1.调整安全框架兼容性（更加宽松）

2.完善预览资源的访问

1.调整安全框架兼容性（更加宽松）
2.完善预览资源的访问
7755ad60 · WeiCong · 98654e0b · 7755ad60 · 7755ad60
Commit 7755ad60 authored Oct 08, 2020 by WeiCong
Showing with 27 additions and 8 deletions

AbstractCommonController.java ...resentation/noui/controller/AbstractCommonController.java +7 -6

ResourceAccessFilter.java ...rg/sss/presentation/noui/filter/ResourceAccessFilter.java +20 -2

No files found.
--- a/src/main/java/org/sss/presentation/noui/controller/AbstractCommonController.java
+++ b/src/main/java/org/sss/presentation/noui/controller/AbstractCommonController.java
@@ -88,10 +88,11 @@ public abstract class AbstractCommonController {
            //数据安全性拦截-篡改数据拦截
            if (DataSecurityUtil.isSafeMode() && noUiRequest.isSecurity()) {
                if (DataSecurityUtil.needDecrypt(noUiRequest.getReqUrl())) {
-                    if (paramsMap.containsKey(DataSecurityUtil.BACKGROUND_ID)) {
+                    String[] clientpars = DataSecurityUtil.getSafeConfigByReqUrl(context, noUiRequest.getReqUrl() + DataSecurityUtil.DECRYPT_FIX);
-                        String[] clientpars = DataSecurityUtil.getSafeConfigByReqUrl(context, noUiRequest.getReqUrl() + DataSecurityUtil.DECRYPT_FIX);
+                    if(!ArrayUtils.isEmpty(clientpars)){
-                        if (!ArrayUtils.isEmpty(clientpars)) {
+                        if (paramsMap.containsKey(DataSecurityUtil.BACKGROUND_ID)) {
                            //合法性校验操作(场景:用户做修改、删除时调用)
                            serverEnc = (String) paramsMap.get(DataSecurityUtil.BACKGROUND_ID);
                            String errmsg = null;
@@ -99,10 +100,10 @@ public abstract class AbstractCommonController {
                                Result rt = new Result(ErrorCodes.ERROR, errmsg, null, noUiVersion.getVersion());
                                return rt;
                            }
+                        } else {
+                            Result rt = new Result(ErrorCodes.ERROR, DataSecurityUtil.ERROR_SERVERENC_NULL, null, noUiVersion.getVersion());
+                            return rt;
                        }
-                    } else {
-                        Result rt = new Result(ErrorCodes.ERROR, DataSecurityUtil.ERROR_SERVERENC_NULL, null, noUiVersion.getVersion());
-                        return rt;
                    }
                }
            }

--- a/src/main/java/org/sss/presentation/noui/filter/ResourceAccessFilter.java
+++ b/src/main/java/org/sss/presentation/noui/filter/ResourceAccessFilter.java
@@ -15,6 +15,7 @@ import javax.servlet.http.HttpServletResponse;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
 public class ResourceAccessFilter implements Filter {
    public static final String FORBIDDEN = "forbidden.pdf";
@@ -28,6 +29,7 @@ public class ResourceAccessFilter implements Filter {
    private static final String _403_HTML = "<html><body><div style='text-align:center'><h1 style='margin-top: 10px;'>Access Forbidden, Unauthorized!</h1></div></body></html>";
    public static String[] pdfpth;
    public static String[] exclude;
+    private static final String DSPPTH="/data/dsp/";
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
@@ -44,7 +46,10 @@ public class ResourceAccessFilter implements Filter {
                if (!doPdfsFilter(uri, pdfres, request, response)) {
                    return;
                }
-            } else if (isExcludeRes(uri)) {
+            }else if(uri.contains(DSPPTH)){
+                doDspFilter(uri,request,response);
+            }
+            else if (isExcludeRes(uri)) {
                response.setStatus(403);
                forbidden(request, response);
            } else {
@@ -56,6 +61,19 @@ public class ResourceAccessFilter implements Filter {
        }
    }
+    private void doDspFilter(String uri, HttpServletRequest request, HttpServletResponse response) throws IOException {
+        String relPth=uri.substring(uri.indexOf(DSPPTH));
+        StringBuilder sb=new StringBuilder(NoUiUtils.getDatapath());
+        sb.append(relPth);
+        File file=new File(sb.toString());
+        if(file.exists()){
+            response.setContentType(_JSON_CONTENT);
+            response.getWriter().print(FileUtils.readFileToString(file, StandardCharsets.UTF_8));
+        }else{
+            log.warn("Dsp Is Not Exists");
+        }
+    }
    private boolean isNotSameSessionId(String userId, HttpServletRequest request) throws Exception {
        String realSessionId = (String) RedisUtil.get(StringUtil.getCacheSessionId(userId));
        String sessionId = request.getSession().getId();
@@ -95,7 +113,7 @@ public class ResourceAccessFilter implements Filter {
            pdfWriter(FileUtils.openInputStream(file), response);
            return false;
        }else{
-            log.warn("Data Is Not Exists");
+            log.warn("Pdf Is Not Exists");
            return forbiddenPdf(request, response);
        }
    }