bonus
/
ah_jjzhgd_service
Template
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

工作填报

This commit is contained in:
cwchen 2025-05-16 11:33:26 +08:00
parent 3003569c1f
commit 19d4134128
1 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
securitycontrol-commons/securitycontrol-commons-security/src/main/java/com/securitycontrol/common/security/interceptor/ParamSecureHandler.java
View File

@ -66,7 +66,7 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
public static String[] SC_URL= new String[]{"/app/index/","/largeScreen/accessMge/",
"/largeScreen/alarmMge/","/largeScreen/constructionQuality/","/largeScreen/operatingEnvironment/",
"/largeScreen/personnelControl/","/largeScreen/scIndex/","/largeScreen/towerAssInspect/",
"/largeScreen/video/","/largeScreen/xcIndex/","/largeScreen/dataAnalysis/","/largeScreen/workReport/","/largeScreen/constrDisplay/"};
"/largeScreen/video/","/largeScreen/xcIndex/","/largeScreen/dataAnalysis/","/largeScreen/constrDisplay/","/largeScreen/workReport/"};
private final String whiteURL = "http://127.0.0.1:18080/";
@ -103,20 +103,23 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
try{
if (!checkIsYq(request)) {
returnJson(response, "越权访问,接口未授权", 401);
return false;
}
}catch (Exception e){
returnJson(response, "令牌不能为空", 401);
return false;
}
// 过滤文件上传功能
if(isFileUpload(request)){
return true;
}
XssRequestWrapper requestWrapper = new XssRequestWrapper(request);
System.out.println("进入了拦截器");
System.err.println(request.getRequestURI());
// System.out.println("进入了拦截器");
// System.err.println(request.getRequestURI());
String requestUrl = requestWrapper.getRequestURI();
/**
@ -141,7 +144,7 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
return false;
}
System.err.println(JSON.toJSONString(request.getParameterMap()));
// System.err.println(JSON.toJSONString(request.getParameterMap()));
/**
* 获取所有跳转路径参数保留传入下个界面
*/
@ -162,8 +165,8 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
*/
String readerParam = requestWrapper.getReaderParam();
// 判断是否是文件上传是不对流参数进行验证
String uplFile = "uploadFile", upImage = "uploadImage";
if (!requestUrl.contains(uplFile) && !requestUrl.contains(upImage)) {
String uplFile = "uploadFile", upImage = "uploadImage", path="pushImageData";
if (!requestUrl.contains(uplFile) && !requestUrl.contains(upImage) && !requestUrl.contains(path)) {
boolean checkReader = checkReader(readerParam, requestUrl);
if (!checkReader) {
returnJson(response, "请求重复", 500);
@ -202,8 +205,12 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
if(SecurityConstants.INNER.equals(head)){
return true;
}
String requestUri = request.getRequestURI();
if(requestUri.contains("files") || requestUri.contains("file")){
return true;
}
if(Arrays.asList(WHITE_URLS).contains(requestUri)){
return true;
}
@ -231,7 +238,7 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
}
}
}
System.out.println("==================越狱记录:========================userId:" + userId + "============是否越狱:" + result);
// System.out.println("==================越狱记录:========================userId:" + userId + "============是否越狱:" + result);
}
if (!result) {
addExceedsAccessLog(requestUri, token);
@ -424,7 +431,7 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
*/
private boolean checkReader(String readerParam, String requestUrl) {
if (SafeUtil.checkScript(readerParam)) {
log.info("请求失败,当前请求参数不安全!请求地址:\n" + requestUrl + "\n不安全参数数据流:" + readerParam);
// log.info("请求失败,当前请求参数不安全!请求地址:\n" + requestUrl + "\n不安全参数数据流:" + readerParam);
return false;
}
return true;