完善数据安全框架

src/main/java/org/sss/presentation/noui/api/request/NoUiRequest.java

@@ -19,6 +19,8 @@ public class NoUiRequest {
     private Map<String, ?> dataMap = new HashMap<String, Object>();
     private Map<String, ?> saveDisplayMap = new HashMap<String, Object>();
     private boolean isSecurity=false;
+    private String reqUrl;
+    private String trnName;
 
     public NoUiRequest() {
 
@@ -34,6 +36,15 @@ public class NoUiRequest {
         this.userId = userId;
         this.terminalType = terminalType;
         this.mappingUrl = mappingUrl;
+        String[] mappingArgs = mappingUrl.split("/");
+        if(mappingArgs.length>1){
+            this.trnName = mappingArgs[mappingArgs.length - 2];
+            if(request.getRequestURI().indexOf(this.trnName)>0){
+                this.reqUrl=request.getRequestURI().substring(request.getRequestURI().indexOf(this.trnName)-1);
+            }else{
+                this.reqUrl=mappingUrl;
+            }
+        }
         if(!StringUtil.isEmpty(security)){
             this.isSecurity=true;
         }
@@ -125,4 +136,12 @@ public class NoUiRequest {
     public boolean isSecurity() {
         return isSecurity;
     }
+
+    public String getReqUrl() {
+        return reqUrl;
+    }
+
+    public String getTrnName() {
+        return trnName;
+    }
 }

src/main/java/org/sss/presentation/noui/controller/AbstractCommonController.java

@@ -44,12 +44,12 @@ public abstract class  AbstractCommonController {
     @Autowired
     private NoUiVersion noUiVersion;
 
-	public  String getMainPanel(){
+    public String getMainPanel() {
         return "";
     }
 
     @SuppressWarnings("unchecked")
-	public Object event(String mappingUrl, String eventType, Map<String, Object> dataMap, MultipartFile file,HttpServletRequest request, HttpServletResponse response) {
+    public Object event(String mappingUrl, String eventType, Map<String, Object> dataMap, MultipartFile file, HttpServletRequest request, HttpServletResponse response) {
 
         NoUiContext context = null;
         Result ret = null;
@@ -68,10 +68,9 @@ public abstract class  AbstractCommonController {
             }
             // 设置old sysmod
             RedisLoginInfo redisLoginInfo = null;
-			if( !StringUtils.isEmpty(noUiRequest.getUserId()) ) //开放模式下
+            if (!StringUtils.isEmpty(noUiRequest.getUserId())) //开放模式下
                 redisLoginInfo = (RedisLoginInfo) RedisUtil.get(StringUtil.userUniqueId(noUiRequest));
-			if(redisLoginInfo != null)
-			{
+            if (redisLoginInfo != null) {
                 NoUiPresentationUtil.setSysmod(context, (byte[]) redisLoginInfo.getSysmod());
                 context.setRedisLoginInfo(redisLoginInfo);
             }
@@ -80,27 +79,31 @@ public abstract class  AbstractCommonController {
             context.getSession().chain(true, trnName);
 
             //执行可能存在的主面板的初始化
-			if(this.getMainPanel().length() > 0)
-			{
-				IPanel mainPanel = (IPanel)context.getSession().getBaseObject(null, this.getMainPanel());
+            if (this.getMainPanel().length() > 0) {
+                IPanel mainPanel = (IPanel) context.getSession().getBaseObject(null, this.getMainPanel());
                 mainPanel.invokeDefaultRules(context);
             }
             // 模型赋值
             NoUiPresentationUtil.hanleInput(context, noUiRequest, alias);
 
             //数据安全性拦截-篡改数据拦截
-            if(DataSecurityUtil.isSafeMode() && noUiRequest.isSecurity()){
-                if(paramsMap.containsKey(DataSecurityUtil.BACKGROUND_ID)){
-                    String[] clientpars = DataSecurityUtil.getSafeConfigByTrnName(context,trnName);
-                    if(!ArrayUtils.isEmpty(clientpars)){
+            if (DataSecurityUtil.isSafeMode() && noUiRequest.isSecurity()) {
+                if (DataSecurityUtil.needDecrypt(noUiRequest.getReqUrl())) {
+                    if (paramsMap.containsKey(DataSecurityUtil.BACKGROUND_ID)) {
+                        String[] clientpars = DataSecurityUtil.getSafeConfigByReqUrl(context, noUiRequest.getReqUrl() + DataSecurityUtil.DECRYPT_FIX);
+                        if (!ArrayUtils.isEmpty(clientpars)) {
                             //合法性校验操作(场景:用户做修改、删除时调用)
-                        serverEnc= (String) paramsMap.get(DataSecurityUtil.BACKGROUND_ID);
-                        String errmsg=null;
-                        if((errmsg=DataSecurityUtil.checkIllegalData(serverEnc,clientpars,noUiRequest.getUserId()))!=null){
+                            serverEnc = (String) paramsMap.get(DataSecurityUtil.BACKGROUND_ID);
+                            String errmsg = null;
+                            if ((errmsg = DataSecurityUtil.checkIllegalData(serverEnc, clientpars, noUiRequest.getUserId())) != null) {
                                 Result rt = new Result(ErrorCodes.ERROR, errmsg, null, noUiVersion.getVersion());
                                 return rt;
                             }
                         }
+                    } else {
+                        Result rt = new Result(ErrorCodes.ERROR, DataSecurityUtil.ERROR_SERVERENC_NULL, null, noUiVersion.getVersion());
+                        return rt;
+                    }
                 }
             }
 
@@ -140,7 +143,7 @@ public abstract class  AbstractCommonController {
             }
 
             // 保存新的RedisLoginInfo
-			if(redisLoginInfo!=null)  //当为开放模式下，redisLoginInfo 为空
+            if (redisLoginInfo != null)  //当为开放模式下，redisLoginInfo 为空
             {
                 byte[] sysmodBytes = NoUiPresentationUtil.sysmodToBytes(context);
                 redisLoginInfo.setSysmod(sysmodBytes);
@@ -150,14 +153,12 @@ public abstract class  AbstractCommonController {
             Map<String, Object> afterReturnData = handleReturnData(eventType, context, noUiRequest, alias);
 
             //数据安全性拦截-篡改数据加密
-            if(DataSecurityUtil.isSafeMode() && noUiRequest.isSecurity()){
-                if(!paramsMap.containsKey(DataSecurityUtil.BACKGROUND_ID)){
+            if (DataSecurityUtil.isSafeMode() && noUiRequest.isSecurity()) {
+                if (DataSecurityUtil.needEncrypt(noUiRequest.getReqUrl())) {
                     //加密操作(场景:用户查询指定信息时调用，后续会做修改，删除等操作)
-                    String[] pars = DataSecurityUtil.getSafeConfigByTrnName(context,trnName);
-                    if(!ArrayUtils.isEmpty(pars)){
-                        serverEnc=DataSecurityUtil.encrypt(pars,noUiRequest.getUserId());
-                        afterReturnData.put(DataSecurityUtil.BACKGROUND_ID,serverEnc);
-                    }
+                    String[] pars = DataSecurityUtil.getSafeConfigByReqUrl(context, noUiRequest.getReqUrl() + DataSecurityUtil.ENCRYPT_FIX);
+                    serverEnc = DataSecurityUtil.encrypt(pars, noUiRequest.getUserId());
+                    afterReturnData.put(DataSecurityUtil.BACKGROUND_ID, serverEnc);
                 }
             }
 
@@ -167,8 +168,7 @@ public abstract class  AbstractCommonController {
             log.error("OnClick command error", e);
             ret = ResultUtil.result(ErrorCodes.ERROR, "hander error", "service error", noUiVersion.getVersion());
         } finally {
-			if (context != null)
-			{
+            if (context != null) {
                 //context.getSupport().disconnect();
                 context.dispose();
             }
@@ -210,19 +210,17 @@ public abstract class  AbstractCommonController {
             for (Map.Entry<String, String> aliasEntry : alias.getRel().entrySet()) {
                 String aliasKey = aliasEntry.getKey();
                 String aliasPath = aliasEntry.getValue();
-				if(aliasPath == null)
-				{
-					log.error("错误的mapping："+noUiRequest.getMappingUrl()+"--"+aliasKey+"--"+aliasPath);
+                if (aliasPath == null) {
+                    log.error("错误的mapping：" + noUiRequest.getMappingUrl() + "--" + aliasKey + "--" + aliasPath);
                     continue;
                 }
-				if(modifyEntry.getKey() == null)
-				{
-					log.error("错误的modifymap："+noUiRequest.getMappingUrl()+"--"+modifyMap);
+                if (modifyEntry.getKey() == null) {
+                    log.error("错误的modifymap：" + noUiRequest.getMappingUrl() + "--" + modifyMap);
                     continue;
                 }
                 if (aliasPath.startsWith(modifyEntry.getKey())) {
                     Object val = modifyEntry.getValue();
-					if(aliasKey == null)
+                    if (aliasKey == null)
                         continue;
                     data.put(aliasKey, NoUiPresentationUtil.handIBaseObject(context, val, aliasEntry.getValue()));
                     containsKeys.add(modifyEntry.getKey());
@@ -238,7 +236,7 @@ public abstract class  AbstractCommonController {
                 System.out.println("modify datafield:" + (modifyMap.get(key) instanceof IDatafield));
                 System.out.println("modify module:" + (modifyMap.get(key) instanceof IModule));
                 System.out.println("modify moduleList:" + (modifyMap.get(key) instanceof IModuleList));
-				if(key == null)
+                if (key == null)
                     continue;
                 data.put(key, NoUiPresentationUtil.handIBaseObject(context, modifyMap.get(key), key));
             }

src/main/resources/security.properties

 #安全开关（ON:开;OFF:关）
 switch=ON
+#客户管理——查询
+/dblpty/sel_encode=\\ptyp\\ptylst[]\\inr
 #客户管理——修改
-dbepty=\\ptygrp\\rec\\inr,\\ptygrp\\rec\\extkey
+/dbepty/init_decode=\\ptygrp\\rec\\inr
+/dbepty/init_encode=\\ptygrp\\rec\\inr,\\ptygrp\\rec\\extkey
+/dbepty/sav_decode=\\ptygrp\\rec\\inr,\\ptygrp\\rec\\extkey
 #客户管理——删除
-dbdpty=\\ptygrp\\rec\\inr
+/dbdpty/init_decode=\\ptygrp\\rec\\inr
+/dbdpty/init_encode=\\ptygrp\\rec\\inr
+/dbdpty/sav_decode=\\ptygrp\\rec\\inr
 #