Skip to content

N
nouiWithSpringMVC
Commit 98654e0b by WeiCong
Options

完善数据安全框架

parent a20df4c4
Showing with 58 additions and 35 deletions
src/main/java/org/sss/presentation/noui/api/request/NoUiRequest.java
......@@ -19,6 +19,8 @@ public class NoUiRequest {
private Map<String, ?> dataMap = new HashMap<String, Object>();
private Map<String, ?> saveDisplayMap = new HashMap<String, Object>();
private boolean isSecurity=false;
private String reqUrl;
private String trnName;
public NoUiRequest() {
......@@ -34,6 +36,15 @@ public class NoUiRequest {
this.userId = userId;
this.terminalType = terminalType;
this.mappingUrl = mappingUrl;
String[] mappingArgs = mappingUrl.split("/");
if(mappingArgs.length>1){
this.trnName = mappingArgs[mappingArgs.length - 2];
if(request.getRequestURI().indexOf(this.trnName)>0){
this.reqUrl=request.getRequestURI().substring(request.getRequestURI().indexOf(this.trnName)-1);
}else{
this.reqUrl=mappingUrl;
}
}
if(!StringUtil.isEmpty(security)){
this.isSecurity=true;
}
......@@ -125,4 +136,12 @@ public class NoUiRequest {
public boolean isSecurity() {
return isSecurity;
}
public String getReqUrl() {
return reqUrl;
}
public String getTrnName() {
return trnName;
}
}
src/main/java/org/sss/presentation/noui/controller/AbstractCommonController.java
......@@ -44,12 +44,12 @@ public abstract class AbstractCommonController {
@Autowired
private NoUiVersion noUiVersion;
public String getMainPanel(){
public String getMainPanel() {
return "";
}
@SuppressWarnings("unchecked")
public Object event(String mappingUrl, String eventType, Map<String, Object> dataMap, MultipartFile file,HttpServletRequest request, HttpServletResponse response) {
public Object event(String mappingUrl, String eventType, Map<String, Object> dataMap, MultipartFile file, HttpServletRequest request, HttpServletResponse response) {
NoUiContext context = null;
Result ret = null;
......@@ -68,10 +68,9 @@ public abstract class AbstractCommonController {
}
// 设置old sysmod
RedisLoginInfo redisLoginInfo = null;
if( !StringUtils.isEmpty(noUiRequest.getUserId()) ) //开放模式下
if (!StringUtils.isEmpty(noUiRequest.getUserId())) //开放模式下
redisLoginInfo = (RedisLoginInfo) RedisUtil.get(StringUtil.userUniqueId(noUiRequest));
if(redisLoginInfo != null)
{
if (redisLoginInfo != null) {
NoUiPresentationUtil.setSysmod(context, (byte[]) redisLoginInfo.getSysmod());
context.setRedisLoginInfo(redisLoginInfo);
}
......@@ -80,27 +79,31 @@ public abstract class AbstractCommonController {
context.getSession().chain(true, trnName);
//执行可能存在的主面板的初始化
if(this.getMainPanel().length() > 0)
{
IPanel mainPanel = (IPanel)context.getSession().getBaseObject(null, this.getMainPanel());
if (this.getMainPanel().length() > 0) {
IPanel mainPanel = (IPanel) context.getSession().getBaseObject(null, this.getMainPanel());
mainPanel.invokeDefaultRules(context);
}
// 模型赋值
NoUiPresentationUtil.hanleInput(context, noUiRequest, alias);
//数据安全性拦截-篡改数据拦截
if(DataSecurityUtil.isSafeMode() && noUiRequest.isSecurity()){
if(paramsMap.containsKey(DataSecurityUtil.BACKGROUND_ID)){
String[] clientpars = DataSecurityUtil.getSafeConfigByTrnName(context,trnName);
if(!ArrayUtils.isEmpty(clientpars)){
if (DataSecurityUtil.isSafeMode() && noUiRequest.isSecurity()) {
if (DataSecurityUtil.needDecrypt(noUiRequest.getReqUrl())) {
if (paramsMap.containsKey(DataSecurityUtil.BACKGROUND_ID)) {
String[] clientpars = DataSecurityUtil.getSafeConfigByReqUrl(context, noUiRequest.getReqUrl() + DataSecurityUtil.DECRYPT_FIX);
if (!ArrayUtils.isEmpty(clientpars)) {
//合法性校验操作(场景:用户做修改、删除时调用)
serverEnc= (String) paramsMap.get(DataSecurityUtil.BACKGROUND_ID);
String errmsg=null;
if((errmsg=DataSecurityUtil.checkIllegalData(serverEnc,clientpars,noUiRequest.getUserId()))!=null){
serverEnc = (String) paramsMap.get(DataSecurityUtil.BACKGROUND_ID);
String errmsg = null;
if ((errmsg = DataSecurityUtil.checkIllegalData(serverEnc, clientpars, noUiRequest.getUserId())) != null) {
