bonus
/
YnRealNameWeb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

修改路径

This commit is contained in:
haozq 2025-08-25 14:59:51 +08:00
parent 7617c68f12
commit 30503ae08b
9 changed files with 80 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
common/common-security/pom.xml
View File

@ -27,7 +27,10 @@
<groupId>com.bonus</groupId>
<artifactId>api-system</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- Common Redis-->
<dependency>
<groupId>com.bonus</groupId>

4
common/common-security/src/main/java/com/bonus/common/security/config/WebMvcConfig.java
View File

@ -2,6 +2,7 @@ package com.bonus.common.security.config;
import com.bonus.common.core.table.PageTableArgumentResolver;
import com.bonus.common.security.interceptor.HeaderInterceptor;
import com.bonus.common.security.interceptor.SecurityConfig;
import org.springframework.boot.web.servlet.MultipartConfigFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@ -32,6 +33,7 @@ public class WebMvcConfig implements WebMvcConfigurer
.addPathPatterns("/**")
.excludePathPatterns(excludeUrls)
.order(-10);
}
/**
@ -42,6 +44,8 @@ public class WebMvcConfig implements WebMvcConfigurer
return new HeaderInterceptor();
}
/**
* 外部文件访问
*/

4
common/common-security/src/main/java/com/bonus/common/security/handler/GlobalExceptionHandler.java
View File

@ -30,7 +30,7 @@ public class GlobalExceptionHandler
public final static String DATA_ERROR="Data truncation: Data too long for";
public final static String NumberFormatException="java.lang.NumberFormatException";
public final static String NUMBER_FORMAT_EXCEPTION ="java.lang.NumberFormatException";
/**
* 权限码异常r
*/
@ -128,7 +128,7 @@ public class GlobalExceptionHandler
String message = e.getAllErrors().get(0).getDefaultMessage();
System.err.println(message);
assert message != null;
if(message.contains(NumberFormatException)){
if(message.contains(NUMBER_FORMAT_EXCEPTION)){
return AjaxResult.error(HttpStatus.FORBIDDEN, "请求参数不正确");
}
return AjaxResult.error(message);

4
common/common-security/src/main/java/com/bonus/common/security/interceptor/HeaderInterceptor.java
View File

@ -27,12 +27,10 @@ public class HeaderInterceptor implements AsyncHandlerInterceptor
{
return true;
}
SecurityContextHolder.setUserId(ServletUtils.getHeader(request, SecurityConstants.DETAILS_USER_ID));
SecurityContextHolder.setUserName(ServletUtils.getHeader(request, SecurityConstants.DETAILS_USERNAME));
SecurityContextHolder.setUserKey(ServletUtils.getHeader(request, SecurityConstants.USER_KEY));
String token = SecurityUtils.getToken();
String token = SecurityUtils.getTokenFromParams();
if (StringUtils.isNotEmpty(token))
{
LoginUser loginUser = AuthUtil.getLoginUser(token);

19
common/common-security/src/main/java/com/bonus/common/security/interceptor/SecurityConfig.java Normal file
View File

@ -0,0 +1,19 @@
package com.bonus.common.security.interceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.stereotype.Component;
/**
* @author 黑子
*/
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.headers()
.contentSecurityPolicy("default-src 'self'; script-src 'self' https://trusted.cdn.com;");
}
}

11
common/common-security/src/main/java/com/bonus/common/security/utils/SecurityUtils.java
View File

@ -65,7 +65,16 @@ public class SecurityUtils
String token = request.getHeader(TokenConstants.AUTHENTICATION);
return replaceTokenPrefix(token);
}
public static String getTokenFromParams() {
HttpServletRequest request = ServletUtils.getRequest();
assert request != null;
// 从header获取token标识
String token = request.getHeader(TokenConstants.AUTHENTICATION);
if(StringUtils.isEmpty(token)){
token= request.getParameter("token");
}
return replaceTokenPrefix(token);
}
/**
* 裁剪token前缀
*/

11
common/common-security/src/main/java/com/bonus/common/security/xss/XssFilter.java
View File

@ -2,6 +2,7 @@ package com.bonus.common.security.xss;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
@ -9,17 +10,23 @@ import java.io.IOException;
* @author zys
*/
public class XssFilter implements Filter {
private String mode = "DENY";
@Override
public void init(FilterConfig filterConfig) throws ServletException {
System.out.println("限制mode init============"+mode);
String configMode = filterConfig.getInitParameter("mode");
if ( configMode != null ) {
mode = configMode;
}
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse res = (HttpServletResponse)servletResponse;
HttpServletRequest request = (HttpServletRequest)servletRequest;
XssHttpRequestWrapper requestWrapper = new XssHttpRequestWrapper(request);
filterChain.doFilter(requestWrapper,servletResponse);
res.addHeader("X-FRAME-OPTIONS",mode );
}
@Override

2
common/common-security/src/main/java/com/bonus/common/security/xss/XssFilterRegister.java
View File

@ -12,7 +12,7 @@ import org.springframework.context.annotation.Configuration;
public class XssFilterRegister {
@Bean
public FilterRegistrationBean<XssFilter> RegistTest1(){
public FilterRegistrationBean<XssFilter> registTest1(){
//通过FilterRegistrationBean实例设置优先级可以生效
FilterRegistrationBean<XssFilter> bean = new FilterRegistrationBean<XssFilter>();
//注册自定义过滤器

60
gateway/src/main/java/com/bonus/gateway/config/CorsConfig.java
View File

@ -1,30 +1,30 @@
//package com.bonus.gateway.config;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.web.cors.CorsConfiguration;
//import org.springframework.web.cors.reactive.CorsWebFilter;
//import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
//import org.springframework.web.util.pattern.PathPatternParser;
//
///**
// * 跨域处理请求配置
// * @author 黑子
// */
//@Configuration
//public class CorsConfig {
//
// @Bean
// public CorsWebFilter corsWebFilter() {
// CorsConfiguration config = new CorsConfiguration();
// config.addAllowedOrigin("*");
// config.addAllowedMethod("*");
// config.addAllowedHeader("*");
// config.addAllowedOriginPattern("*");
// config.setAllowCredentials(false);
// config.setMaxAge(3600L);
//
// UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
// source.registerCorsConfiguration("/**", config);
// return new CorsWebFilter(source);
// }
//}
package com.bonus.gateway.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.reactive.CorsWebFilter;
import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
import org.springframework.web.util.pattern.PathPatternParser;
/**
* 跨域处理请求配置
* @author 黑子
*/
@Configuration
public class CorsConfig {
@Bean
public CorsWebFilter corsWebFilter() {
CorsConfiguration config = new CorsConfiguration();
config.addAllowedOrigin("*");
config.addAllowedMethod("*");
config.addAllowedHeader("*");
config.addAllowedOriginPattern("*");
config.setAllowCredentials(false);
config.setMaxAge(3600L);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", config);
return new CorsWebFilter(source);
}
}