Skip to content

N
nouiWithSpringMVC
Commit 7755ad60 by WeiCong
Options

1.调整安全框架兼容性(更加宽松) 

2.完善预览资源的访问
parent 98654e0b
Showing with 24 additions and 5 deletions
src/main/java/org/sss/presentation/noui/controller/AbstractCommonController.java
......@@ -88,10 +88,11 @@ public abstract class AbstractCommonController {
//数据安全性拦截-篡改数据拦截
if (DataSecurityUtil.isSafeMode() && noUiRequest.isSecurity()) {
if (DataSecurityUtil.needDecrypt(noUiRequest.getReqUrl())) {
if (paramsMap.containsKey(DataSecurityUtil.BACKGROUND_ID)) {
String[] clientpars = DataSecurityUtil.getSafeConfigByReqUrl(context, noUiRequest.getReqUrl() + DataSecurityUtil.DECRYPT_FIX);
if (!ArrayUtils.isEmpty(clientpars)) {
if(!ArrayUtils.isEmpty(clientpars)){
if (paramsMap.containsKey(DataSecurityUtil.BACKGROUND_ID)) {
//合法性校验操作(场景:用户做修改、删除时调用)
serverEnc = (String) paramsMap.get(DataSecurityUtil.BACKGROUND_ID);
String errmsg = null;
......@@ -99,13 +100,13 @@ public abstract class AbstractCommonController {
Result rt = new Result(ErrorCodes.ERROR, errmsg, null, noUiVersion.getVersion());
return rt;
}
}
} else {
Result rt = new Result(ErrorCodes.ERROR, DataSecurityUtil.ERROR_SERVERENC_NULL, null, noUiVersion.getVersion());
return rt;
}
}
}
}
if (eventType.equals(ON_CLICK)) {
IBaseObject dataField = baseObject(context, noUiRequest, alias);
......
src/main/java/org/sss/presentation/noui/filter/ResourceAccessFilter.java
......@@ -15,6 +15,7 @@ import javax.servlet.http.HttpServletResponse;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
public class ResourceAccessFilter implements Filter {
public static final String FORBIDDEN = "forbidden.pdf";
......@@ -28,6 +29,7 @@ public class ResourceAccessFilter implements Filter {
private static final String _403_HTML = "<html><body><div style='text-align:center'><h1 style='margin-top: 10px;'>Access Forbidden, Unauthorized!</h1></div></body></html>";
public static String[] pdfpth;
public static String[] exclude;
private static final String DSPPTH="/data/dsp/";
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
......@@ -44,7 +46,10 @@ public class ResourceAccessFilter implements Filter {
if (!doPdfsFilter(uri, pdfres, request, response)) {
return;
}
} else if (isExcludeRes(uri)) {
}else if(uri.contains(DSPPTH)){
doDspFilter(uri,request,response);
}
else if (isExcludeRes(uri)) {
response.setStatus(403);
forbidden(request, response);
} else {
......@@ -56,6 +61,19 @@ public class ResourceAccessFilter implements Filter {
}
}
private void doDspFilter(String uri, HttpServletRequest request, HttpServletResponse response) throws IOException {
String relPth=uri.substring(uri.indexOf(DSPPTH));
StringBuilder sb=new StringBuilder(NoUiUtils.getDatapath());
sb.append(relPth);
File file=new File(sb.toString());
if(file.exists()){
response.setContentType(_JSON_CONTENT);
response.getWriter().print(FileUtils.readFileToString(file, StandardCharsets.UTF_8));
}else{
log.warn("Dsp Is Not Exists");
}
}
private boolean isNotSameSessionId(String userId, HttpServletRequest request) throws Exception {
String realSessionId = (String) RedisUtil.get(StringUtil.getCacheSessionId(userId));
String sessionId = request.getSession().getId();
......@@ -95,7 +113,7 @@ public class ResourceAccessFilter implements Filter {
pdfWriter(FileUtils.openInputStream(file), response);
return false;
}else{
log.warn("Data Is Not Exists");
log.warn("Pdf Is Not Exists");
return forbiddenPdf(request, response);
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment