修复了之前安全防篡改，在第一次提交失败后，第二次在提交报数据篡改的缺陷

e949a165 · WeiCong · 292270fb · e949a165
Commit e949a165 authored Mar 17, 2021 by WeiCong
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletions

AbstractCommonController.java ...resentation/noui/controller/AbstractCommonController.java +6 -1

No files found.
--- a/src/main/java/org/sss/presentation/noui/controller/AbstractCommonController.java
+++ b/src/main/java/org/sss/presentation/noui/controller/AbstractCommonController.java
@@ -56,8 +56,9 @@ public abstract class AbstractCommonController {
        NoUiContext context = null;
        Result ret = null;
        String serverEnc = null;
+        NoUiRequest noUiRequest=null;
        try {
-            NoUiRequest noUiRequest = new NoUiRequest(request, mappingUrl, dataMap);
+            noUiRequest= new NoUiRequest(request, mappingUrl, dataMap);

            Alias alias = new Alias(mappingUrl);
            String trnName = alias.getTrnName();
@@ -177,6 +178,10 @@ public abstract class AbstractCommonController {
                    String[] pars = DataSecurityUtil.getSafeConfigByReqUrl(context, noUiRequest,noUiRequest.getReqUrl() + DataSecurityUtil.ENCRYPT_FIX);
                    serverEnc = DataSecurityUtil.encrypt(pars, noUiRequest.getUserId());
                    afterReturnData.put(DataSecurityUtil.BACKGROUND_ID, serverEnc);
+                }else if(!ErrorCodes.SUCCESS.equals(NoUiPresentationUtil.retCode(context)) && DataSecurityUtil.needDecrypt(noUiRequest.getReqUrl())){
+                    String[] pars = DataSecurityUtil.getSafeConfigByReqUrl(context, noUiRequest,noUiRequest.getReqUrl() + DataSecurityUtil.DECRYPT_FIX);
+                    serverEnc = DataSecurityUtil.encrypt(pars, noUiRequest.getUserId());
+                    afterReturnData.put(DataSecurityUtil.BACKGROUND_ID, serverEnc);
                }
            }