From 1fb44349dd82b026695a64898c6f95932e64e954 Mon Sep 17 00:00:00 2001 From: weiweiw <14335254+weiweiw22@user.noreply.gitee.com> Date: Tue, 5 Nov 2024 09:03:42 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=B8=97=E9=80=8F=E6=B5=8B?= =?UTF-8?q?=E8=AF=95=E6=BC=8F=E6=B4=9E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../interceptor/ParamSecureHandler.java | 18 ++++++++---------- ...oot.autoconfigure.AutoConfiguration.imports | 2 +- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/ParamSecureHandler.java b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/ParamSecureHandler.java index 42432db..09b4a3d 100644 --- a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/ParamSecureHandler.java +++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/ParamSecureHandler.java @@ -24,8 +24,8 @@ import static org.springframework.http.MediaType.MULTIPART_FORM_DATA_VALUE; @Slf4j public class ParamSecureHandler implements AsyncHandlerInterceptor { - private static String OPERLOG_URL = "/operlog/addLogs"; - private static final String REGISTER = "/user/register"; + private static final String [] WHITE_URL = { + "/login", "/isAdmin", "/isLogin", "/register","/operlog/addLogs"}; private String rnd = null; public static String ur = "/"; @@ -54,15 +54,9 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor { XssRequestWrapper requestWrapper = new XssRequestWrapper(request); String requestUrl = requestWrapper.getRequestURI(); - if (OPERLOG_URL.equals(requestUrl)) { + if (isWhiteUrl(requestUrl)){ return true; } - if (REGISTER.equals(requestUrl)) { - return true; - } -// if (RECOGNITION.equals(requestUrl)) { -// return true; -// } /** * 白名单中不验证参数 */ @@ -86,7 +80,7 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor { */ String readerParam = requestWrapper.getReaderParam(); // 判断是否是文件上传,是不对流参数进行验证 - String uplFile = "uploadFile", upImage = "uploadImage"; + String uplFile = "/upload", upImage = "/uploadFiles"; if (!requestUrl.contains(uplFile) && !requestUrl.contains(upImage)) { boolean checkReader = checkReader(readerParam, requestUrl); if (!checkReader) { @@ -232,4 +226,8 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor { throws Exception { SecurityContextHolder.remove(); } + + private boolean isWhiteUrl(String requestUrl) { + return Arrays.asList(WHITE_URL).contains(requestUrl); + } } diff --git a/bonus-common/bonus-common-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/bonus-common/bonus-common-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports index b5c4610..3a220a6 100644 --- a/bonus-common/bonus-common-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports +++ b/bonus-common/bonus-common-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports @@ -1,4 +1,4 @@ -#com.bonus.common.security.config.MyFilter +com.bonus.common.security.config.MyFilter com.bonus.common.security.config.WebMvcConfig com.bonus.common.security.config.VerificationCodeConfig com.bonus.common.security.service.TokenService