Result rt = new Result(ErrorCodes.ERROR, errmsg, null, noUiVersion.getVersion());
return rt;
}
}
} else {
Result rt = new Result(ErrorCodes.ERROR, DataSecurityUtil.ERROR_SERVERENC_NULL, null, noUiVersion.getVersion());
return rt;
}
}
}
......@@ -140,7 +143,7 @@ public abstract class AbstractCommonController {
}
// 保存新的RedisLoginInfo
if(redisLoginInfo!=null) //当为开放模式下,redisLoginInfo 为空
if (redisLoginInfo != null) //当为开放模式下,redisLoginInfo 为空
{
byte[] sysmodBytes = NoUiPresentationUtil.sysmodToBytes(context);
redisLoginInfo.setSysmod(sysmodBytes);
......@@ -150,14 +153,12 @@ public abstract class AbstractCommonController {
Map<String, Object> afterReturnData = handleReturnData(eventType, context, noUiRequest, alias);
//数据安全性拦截-篡改数据加密
if(DataSecurityUtil.isSafeMode() && noUiRequest.isSecurity()){
if(!paramsMap.containsKey(DataSecurityUtil.BACKGROUND_ID)){
if (DataSecurityUtil.isSafeMode() && noUiRequest.isSecurity()) {
if (DataSecurityUtil.needEncrypt(noUiRequest.getReqUrl())) {
//加密操作(场景:用户查询指定信息时调用,后续会做修改,删除等操作)
String[] pars = DataSecurityUtil.getSafeConfigByTrnName(context,trnName);
if(!ArrayUtils.isEmpty(pars)){
serverEnc=DataSecurityUtil.encrypt(pars,noUiRequest.getUserId());
afterReturnData.put(DataSecurityUtil.BACKGROUND_ID,serverEnc);
}
String[] pars = DataSecurityUtil.getSafeConfigByReqUrl(context, noUiRequest.getReqUrl() + DataSecurityUtil.ENCRYPT_FIX);
serverEnc = DataSecurityUtil.encrypt(pars, noUiRequest.getUserId());
afterReturnData.put(DataSecurityUtil.BACKGROUND_ID, serverEnc);
}
}
......@@ -167,8 +168,7 @@ public abstract class AbstractCommonController {
log.error("OnClick command error", e);
ret = ResultUtil.result(ErrorCodes.ERROR, "hander error", "service error", noUiVersion.getVersion());
} finally {
if (context != null)
{
if (context != null) {
//context.getSupport().disconnect();
context.dispose();
}
......@@ -210,19 +210,17 @@ public abstract class AbstractCommonController {
for (Map.Entry<String, String> aliasEntry : alias.getRel().entrySet()) {
String aliasKey = aliasEntry.getKey();
String aliasPath = aliasEntry.getValue();
if(aliasPath == null)
{
log.error("错误的mapping:"+noUiRequest.getMappingUrl()+"--"+aliasKey+"--"+aliasPath);
if (aliasPath == null) {
log.error("错误的mapping:" + noUiRequest.getMappingUrl() + "--" + aliasKey + "--" + aliasPath);
continue;
}
if(modifyEntry.getKey() == null)
{
log.error("错误的modifymap:"+noUiRequest.getMappingUrl()+"--"+modifyMap);
if (modifyEntry.getKey() == null) {
log.error("错误的modifymap:" + noUiRequest.getMappingUrl() + "--" + modifyMap);
continue;
}
if (aliasPath.startsWith(modifyEntry.getKey())) {
Object val = modifyEntry.getValue();
if(aliasKey == null)
if (aliasKey == null)
continue;
data.put(aliasKey, NoUiPresentationUtil.handIBaseObject(context, val, aliasEntry.getValue()));
containsKeys.add(modifyEntry.getKey());
......@@ -238,7 +236,7 @@ public abstract class AbstractCommonController {
System.out.println("modify datafield:" + (modifyMap.get(key) instanceof IDatafield));
System.out.println("modify module:" + (modifyMap.get(key) instanceof IModule));
System.out.println("modify moduleList:" + (modifyMap.get(key) instanceof IModuleList));
if(key == null)
if (key == null)
continue;
data.put(key, NoUiPresentationUtil.handIBaseObject(context, modifyMap.get(key), key));
}
......
src/main/resources/security.properties
#安全开关(ON:开;OFF:关)
switch=ON
#客户管理——查询
/dblpty/sel_encode=\\ptyp\\ptylst[]\\inr
#客户管理——修改
dbepty=\\ptygrp\\rec\\inr,\\ptygrp\\rec\\extkey
/dbepty/init_decode=\\ptygrp\\rec\\inr
/dbepty/init_encode=\\ptygrp\\rec\\inr,\\ptygrp\\rec\\extkey
/dbepty/sav_decode=\\ptygrp\\rec\\inr,\\ptygrp\\rec\\extkey
#客户管理——删除
dbdpty=\\ptygrp\\rec\\inr
/dbdpty/init_decode=\\ptygrp\\rec\\inr
/dbdpty/init_encode=\\ptygrp\\rec\\inr
/dbdpty/sav_decode=\\ptygrp\\rec\\inr
#
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment