Skip to content

N
nouiWithSpringMVC
Commit e5df2660 by WeiCong
Options

快照防篡改后台优化

parent 95150ec6
Showing with 38 additions and 7 deletions
src/main/java/org/sss/presentation/noui/filter/ResourceAccessFilter.java
......@@ -25,7 +25,7 @@ public class ResourceAccessFilter implements Filter {
private static final String SALT = "1314520@Wc;";
private static final String _JSON_CONTENT = "application/json; charset=UTF-8";
private static final String _HTML_CONTENT = "text/html; charset=UTF-8";
private static final String _403_JSON = "{'code': '403', 'msg': 'Access Forbidden, Unauthorized!'}";
private static final String _403_JSON = "{\"code\": \"403\", \"msg\": \"Access Forbidden, Unauthorized!\"}";
private static final String _403_HTML = "<html><body><div style='text-align:center'><h1 style='margin-top: 10px;'>Access Forbidden, Unauthorized!</h1></div></body></html>";
public static String[] pdfpth;
public static String[] exclude;
......@@ -61,16 +61,40 @@ public class ResourceAccessFilter implements Filter {
}
}
private void doDspFilter(String uri, HttpServletRequest request, HttpServletResponse response) throws IOException {
String relPth=uri.substring(uri.indexOf(DSPPTH));
private void doDspFilter(String uri, HttpServletRequest request, HttpServletResponse response) throws Exception {
String[] parts = uri.split("_");
if (parts.length != 3) {
log.warn("Access Dsp Forbidden");
forbidden(request, response);
return;
}
String res = parts[0];
String uid = parts[1];
String sec = parts[2];
if (StringUtil.isEmpty(sec) || StringUtil.isEmpty(uid) || StringUtil.isEmpty(res)) {
log.warn("Access Dsp Forbidden");
forbidden(request, response);
return;
} else {
//校验usrid+token+固定值的加密
if (!isLegalSec(sec, uid, res, request)) {
log.warn("Access Dsp Forbidden");
forbidden(request, response);
return;
}
}
String relPth=res.substring(res.indexOf(DSPPTH));
StringBuilder sb=new StringBuilder(NoUiUtils.getDatapath());
sb.append(relPth);
File file=new File(sb.toString());
if(file.exists()){
response.setContentType(_JSON_CONTENT);
response.getWriter().print(FileUtils.readFileToString(file, StandardCharsets.UTF_8));
return;
}else{
log.warn("Dsp Is Not Exists");
forbidden(request, response);
return;
}
}
......@@ -165,20 +189,24 @@ public class ResourceAccessFilter implements Filter {
private boolean forbidden403(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
response.setStatus(403);
forbidden(request, response);
forbiddenJson(request, response);
return true;
}
private void forbidden(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
private void forbidden(HttpServletRequest request, HttpServletResponse response) throws IOException {
if (isAjaxRequest(request)) {
response.setContentType(_JSON_CONTENT);
response.getWriter().print(_403_JSON);
forbiddenJson(request,response);
} else {
response.setContentType(_HTML_CONTENT);
response.getWriter().print(_403_HTML);
}
}
private void forbiddenJson(HttpServletRequest request, HttpServletResponse response) throws IOException {
response.setContentType(_JSON_CONTENT);
response.getWriter().print(_403_JSON);
}
private boolean isAjaxRequest(HttpServletRequest request) {
String header = request.getHeader("X-Requested-With");
if (header != null && header.length() > 0) {
......
src/main/java/org/sss/presentation/noui/util/DataSecurityUtil.java
......@@ -131,6 +131,9 @@ public class DataSecurityUtil {
for(String ck:DEFAULT_CHECK){
if(noUiRequest.getParamsMap().containsKey(ck)){
val=noUiRequest.getParamsMap().get(ck).toString();
if(!StringUtil.isEmpty(val)){
break;
}
}
}
}else{
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment