Commit e47c9cad by WeiCong

完善资源访问拦截日志记录

parent 4e56c07f
......@@ -27,9 +27,9 @@ public class ResourceAccessFilter implements Filter {
private static final String _HTML_CONTENT = "text/html; charset=UTF-8";
private static final String _403_JSON = "{\"code\": \"403\", \"msg\": \"Access Forbidden, Unauthorized!\"}";
private static final String _403_HTML = "<html><body><div style='text-align:center'><h1 style='margin-top: 10px;'>Access Forbidden, Unauthorized!</h1></div></body></html>";
private static final String DSPPTH = "/data/dsp/";
public static String[] pdfpth;
public static String[] exclude;
private static final String DSPPTH="/data/dsp/";
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
......@@ -46,10 +46,9 @@ public class ResourceAccessFilter implements Filter {
if (!doPdfsFilter(uri, pdfres, request, response)) {
return;
}
}else if(uri.contains(DSPPTH)){
doDspFilter(uri,request,response);
}
else if (isExcludeRes(uri)) {
} else if (uri.contains(DSPPTH)) {
doDspFilter(uri, request, response);
} else if (isExcludeRes(uri)) {
response.setStatus(403);
forbidden(request, response);
} else {
......@@ -64,7 +63,7 @@ public class ResourceAccessFilter implements Filter {
private void doDspFilter(String uri, HttpServletRequest request, HttpServletResponse response) throws Exception {
String[] parts = uri.split("_");
if (parts.length != 3) {
log.warn("Access Dsp Forbidden");
log.warn("Access Dsp Forbidden,length is not three");
forbidden(request, response);
return;
}
......@@ -72,26 +71,26 @@ public class ResourceAccessFilter implements Filter {
String uid = parts[1];
String sec = parts[2];
if (StringUtil.isEmpty(sec) || StringUtil.isEmpty(uid) || StringUtil.isEmpty(res)) {
log.warn("Access Dsp Forbidden");
log.warn("Access Dsp Forbidden,sec_uid_res may null");
forbidden(request, response);
return;
} else {
//校验usrid+token+固定值的加密
if (!isLegalSec(sec, uid, res, request)) {
log.warn("Access Dsp Forbidden");
log.warn("Access Dsp Forbidden,LegalSec");
forbidden(request, response);
return;
}
}
String relPth=res.substring(res.indexOf(DSPPTH));
StringBuilder sb=new StringBuilder(NoUiUtils.getDatapath());
String relPth = res.substring(res.indexOf(DSPPTH));
StringBuilder sb = new StringBuilder(NoUiUtils.getDatapath());
sb.append(relPth);
File file=new File(sb.toString());
if(file.exists()){
File file = new File(sb.toString());
if (file.exists()) {
response.setContentType(_JSON_CONTENT);
response.getWriter().print(FileUtils.readFileToString(file, StandardCharsets.UTF_8));
return;
}else{
} else {
log.warn("Dsp Is Not Exists");
forbidden(request, response);
return;
......@@ -102,9 +101,11 @@ public class ResourceAccessFilter implements Filter {
String realSessionId = (String) RedisUtil.get(StringUtil.getCacheSessionId(userId));
String sessionId = request.getSession().getId();
if (StringUtil.isEmpty(realSessionId)) {
log.warn("session of redis is null by usrid =" + userId);
return true;
}
if (!realSessionId.equals(sessionId)) {
log.warn("session of redis is " + realSessionId + ",session of request is " + sessionId);
return true;
}
return false;
......@@ -113,30 +114,30 @@ public class ResourceAccessFilter implements Filter {
private boolean doPdfsFilter(String uri, String pdfres, HttpServletRequest request, HttpServletResponse response) throws Exception {
String[] parts = uri.split("_");
if (parts.length != 3) {
log.warn("Access Pdfs Forbidden");
log.warn("Access Pdfs Forbidden,length is not three");
return forbidden403(request, response);
}
String res = parts[0];
String uid = parts[1];
String sec = parts[2];
if (StringUtil.isEmpty(sec) || StringUtil.isEmpty(uid) || StringUtil.isEmpty(res)) {
log.warn("Access Pdfs Forbidden");
log.warn("Access Pdfs Forbidden,sec_uid_res may null");
return forbiddenPdf(request, response);
} else {
//校验usrid+token+固定值的加密
if (!isLegalSec(sec, uid, res, request)) {
log.warn("Access Pdfs Forbidden");
log.warn("Access Pdfs Forbidden,LegalSec");
return forbiddenPdf(request, response);
}
}
res = res.substring(res.indexOf(pdfres), res.length());
StringBuilder sb=new StringBuilder(NoUiUtils.getDatapath());
StringBuilder sb = new StringBuilder(NoUiUtils.getDatapath());
sb.append(res);
File file=new File(sb.toString());
if(file.exists()){
File file = new File(sb.toString());
if (file.exists()) {
pdfWriter(FileUtils.openInputStream(file), response);
return false;
}else{
} else {
log.warn("Pdf Is Not Exists");
return forbiddenPdf(request, response);
}
......@@ -147,11 +148,12 @@ public class ResourceAccessFilter implements Filter {
res = res.substring(res.lastIndexOf("/") + 1);
}
String rawuid = new StringBuilder(uid).reverse().toString();
if (isNotSameSessionId(rawuid,request)) {
if (isNotSameSessionId(rawuid, request)) {
return false;
}
Object obj = RedisUtil.get(KEY.replace("##", rawuid));
if (obj == null) {
log.warn(KEY.replace("##", rawuid) + "get logininfo is null");
return false;
}
RedisLoginInfo redisLoginInfo = (RedisLoginInfo) obj;
......@@ -163,6 +165,7 @@ public class ResourceAccessFilter implements Filter {
raw.append(res);
String rawsec = StringUtil.encryptMD5(raw.toString());
if (!rawsec.equals(sec)) {
log.warn("rawsec is:" + rawsec + ",sec is:" + sec);
return false;
}
return true;
......@@ -195,7 +198,7 @@ public class ResourceAccessFilter implements Filter {
private void forbidden(HttpServletRequest request, HttpServletResponse response) throws IOException {
if (isAjaxRequest(request)) {
forbiddenJson(request,response);
forbiddenJson(request, response);
} else {
response.setContentType(_HTML_CONTENT);
response.getWriter().print(_403_HTML);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment