Commit 9c731c0d by WeiCong

资源访问过滤优化

parent d9340b71
......@@ -13,88 +13,102 @@ import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class ResourceAccessFilter implements Filter {
public static String pdfpth;
protected static final Log log = LogFactory.getLog(ResourceAccessFilter.class);
private static final String KEY = "session.##.WEB";
private static final String SALT="1314520@Wc;";
private static final String SALT = "1314520@Wc;";
private static final String _JSON_CONTENT = "application/json; charset=UTF-8";
private static final String _HTML_CONTENT = "text/html; charset=UTF-8";
private static final String _403_JSON = "{'code': '403', 'msg': 'Access Forbidden, Unauthorized!'}";
private static final String _403_HTML = "<html><body><div style='text-align:center'><h1 style='margin-top: 10px;'>Access Forbidden, Unauthorized!</h1><hr><span>@lichmama</span></div></body></html>";
private static final String _403_HTML = "<html><body><div style='text-align:center'><h1 style='margin-top: 10px;'>Access Forbidden, Unauthorized!</h1></div></body></html>";
public static String pdfpth;
public static String[] exclude;
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
try{
HttpServletRequest request=(HttpServletRequest) req;
HttpServletResponse response=(HttpServletResponse) res;
String uri=request.getRequestURI();
if(needPdfsFilter(uri)){
if(!doPdfsFilter(request,response)){
try {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String uri = request.getRequestURI();
if (needPdfsFilter(uri)) {
if (!doPdfsFilter(request, response)) {
chain.doFilter(req, res);
}
}else{
} else if (isExcludeRes(uri)) {
response.setStatus(403);
forbidden(request, response);
} else {
chain.doFilter(req, res);
}
}catch (Throwable b){
log.warn("资源访问过滤器执行异常:"+b.getMessage());
} catch (Throwable b) {
log.warn("资源访问过滤器执行异常:" + b.getMessage());
chain.doFilter(req, res);
}
}
private boolean doPdfsFilter(HttpServletRequest request,HttpServletResponse response) throws Exception {
String[] sec=request.getParameterValues("sec");
String[] uid=request.getParameterValues("uid");
String[] res=request.getParameterValues("file");
if(ArrayUtils.isEmpty(sec) || ArrayUtils.isEmpty(uid) || ArrayUtils.isEmpty(res)){
private boolean doPdfsFilter(HttpServletRequest request, HttpServletResponse response) throws Exception {
String[] sec = request.getParameterValues("sec");
String[] uid = request.getParameterValues("uid");
String[] res = request.getParameterValues("file");
if (ArrayUtils.isEmpty(sec) || ArrayUtils.isEmpty(uid) || ArrayUtils.isEmpty(res)) {
log.warn("Access Pdfs Forbidden");
return forbidden403(request,response);
}else{
return forbidden403(request, response);
} else {
//校验usrid+token+固定值的加密
if(!isLegalSec(sec[0],uid[0],res[0])){
if (!isLegalSec(sec[0], uid[0], res[0])) {
log.warn("Access Pdfs Forbidden");
return forbidden403(request,response);
return forbidden403(request, response);
}
}
return false;
}
private boolean isLegalSec(String sec, String uid, String res) throws Exception {
if(res.lastIndexOf("/")>0){
res=res.substring(res.lastIndexOf("/")+1);
if (res.lastIndexOf("/") > 0) {
res = res.substring(res.lastIndexOf("/") + 1);
}
String rawuid=new StringBuilder(uid).reverse().toString();
Object obj = RedisUtil.get(KEY.replace("##",rawuid));
if (obj == null){
String rawuid = new StringBuilder(uid).reverse().toString();
Object obj = RedisUtil.get(KEY.replace("##", rawuid));
if (obj == null) {
return false;
}
RedisLoginInfo redisLoginInfo= (RedisLoginInfo) obj;
StringBuilder raw=new StringBuilder();
RedisLoginInfo redisLoginInfo = (RedisLoginInfo) obj;
StringBuilder raw = new StringBuilder();
raw.append(redisLoginInfo.getToken());
raw.append(SALT);
raw.append(rawuid);
raw.append(SALT);
raw.append(res);
String rawsec= StringUtil.encryptMD5(raw.toString());
if(!rawsec.equals(sec)){
String rawsec = StringUtil.encryptMD5(raw.toString());
if (!rawsec.equals(sec)) {
return false;
}
return true;
}
private boolean needPdfsFilter(String uri){
if(pdfpth.equals(uri)){
private boolean needPdfsFilter(String uri) {
if (pdfpth.equals(uri)) {
return true;
}
return false;
}
private boolean forbidden403(HttpServletRequest request,HttpServletResponse response) throws IOException, ServletException{
private boolean isExcludeRes(String uri) {
for(String pth:exclude){
if(uri.startsWith(pth)){
return true;
}
}
return false;
}
private boolean forbidden403(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
response.setStatus(403);
forbidden(request,response);
forbidden(request, response);
return true;
}
private void forbidden(HttpServletRequest request,HttpServletResponse response) throws IOException, ServletException{
private void forbidden(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
if (isAjaxRequest(request)) {
response.setContentType(_JSON_CONTENT);
response.getWriter().print(_403_JSON);
......@@ -114,11 +128,14 @@ public class ResourceAccessFilter implements Filter {
}
public void init(FilterConfig filterConfig) {
if(filterConfig.getInitParameter("pdfpth")!=null){
pdfpth=filterConfig.getInitParameter("pdfpth");
if (filterConfig.getInitParameter("pdfpth") != null) {
pdfpth = filterConfig.getInitParameter("pdfpth");
}
if (!StringUtil.isEmpty(filterConfig.getInitParameter("exclude"))) {
exclude = filterConfig.getInitParameter("exclude").split(";");
}
}
public void destroy() {}
public void destroy() {
}
}
......@@ -67,6 +67,10 @@
<param-name>pdfpth</param-name>
<param-value>/esfeserver/pdfjs/web/viewer.html</param-value>
</init-param>
<init-param>
<param-name>exclude</param-name>
<param-value>/esfeserver/data/docpdf;/esfeserver/data/dsp;/esfeserver/data/bimdata;/esfeserver/data/delete;/esfeserver/data/elcin;/esfeserver/data/elcout;/esfeserver/data/files;/esfeserver/data/trndata;</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>resaccess</filter-name>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment