Skip to content

N
nouiWithSpringMVC
Commit 95150ec6 by WeiCong
Options

安全框架不再对经办夹查询部分做安全防护

parent e0c86083
Showing with 29 additions and 13 deletions
src/main/java/org/sss/presentation/noui/controller/AbstractCommonController.java
......@@ -92,17 +92,19 @@ public abstract class AbstractCommonController {
if (DataSecurityUtil.needDecrypt(noUiRequest.getReqUrl())) {
String[] clientpars = DataSecurityUtil.getSafeConfigByReqUrl(context,noUiRequest, noUiRequest.getReqUrl() + DataSecurityUtil.DECRYPT_FIX);
if(!ArrayUtils.isEmpty(clientpars)){
if (paramsMap.containsKey(DataSecurityUtil.BACKGROUND_ID)) {
//合法性校验操作(场景:用户做修改、删除时调用)
serverEnc = (String) paramsMap.get(DataSecurityUtil.BACKGROUND_ID);
String errmsg = null;
if ((errmsg = DataSecurityUtil.checkIllegalData(serverEnc, clientpars, noUiRequest.getUserId())) != null) {
Result rt = new Result(ErrorCodes.ERROR, errmsg, null, noUiVersion.getVersion());
if(!DataSecurityUtil.isIgnoreCheck(paramsMap)){
if (paramsMap.containsKey(DataSecurityUtil.BACKGROUND_ID)) {
//合法性校验操作(场景:用户做修改、删除时调用)
serverEnc = (String) paramsMap.get(DataSecurityUtil.BACKGROUND_ID);
String errmsg = null;
if ((errmsg = DataSecurityUtil.checkIllegalData(serverEnc, clientpars, noUiRequest.getUserId())) != null) {
Result rt = new Result(ErrorCodes.ERROR, errmsg, null, noUiVersion.getVersion());
return rt;
}
} else {
Result rt = new Result(ErrorCodes.ERROR, DataSecurityUtil.ERROR_SERVERENC_NULL, null, noUiVersion.getVersion());
return rt;
}
} else {
Result rt = new Result(ErrorCodes.ERROR, DataSecurityUtil.ERROR_SERVERENC_NULL, null, noUiVersion.getVersion());
return rt;
}
}
}
......
src/main/java/org/sss/presentation/noui/util/DataSecurityUtil.java
......@@ -19,7 +19,8 @@ import java.util.*;
* 使用动态盐机制,每个盐只做一次双向校验后就失效
*/
public class DataSecurityUtil {
public static final String DEFAULT_CHECK = "selinr";
private static final String[] DEFAULT_CHECK = {"selinr","didinr"};
private static final String[] DEFAULT_IGNOR_CHECK = {"sptinr"};
public static final String ENCRYPT_FIX = "_encode";
public static final String DECRYPT_FIX = "_decode";
public static final String ENCRYPT_ERROR = "encrypt exception";
......@@ -84,6 +85,17 @@ public class DataSecurityUtil {
return securityConfig.containsKey(reqUrl + DECRYPT_FIX);
}
public static boolean isIgnoreCheck(Map<String, ?> paramsMap){
for(String ig:DEFAULT_IGNOR_CHECK){
if(paramsMap.containsKey(ig)){
String iginr=paramsMap.get(ig).toString();
if(!StringUtil.isEmpty(iginr)){
return true;
}
}
}
return false;
}
/**
* 获取指定交易的安全配置
*
......@@ -116,8 +128,10 @@ public class DataSecurityUtil {
Object valobj=dataField.getValue();
String val=null;
if(valobj==null){
if(noUiRequest.getParamsMap().containsKey(DEFAULT_CHECK)){
val=noUiRequest.getParamsMap().get(DEFAULT_CHECK).toString();
for(String ck:DEFAULT_CHECK){
if(noUiRequest.getParamsMap().containsKey(ck)){
val=noUiRequest.getParamsMap().get(ck).toString();
}
}
}else{
val= valobj.toString();
......
src/main/resources/security.properties
......@@ -153,7 +153,7 @@ switch=ON
/trnrel/reprow_decode=\\trn\\inr
#经办夹
/sptsel/sel_encode=\\sptp\\lst[]\\objinr
#/sptsel/sel_encode=\\sptp\\lst[]\\objinr
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment