap().get(ck).toString();
}
}
}else{
val= valobj.toString();
......@@ -253,6 +267,9 @@ public class DataSecurityUtil {
}
List<String> lst = Arrays.asList(pars);
String md5 = String.join(",", lst);
if(md5.endsWith(",")){
md5=md5.substring(0,md5.length()-1);
}
return md5;
}
......
src/main/resources/security.properties
......@@ -88,6 +88,7 @@ switch=ON
/dbepty/init_encode=\\ptygrp\\rec\\inr
/dbepty/sav_decode=\\ptygrp\\rec\\inr
#客户管理——删除
/dbdpty/init_decode=\\ptygrp\\rec\\inr
/dbdpty/init_encode=\\ptygrp\\rec\\inr
/dbdpty/sav_decode=\\ptygrp\\rec\\inr
......@@ -151,7 +152,8 @@ switch=ON
/trnrel/relrow_decode=\\trn\\inr
/trnrel/reprow_decode=\\trn\\inr
#经办夹
#/sptsel/sel_encode=\\sptp\\lst[]\\objinr
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment