Skip to content

N
nouiWithSpringMVC
Commit e47c9cad by WeiCong
Options

完善资源访问拦截日志记录

parent 4e56c07f
Showing with 25 additions and 22 deletions
src/main/java/org/sss/presentation/noui/filter/ResourceAccessFilter.java
...@@ -27,9 +27,9 @@ public class ResourceAccessFilter implements Filter { ...@@ -27,9 +27,9 @@ public class ResourceAccessFilter implements Filter {
private static final String _HTML_CONTENT = "text/html; charset=UTF-8"; private static final String _HTML_CONTENT = "text/html; charset=UTF-8";
private static final String _403_JSON = "{\"code\": \"403\", \"msg\": \"Access Forbidden, Unauthorized!\"}"; private static final String _403_JSON = "{\"code\": \"403\", \"msg\": \"Access Forbidden, Unauthorized!\"}";
private static final String _403_HTML = "<html><body><div style='text-align:center'><h1 style='margin-top: 10px;'>Access Forbidden, Unauthorized!</h1></div></body></html>"; private static final String _403_HTML = "<html><body><div style='text-align:center'><h1 style='margin-top: 10px;'>Access Forbidden, Unauthorized!</h1></div></body></html>";
private static final String DSPPTH = "/data/dsp/";
public static String[] pdfpth; public static String[] pdfpth;
public static String[] exclude; public static String[] exclude;
private static final String DSPPTH="/data/dsp/";
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException { throws IOException, ServletException {
...@@ -46,10 +46,9 @@ public class ResourceAccessFilter implements Filter { ...@@ -46,10 +46,9 @@ public class ResourceAccessFilter implements Filter {
if (!doPdfsFilter(uri, pdfres, request, response)) { if (!doPdfsFilter(uri, pdfres, request, response)) {
return; return;
} }
}else if(uri.contains(DSPPTH)){ } else if (uri.contains(DSPPTH)) {
doDspFilter(uri,request,response); doDspFilter(uri, request, response);
} } else if (isExcludeRes(uri)) {
else if (isExcludeRes(uri)) {
response.setStatus(403); response.setStatus(403);
forbidden(request, response); forbidden(request, response);
} else { } else {
...@@ -64,7 +63,7 @@ public class ResourceAccessFilter implements Filter { ...@@ -64,7 +63,7 @@ public class ResourceAccessFilter implements Filter {
private void doDspFilter(String uri, HttpServletRequest request, HttpServletResponse response) throws Exception { private void doDspFilter(String uri, HttpServletRequest request, HttpServletResponse response) throws Exception {
String[] parts = uri.split("_"); String[] parts = uri.split("_");
if (parts.length != 3) { if (parts.length != 3) {
log.warn("Access Dsp Forbidden"); log.warn("Access Dsp Forbidden,length is not three");
forbidden(request, response); forbidden(request, response);
return; return;
} }
...@@ -72,26 +71,26 @@ public class ResourceAccessFilter implements Filter { ...@@ -72,26 +71,26 @@ public class ResourceAccessFilter implements Filter {
String uid = parts[1]; String uid = parts[1];
String sec = parts[2]; String sec = parts[2];
if (StringUtil.isEmpty(sec) || StringUtil.isEmpty(uid) || StringUtil.isEmpty(res)) { if (StringUtil.isEmpty(sec) || StringUtil.isEmpty(uid) || StringUtil.isEmpty(res)) {
log.warn("Access Dsp Forbidden"); log.warn("Access Dsp Forbidden,sec_uid_res may null");
forbidden(request, response); forbidden(request, response);
return; return;
} else { } else {
//校验usrid+token+固定值的加密 //校验usrid+token+固定值的加密
if (!isLegalSec(sec, uid, res, request)) { if (!isLegalSec(sec, uid, res, request)) {
log.warn("Access Dsp Forbidden"); log.warn("Access Dsp Forbidden,LegalSec");
forbidden(request, response); forbidden(request, response);
return; return;
} }
} }
String relPth=res.substring(res.indexOf(DSPPTH)); String relPth = res.substring(res.indexOf(DSPPTH));
StringBuilder sb=new StringBuilder(NoUiUtils.getDatapath()); StringBuilder sb = new StringBuilder(NoUiUtils.getDatapath());
sb.append(relPth); sb.append(relPth);
File file=new File(sb.toString()); File file = new File(sb.toString());
if(file.exists()){ if (file.exists()) {
response.setContentType(_JSON_CONTENT); response.setContentType(_JSON_CONTENT);
response.getWriter().print(FileUtils.readFileToString(file, StandardCharsets.UTF_8)); response.getWriter().print(FileUtils.readFileToString(file, StandardCharsets.UTF_8));
return; return;
}else{ } else {
log.warn("Dsp Is Not Exists"); log.warn("Dsp Is Not Exists");
forbidden(request, response); forbidden(request, response);
return; return;
...@@ -102,9 +101,11 @@ public class ResourceAccessFilter implements Filter { ...@@ -102,9 +101,11 @@ public class ResourceAccessFilter implements Filter {
String realSessionId = (String) RedisUtil.get(StringUtil.getCacheSessionId(userId)); String realSessionId = (String) RedisUtil.get(StringUtil.getCacheSessionId(userId));
String sessionId = request.getSession().getId(); String sessionId = request.getSession().getId();
if (StringUtil.isEmpty(realSessionId)) { if (StringUtil.isEmpty(realSessionId)) {
log.warn("session of redis is null by usrid =" + userId);
return true; return true;
} }
if (!realSessionId.equals(sessionId)) { if (!realSessionId.equals(sessionId)) {
log.warn("session of redis is " + realSessionId + ",session of request is " + sessionId);
return true; return true;
} }
return false; return false;
...@@ -113,30 +114,30 @@ public class ResourceAccessFilter implements Filter { ...@@ -113,30 +114,30 @@ public class ResourceAccessFilter implements Filter {
private boolean doPdfsFilter(String uri, String pdfres, HttpServletRequest request, HttpServletResponse response) throws Exception { private boolean doPdfsFilter(String uri, String pdfres, HttpServletRequest request, HttpServletResponse response) throws Exception {
String[] parts = uri.split("_"); String[] parts = uri.split("_");
if (parts.length != 3) { if (parts.length != 3) {
log.warn("Access Pdfs Forbidden"); log.warn("Access Pdfs Forbidden,length is not three");
return forbidden403(request, response); return forbidden403(request, response);
} }
String res = parts[0]; String res = parts[0];
String uid = parts[1]; String uid = parts[1];
String sec = parts[2]; String sec = parts[2];
if (StringUtil.isEmpty(sec) || StringUtil.isEmpty(uid) || StringUtil.isEmpty(res)) { if (StringUtil.isEmpty(sec) || StringUtil.isEmpty(uid) || StringUtil.isEmpty(res)) {
log.warn("Access Pdfs Forbidden"); log.warn("Access Pdfs Forbidden,sec_uid_res may null");
return forbiddenPdf(request, response); return forbiddenPdf(request, response);
} else { } else {
//校验usrid+token+固定值的加密 //校验usrid+token+固定值的加密
if (!isLegalSec(sec, uid, res, request)) { if (!isLegalSec(sec, uid, res, request)) {
log.warn("Access Pdfs Forbidden"); log.warn("Access Pdfs Forbidden,LegalSec");
return forbiddenPdf(request, response); return forbiddenPdf(request, response);
} }
} }
res = res.substring(res.indexOf(pdfres), res.length()); res = res.substring(res.indexOf(pdfres), res.length());
StringBuilder sb=new StringBuilder(NoUiUtils.getDatapath()); StringBuilder sb = new StringBuilder(NoUiUtils.getDatapath());
sb.append(res); sb.append(res);
File file=new File(sb.toString()); File file = new File(sb.toString());
if(file.exists()){ if (file.exists()) {
pdfWriter(FileUtils.openInputStream(file), response); pdfWriter(FileUtils.openInputStream(file), response);
return false; return false;
}else{ } else {
log.warn("Pdf Is Not Exists"); log.warn("Pdf Is Not Exists");
return forbiddenPdf(request, response); return forbiddenPdf(request, response);
} }
...@@ -147,11 +148,12 @@ public class ResourceAccessFilter implements Filter { ...@@ -147,11 +148,12 @@ public class ResourceAccessFilter implements Filter {
res = res.substring(res.lastIndexOf("/") + 1); res = res.substring(res.lastIndexOf("/") + 1);
} }
String rawuid = new StringBuilder(uid).reverse().toString(); String rawuid = new StringBuilder(uid).reverse().toString();
if (isNotSameSessionId(rawuid,request)) { if (isNotSameSessionId(rawuid, request)) {
return false; return false;
} }
Object obj = RedisUtil.get(KEY.replace("##", rawuid)); Object obj = RedisUtil.get(KEY.replace("##", rawuid));
if (obj == null) { if (obj == null) {
log.warn(KEY.replace("##", rawuid) + "get logininfo is null");
return false; return false;
} }
RedisLoginInfo redisLoginInfo = (RedisLoginInfo) obj; RedisLoginInfo redisLoginInfo = (RedisLoginInfo) obj;
...@@ -163,6 +165,7 @@ public class ResourceAccessFilter implements Filter { ...@@ -163,6 +165,7 @@ public class ResourceAccessFilter implements Filter {
raw.append(res); raw.append(res);
String rawsec = StringUtil.encryptMD5(raw.toString()); String rawsec = StringUtil.encryptMD5(raw.toString());
if (!rawsec.equals(sec)) { if (!rawsec.equals(sec)) {
log.warn("rawsec is:" + rawsec + ",sec is:" + sec);
return false; return false;
} }
return true; return true;
...@@ -195,7 +198,7 @@ public class ResourceAccessFilter implements Filter { ...@@ -195,7 +198,7 @@ public class ResourceAccessFilter implements Filter {
private void forbidden(HttpServletRequest request, HttpServletResponse response) throws IOException { private void forbidden(HttpServletRequest request, HttpServletResponse response) throws IOException {
if (isAjaxRequest(request)) { if (isAjaxRequest(request)) {
forbiddenJson(request,response); forbiddenJson(request, response);
} else { } else {
response.setContentType(_HTML_CONTENT); response.setContentType(_HTML_CONTENT);
response.getWriter().print(_403_HTML); response.getWriter().print(_403_HTML);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment