修改路径
This commit is contained in:
parent
7617c68f12
commit
30503ae08b
|
|
@ -27,7 +27,10 @@
|
||||||
<groupId>com.bonus</groupId>
|
<groupId>com.bonus</groupId>
|
||||||
<artifactId>api-system</artifactId>
|
<artifactId>api-system</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework.boot</groupId>
|
||||||
|
<artifactId>spring-boot-starter-security</artifactId>
|
||||||
|
</dependency>
|
||||||
<!-- Common Redis-->
|
<!-- Common Redis-->
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>com.bonus</groupId>
|
<groupId>com.bonus</groupId>
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@ package com.bonus.common.security.config;
|
||||||
|
|
||||||
import com.bonus.common.core.table.PageTableArgumentResolver;
|
import com.bonus.common.core.table.PageTableArgumentResolver;
|
||||||
import com.bonus.common.security.interceptor.HeaderInterceptor;
|
import com.bonus.common.security.interceptor.HeaderInterceptor;
|
||||||
|
import com.bonus.common.security.interceptor.SecurityConfig;
|
||||||
import org.springframework.boot.web.servlet.MultipartConfigFactory;
|
import org.springframework.boot.web.servlet.MultipartConfigFactory;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
|
@ -32,6 +33,7 @@ public class WebMvcConfig implements WebMvcConfigurer
|
||||||
.addPathPatterns("/**")
|
.addPathPatterns("/**")
|
||||||
.excludePathPatterns(excludeUrls)
|
.excludePathPatterns(excludeUrls)
|
||||||
.order(-10);
|
.order(-10);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -42,6 +44,8 @@ public class WebMvcConfig implements WebMvcConfigurer
|
||||||
return new HeaderInterceptor();
|
return new HeaderInterceptor();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 外部文件访问
|
* 外部文件访问
|
||||||
*/
|
*/
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,7 @@ public class GlobalExceptionHandler
|
||||||
|
|
||||||
public final static String DATA_ERROR="Data truncation: Data too long for";
|
public final static String DATA_ERROR="Data truncation: Data too long for";
|
||||||
|
|
||||||
public final static String NumberFormatException="java.lang.NumberFormatException";
|
public final static String NUMBER_FORMAT_EXCEPTION ="java.lang.NumberFormatException";
|
||||||
/**
|
/**
|
||||||
* 权限码异常r
|
* 权限码异常r
|
||||||
*/
|
*/
|
||||||
|
|
@ -128,7 +128,7 @@ public class GlobalExceptionHandler
|
||||||
String message = e.getAllErrors().get(0).getDefaultMessage();
|
String message = e.getAllErrors().get(0).getDefaultMessage();
|
||||||
System.err.println(message);
|
System.err.println(message);
|
||||||
assert message != null;
|
assert message != null;
|
||||||
if(message.contains(NumberFormatException)){
|
if(message.contains(NUMBER_FORMAT_EXCEPTION)){
|
||||||
return AjaxResult.error(HttpStatus.FORBIDDEN, "请求参数不正确");
|
return AjaxResult.error(HttpStatus.FORBIDDEN, "请求参数不正确");
|
||||||
}
|
}
|
||||||
return AjaxResult.error(message);
|
return AjaxResult.error(message);
|
||||||
|
|
|
||||||
|
|
@ -27,12 +27,10 @@ public class HeaderInterceptor implements AsyncHandlerInterceptor
|
||||||
{
|
{
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
SecurityContextHolder.setUserId(ServletUtils.getHeader(request, SecurityConstants.DETAILS_USER_ID));
|
SecurityContextHolder.setUserId(ServletUtils.getHeader(request, SecurityConstants.DETAILS_USER_ID));
|
||||||
SecurityContextHolder.setUserName(ServletUtils.getHeader(request, SecurityConstants.DETAILS_USERNAME));
|
SecurityContextHolder.setUserName(ServletUtils.getHeader(request, SecurityConstants.DETAILS_USERNAME));
|
||||||
SecurityContextHolder.setUserKey(ServletUtils.getHeader(request, SecurityConstants.USER_KEY));
|
SecurityContextHolder.setUserKey(ServletUtils.getHeader(request, SecurityConstants.USER_KEY));
|
||||||
|
String token = SecurityUtils.getTokenFromParams();
|
||||||
String token = SecurityUtils.getToken();
|
|
||||||
if (StringUtils.isNotEmpty(token))
|
if (StringUtils.isNotEmpty(token))
|
||||||
{
|
{
|
||||||
LoginUser loginUser = AuthUtil.getLoginUser(token);
|
LoginUser loginUser = AuthUtil.getLoginUser(token);
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,19 @@
|
||||||
|
package com.bonus.common.security.interceptor;
|
||||||
|
|
||||||
|
|
||||||
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author 黑子
|
||||||
|
*/
|
||||||
|
@Configuration
|
||||||
|
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||||
|
@Override
|
||||||
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
|
http.headers()
|
||||||
|
.contentSecurityPolicy("default-src 'self'; script-src 'self' https://trusted.cdn.com;");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -65,7 +65,16 @@ public class SecurityUtils
|
||||||
String token = request.getHeader(TokenConstants.AUTHENTICATION);
|
String token = request.getHeader(TokenConstants.AUTHENTICATION);
|
||||||
return replaceTokenPrefix(token);
|
return replaceTokenPrefix(token);
|
||||||
}
|
}
|
||||||
|
public static String getTokenFromParams() {
|
||||||
|
HttpServletRequest request = ServletUtils.getRequest();
|
||||||
|
assert request != null;
|
||||||
|
// 从header获取token标识
|
||||||
|
String token = request.getHeader(TokenConstants.AUTHENTICATION);
|
||||||
|
if(StringUtils.isEmpty(token)){
|
||||||
|
token= request.getParameter("token");
|
||||||
|
}
|
||||||
|
return replaceTokenPrefix(token);
|
||||||
|
}
|
||||||
/**
|
/**
|
||||||
* 裁剪token前缀
|
* 裁剪token前缀
|
||||||
*/
|
*/
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@ package com.bonus.common.security.xss;
|
||||||
|
|
||||||
import javax.servlet.*;
|
import javax.servlet.*;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -9,17 +10,23 @@ import java.io.IOException;
|
||||||
* @author zys
|
* @author zys
|
||||||
*/
|
*/
|
||||||
public class XssFilter implements Filter {
|
public class XssFilter implements Filter {
|
||||||
|
private String mode = "DENY";
|
||||||
@Override
|
@Override
|
||||||
public void init(FilterConfig filterConfig) throws ServletException {
|
public void init(FilterConfig filterConfig) throws ServletException {
|
||||||
|
System.out.println("限制mode init============"+mode);
|
||||||
|
String configMode = filterConfig.getInitParameter("mode");
|
||||||
|
if ( configMode != null ) {
|
||||||
|
mode = configMode;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
|
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
|
||||||
|
HttpServletResponse res = (HttpServletResponse)servletResponse;
|
||||||
HttpServletRequest request = (HttpServletRequest)servletRequest;
|
HttpServletRequest request = (HttpServletRequest)servletRequest;
|
||||||
XssHttpRequestWrapper requestWrapper = new XssHttpRequestWrapper(request);
|
XssHttpRequestWrapper requestWrapper = new XssHttpRequestWrapper(request);
|
||||||
filterChain.doFilter(requestWrapper,servletResponse);
|
filterChain.doFilter(requestWrapper,servletResponse);
|
||||||
|
res.addHeader("X-FRAME-OPTIONS",mode );
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ import org.springframework.context.annotation.Configuration;
|
||||||
public class XssFilterRegister {
|
public class XssFilterRegister {
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public FilterRegistrationBean<XssFilter> RegistTest1(){
|
public FilterRegistrationBean<XssFilter> registTest1(){
|
||||||
//通过FilterRegistrationBean实例设置优先级可以生效
|
//通过FilterRegistrationBean实例设置优先级可以生效
|
||||||
FilterRegistrationBean<XssFilter> bean = new FilterRegistrationBean<XssFilter>();
|
FilterRegistrationBean<XssFilter> bean = new FilterRegistrationBean<XssFilter>();
|
||||||
//注册自定义过滤器
|
//注册自定义过滤器
|
||||||
|
|
|
||||||
|
|
@ -1,30 +1,30 @@
|
||||||
//package com.bonus.gateway.config;
|
package com.bonus.gateway.config;
|
||||||
//import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
//import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
//import org.springframework.web.cors.CorsConfiguration;
|
import org.springframework.web.cors.CorsConfiguration;
|
||||||
//import org.springframework.web.cors.reactive.CorsWebFilter;
|
import org.springframework.web.cors.reactive.CorsWebFilter;
|
||||||
//import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
|
import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
|
||||||
//import org.springframework.web.util.pattern.PathPatternParser;
|
import org.springframework.web.util.pattern.PathPatternParser;
|
||||||
//
|
|
||||||
///**
|
/**
|
||||||
// * 跨域处理请求配置
|
* 跨域处理请求配置
|
||||||
// * @author 黑子
|
* @author 黑子
|
||||||
// */
|
*/
|
||||||
//@Configuration
|
@Configuration
|
||||||
//public class CorsConfig {
|
public class CorsConfig {
|
||||||
//
|
|
||||||
// @Bean
|
@Bean
|
||||||
// public CorsWebFilter corsWebFilter() {
|
public CorsWebFilter corsWebFilter() {
|
||||||
// CorsConfiguration config = new CorsConfiguration();
|
CorsConfiguration config = new CorsConfiguration();
|
||||||
// config.addAllowedOrigin("*");
|
config.addAllowedOrigin("*");
|
||||||
// config.addAllowedMethod("*");
|
config.addAllowedMethod("*");
|
||||||
// config.addAllowedHeader("*");
|
config.addAllowedHeader("*");
|
||||||
// config.addAllowedOriginPattern("*");
|
config.addAllowedOriginPattern("*");
|
||||||
// config.setAllowCredentials(false);
|
config.setAllowCredentials(false);
|
||||||
// config.setMaxAge(3600L);
|
config.setMaxAge(3600L);
|
||||||
//
|
|
||||||
// UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
||||||
// source.registerCorsConfiguration("/**", config);
|
source.registerCorsConfiguration("/**", config);
|
||||||
// return new CorsWebFilter(source);
|
return new CorsWebFilter(source);
|
||||||
// }
|
}
|
||||||
//}
|
}
|
||||||
Loading…
Reference in New Issue