资源访问过滤优化

9c731c0d · WeiCong · d9340b71 · 9c731c0d · 9c731c0d
Commit 9c731c0d authored Sep 16, 2020 by WeiCong
Hide whitespace changes
Inline Side-by-side

Showing with 60 additions and 39 deletions

ResourceAccessFilter.java ...rg/sss/presentation/noui/filter/ResourceAccessFilter.java +56 -39

web.xml src/main/webapp/WEB-INF/web.xml +4 -0

No files found.
--- a/src/main/java/org/sss/presentation/noui/filter/ResourceAccessFilter.java
+++ b/src/main/java/org/sss/presentation/noui/filter/ResourceAccessFilter.java
@@ -13,88 +13,102 @@ import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;

 public class ResourceAccessFilter implements Filter {
-    public static String pdfpth;
    protected static final Log log = LogFactory.getLog(ResourceAccessFilter.class);
    private static final String KEY = "session.##.WEB";
-    private static final String SALT="1314520@Wc;";
+    private static final String SALT = "1314520@Wc;";
    private static final String _JSON_CONTENT = "application/json; charset=UTF-8";
    private static final String _HTML_CONTENT = "text/html; charset=UTF-8";
    private static final String _403_JSON = "{'code': '403', 'msg': 'Access Forbidden, Unauthorized!'}";
-    private static final String _403_HTML = "<html><body><div style='text-align:center'><h1 style='margin-top: 10px;'>Access Forbidden, Unauthorized!</h1><hr><span>@lichmama</span></div></body></html>";
+    private static final String _403_HTML = "<html><body><div style='text-align:center'><h1 style='margin-top: 10px;'>Access Forbidden, Unauthorized!</h1></div></body></html>";
+    public static String pdfpth;
+    public static String[] exclude;

    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {
-        try{
-            HttpServletRequest request=(HttpServletRequest) req;
-            HttpServletResponse response=(HttpServletResponse) res;
-            String uri=request.getRequestURI();
-            if(needPdfsFilter(uri)){
-                if(!doPdfsFilter(request,response)){
+        try {
+            HttpServletRequest request = (HttpServletRequest) req;
+            HttpServletResponse response = (HttpServletResponse) res;
+            String uri = request.getRequestURI();
+            if (needPdfsFilter(uri)) {
+                if (!doPdfsFilter(request, response)) {
                    chain.doFilter(req, res);
                }
-            }else{
+            } else if (isExcludeRes(uri)) {
+                response.setStatus(403);
+                forbidden(request, response);
+            } else {
                chain.doFilter(req, res);
            }
-        }catch (Throwable b){
-            log.warn("资源访问过滤器执行异常:"+b.getMessage());
+        } catch (Throwable b) {
+            log.warn("资源访问过滤器执行异常:" + b.getMessage());
            chain.doFilter(req, res);
        }
    }

-    private boolean doPdfsFilter(HttpServletRequest request,HttpServletResponse response) throws Exception {
-        String[] sec=request.getParameterValues("sec");
-        String[] uid=request.getParameterValues("uid");
-        String[] res=request.getParameterValues("file");
-        if(ArrayUtils.isEmpty(sec) || ArrayUtils.isEmpty(uid) || ArrayUtils.isEmpty(res)){
+    private boolean doPdfsFilter(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        String[] sec = request.getParameterValues("sec");
+        String[] uid = request.getParameterValues("uid");
+        String[] res = request.getParameterValues("file");
+        if (ArrayUtils.isEmpty(sec) || ArrayUtils.isEmpty(uid) || ArrayUtils.isEmpty(res)) {
            log.warn("Access Pdfs Forbidden");
-            return forbidden403(request,response);
-        }else{
+            return forbidden403(request, response);
+        } else {
            //校验usrid+token+固定值的加密
-            if(!isLegalSec(sec[0],uid[0],res[0])){
+            if (!isLegalSec(sec[0], uid[0], res[0])) {
                log.warn("Access Pdfs Forbidden");
-                return forbidden403(request,response);
+                return forbidden403(request, response);
            }
        }
        return false;
    }

    private boolean isLegalSec(String sec, String uid, String res) throws Exception {
-        if(res.lastIndexOf("/")>0){
-            res=res.substring(res.lastIndexOf("/")+1);
+        if (res.lastIndexOf("/") > 0) {
+            res = res.substring(res.lastIndexOf("/") + 1);
        }
-        String rawuid=new StringBuilder(uid).reverse().toString();
-        Object obj = RedisUtil.get(KEY.replace("##",rawuid));
-        if (obj == null){
+        String rawuid = new StringBuilder(uid).reverse().toString();
+        Object obj = RedisUtil.get(KEY.replace("##", rawuid));
+        if (obj == null) {
            return false;
        }
-        RedisLoginInfo redisLoginInfo= (RedisLoginInfo) obj;
-        StringBuilder raw=new StringBuilder();
+        RedisLoginInfo redisLoginInfo = (RedisLoginInfo) obj;
+        StringBuilder raw = new StringBuilder();
        raw.append(redisLoginInfo.getToken());
        raw.append(SALT);
        raw.append(rawuid);
        raw.append(SALT);
        raw.append(res);
-        String rawsec= StringUtil.encryptMD5(raw.toString());
-        if(!rawsec.equals(sec)){
+        String rawsec = StringUtil.encryptMD5(raw.toString());
+        if (!rawsec.equals(sec)) {
            return false;
        }
        return true;
    }

-    private boolean needPdfsFilter(String uri){
-        if(pdfpth.equals(uri)){
+    private boolean needPdfsFilter(String uri) {
+        if (pdfpth.equals(uri)) {
            return true;
        }
        return false;
    }

-    private boolean forbidden403(HttpServletRequest request,HttpServletResponse response) throws IOException, ServletException{
+    private boolean isExcludeRes(String uri) {
+        for(String pth:exclude){
+            if(uri.startsWith(pth)){
+
+                return true;
+            }
+        }
+        return false;
+    }
+
+    private boolean forbidden403(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
        response.setStatus(403);
-        forbidden(request,response);
+        forbidden(request, response);
        return true;
    }

-    private void forbidden(HttpServletRequest request,HttpServletResponse response) throws IOException, ServletException{
+    private void forbidden(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
        if (isAjaxRequest(request)) {
            response.setContentType(_JSON_CONTENT);
            response.getWriter().print(_403_JSON);
@@ -114,11 +128,14 @@ public class ResourceAccessFilter implements Filter {
    }

    public void init(FilterConfig filterConfig) {
-        if(filterConfig.getInitParameter("pdfpth")!=null){
-            pdfpth=filterConfig.getInitParameter("pdfpth");
+        if (filterConfig.getInitParameter("pdfpth") != null) {
+            pdfpth = filterConfig.getInitParameter("pdfpth");
+        }
+        if (!StringUtil.isEmpty(filterConfig.getInitParameter("exclude"))) {
+            exclude = filterConfig.getInitParameter("exclude").split(";");
        }
-
    }

-    public void destroy() {}
+    public void destroy() {
+    }
 }
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
@@ -67,6 +67,10 @@
 			<param-name>pdfpth</param-name>
 			<param-value>/esfeserver/pdfjs/web/viewer.html</param-value>
 		</init-param>
+		<init-param>
+			<param-name>exclude</param-name>
+			<param-value>/esfeserver/data/docpdf;/esfeserver/data/dsp;/esfeserver/data/bimdata;/esfeserver/data/delete;/esfeserver/data/elcin;/esfeserver/data/elcout;/esfeserver/data/files;/esfeserver/data/trndata;</param-value>
+		</init-param>
 	</filter>
 	<filter-mapping>
 		<filter-name>resaccess</filter-name>