修改服务bug漏洞及未修改的服务
This commit is contained in:
parent
10a6b034ac
commit
f183fea015
|
|
@ -27,7 +27,10 @@
|
|||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-actuator</artifactId>
|
||||
</dependency>
|
||||
<!-- SpringCloud Alibaba Nacos Config -->
|
||||
<dependency>
|
||||
<groupId>com.alibaba.cloud</groupId>
|
||||
|
|
|
|||
|
|
@ -36,3 +36,15 @@ spring:
|
|||
namespace: @name.space@
|
||||
username: @username@
|
||||
password: @password@
|
||||
|
||||
management:
|
||||
server:
|
||||
port: -1
|
||||
endpoints:
|
||||
web:
|
||||
exposure:
|
||||
exclude: []
|
||||
enabled-by-default: false
|
||||
endpoint:
|
||||
beans:
|
||||
enabled: false
|
||||
|
|
@ -12,6 +12,9 @@ public class TokenConstants
|
|||
*/
|
||||
public static final String AUTHENTICATION = "Authorization";
|
||||
|
||||
|
||||
public static final String TOKEN_HEAD = "token";
|
||||
|
||||
/**
|
||||
* 令牌前缀
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -39,7 +39,12 @@ public class JwtUtils
|
|||
*/
|
||||
public static Claims parseToken(String token)
|
||||
{
|
||||
return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
|
||||
try{
|
||||
return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
|
||||
}catch (Exception e){
|
||||
System.err.println("token不正确--->"+token);
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -26,6 +26,10 @@ import com.bonus.common.core.web.domain.AjaxResult;
|
|||
public class GlobalExceptionHandler
|
||||
{
|
||||
private static final Logger log = LoggerFactory.getLogger(GlobalExceptionHandler.class);
|
||||
public final static String BODY_ERROR="Required request body is missing:";
|
||||
|
||||
public final static String DATA_ERROR="Data truncation: Data too long for";
|
||||
public final static String NUMBER_FORMAT_EXCEPTION ="java.lang.NumberFormatException";
|
||||
|
||||
/**
|
||||
* 权限码异常
|
||||
|
|
@ -79,6 +83,16 @@ public class GlobalExceptionHandler
|
|||
public AjaxResult handleRuntimeException(RuntimeException e, HttpServletRequest request)
|
||||
{
|
||||
String requestURI = request.getRequestURI();
|
||||
String msg=e.getMessage();
|
||||
if (StringUtils.hasText(msg)) {
|
||||
if (msg.contains(BODY_ERROR)){
|
||||
return AjaxResult.error("post请求body参数不能为空");
|
||||
}
|
||||
if (msg.contains(DATA_ERROR)){
|
||||
return AjaxResult.error("数据长度过长");
|
||||
}
|
||||
}
|
||||
|
||||
log.error("请求地址'{}',发生未知异常.", requestURI, e);
|
||||
return AjaxResult.error(e.getMessage());
|
||||
}
|
||||
|
|
@ -102,6 +116,12 @@ public class GlobalExceptionHandler
|
|||
{
|
||||
log.error(e.getMessage(), e);
|
||||
String message = e.getAllErrors().get(0).getDefaultMessage();
|
||||
|
||||
assert message != null;
|
||||
if(message.contains(NUMBER_FORMAT_EXCEPTION)){
|
||||
return AjaxResult.error(HttpStatus.FORBIDDEN, "请求参数不正确");
|
||||
}
|
||||
|
||||
return AjaxResult.error(message);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,44 @@
|
|||
package com.bonus.gateway.config;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* @author 黑子
|
||||
*/
|
||||
public class AuthWriteUtils {
|
||||
|
||||
|
||||
public static boolean endWith(String url){
|
||||
if(url.endsWith(".js")){
|
||||
return true;
|
||||
}else if(url.endsWith(".ttf")){
|
||||
return true;
|
||||
}else if(url.endsWith(".woff2")){
|
||||
return true;
|
||||
}else if(url.endsWith(".woff")){
|
||||
return true;
|
||||
}else if(url.endsWith(".ico")){
|
||||
return true;
|
||||
}else if(url.endsWith(".css")){
|
||||
return true;
|
||||
}else if(url.endsWith(".jpg")){
|
||||
return true;
|
||||
}else if(url.endsWith(".png")){
|
||||
return true;
|
||||
}else if(url.endsWith(".html")){
|
||||
return true;
|
||||
}else {
|
||||
return url.endsWith(".jpeg");
|
||||
}
|
||||
|
||||
}
|
||||
public static List<String> getBlackUrl(){
|
||||
List<String> whiteUrl=new ArrayList<>();
|
||||
whiteUrl.add("/bmw/**");
|
||||
whiteUrl.add("/file/file/ynRealName/**");
|
||||
return whiteUrl;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
package com.bonus.gateway.config;
|
||||
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||
import org.springframework.boot.autoconfigure.web.ServerProperties;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.server.reactive.ServerHttpRequest;
|
||||
import org.springframework.web.server.ResponseStatusException;
|
||||
import org.springframework.web.server.WebFilter;
|
||||
|
||||
/**
|
||||
* @author HeiZi
|
||||
*/
|
||||
@Configuration
|
||||
public class ContextPathConfig {
|
||||
|
||||
@Bean
|
||||
@ConditionalOnProperty("server.servlet.context-path")
|
||||
@Order(Ordered.HIGHEST_PRECEDENCE)
|
||||
public WebFilter contextPathWebFilter(ServerProperties serverProperties){
|
||||
String contextPath = serverProperties.getServlet().getContextPath();
|
||||
return (serverWebExchange, webFilterChain) ->{
|
||||
ServerHttpRequest request = serverWebExchange.getRequest();
|
||||
String requestPath = request.getURI().getPath();
|
||||
|
||||
if(requestPath.contains(contextPath)){
|
||||
String newPath = requestPath.replaceFirst(contextPath+"/", "");
|
||||
ServerHttpRequest newRequest = request.mutate()
|
||||
.path(newPath).build();
|
||||
return webFilterChain.filter(serverWebExchange.mutate()
|
||||
.request(newRequest)
|
||||
.build()
|
||||
);
|
||||
}else {
|
||||
throw new ResponseStatusException(HttpStatus.NOT_FOUND);
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
package com.bonus.gateway.config;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.web.cors.CorsConfiguration;
|
||||
import org.springframework.web.cors.reactive.CorsWebFilter;
|
||||
import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
|
||||
import org.springframework.web.util.pattern.PathPatternParser;
|
||||
|
||||
/**
|
||||
* 跨域处理请求配置
|
||||
* @author 黑子
|
||||
*/
|
||||
@Configuration
|
||||
public class CorsConfig {
|
||||
|
||||
@Bean
|
||||
public CorsWebFilter corsWebFilter() {
|
||||
CorsConfiguration config = new CorsConfiguration();
|
||||
config.addAllowedOrigin("*");
|
||||
config.addAllowedMethod("*");
|
||||
config.addAllowedHeader("*");
|
||||
config.addAllowedOriginPattern("*");
|
||||
config.setAllowCredentials(false);
|
||||
config.setMaxAge(3600L);
|
||||
|
||||
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
|
||||
source.registerCorsConfiguration("/**", config);
|
||||
return new CorsWebFilter(source);
|
||||
}
|
||||
}
|
||||
|
|
@ -1,5 +1,6 @@
|
|||
package com.bonus.gateway.filter;
|
||||
|
||||
import com.bonus.gateway.config.AuthWriteUtils;
|
||||
import com.bonus.gateway.config.properties.IgnoreWhiteProperties;
|
||||
import com.bonus.common.core.constant.CacheConstants;
|
||||
import com.bonus.common.core.constant.HttpStatus;
|
||||
|
|
@ -18,6 +19,7 @@ import org.springframework.cloud.gateway.filter.GlobalFilter;
|
|||
import org.springframework.core.Ordered;
|
||||
import org.springframework.http.server.reactive.ServerHttpRequest;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.util.MultiValueMap;
|
||||
import org.springframework.web.server.ServerWebExchange;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
|
|
@ -46,6 +48,13 @@ public class AuthFilter implements GlobalFilter, Ordered
|
|||
ServerHttpRequest.Builder mutate = request.mutate();
|
||||
|
||||
String url = request.getURI().getPath();
|
||||
if (StringUtils.matches(url, AuthWriteUtils.getBlackUrl()))
|
||||
{
|
||||
if(AuthWriteUtils.endWith(url)){
|
||||
return chain.filter(exchange);
|
||||
}
|
||||
}
|
||||
|
||||
// 跳过不需要验证的路径
|
||||
if (StringUtils.matches(url, ignoreWhite.getWhites()))
|
||||
{
|
||||
|
|
@ -124,7 +133,20 @@ public class AuthFilter implements GlobalFilter, Ordered
|
|||
{
|
||||
token = token.replaceFirst(TokenConstants.PREFIX, StringUtils.EMPTY);
|
||||
}
|
||||
if(StringUtils.isEmpty(token)){
|
||||
String hed="token";
|
||||
String nl="null";
|
||||
MultiValueMap<String, String> tokens= request.getQueryParams();
|
||||
token = request.getHeaders().getFirst(TokenConstants.TOKEN_HEAD);
|
||||
if(tokens.get(hed)!=null && !tokens.get(hed).isEmpty()){
|
||||
token =tokens.get("token").get(0);
|
||||
if(nl.equals(token)){
|
||||
token=null;
|
||||
}
|
||||
}
|
||||
}
|
||||
return token;
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -1,6 +1,8 @@
|
|||
# Tomcat
|
||||
server:
|
||||
port: 39100
|
||||
servlet:
|
||||
context-path: lpRealName
|
||||
|
||||
# Spring
|
||||
spring:
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
# Tomcat
|
||||
server:
|
||||
port: 31913
|
||||
servlet:
|
||||
context-path: /app
|
||||
# servlet:
|
||||
# context-path: /app
|
||||
|
||||
# Spring
|
||||
spring:
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
# Tomcat
|
||||
server:
|
||||
port: 31912
|
||||
servlet:
|
||||
context-path: /bmw
|
||||
# servlet:
|
||||
# context-path: /bmw
|
||||
|
||||
# Spring
|
||||
spring:
|
||||
|
|
@ -35,4 +35,15 @@ spring:
|
|||
|
||||
devtools:
|
||||
restart:
|
||||
enabled: false
|
||||
management:
|
||||
server:
|
||||
port: -1
|
||||
endpoints:
|
||||
web:
|
||||
exposure:
|
||||
exclude: []
|
||||
enabled-by-default: false
|
||||
endpoint:
|
||||
beans:
|
||||
enabled: false
|
||||
|
|
@ -1,5 +1,14 @@
|
|||
let Authorization = localStorage.getItem("smz-token");
|
||||
|
||||
|
||||
$(document).ajaxSuccess(function (event, xhr, settings, data) {
|
||||
if(data.code===401){
|
||||
localStorage.removeItem("smz-token");
|
||||
top.location.href = IP_URL + '/bmw/login.html';
|
||||
}
|
||||
return data;
|
||||
});
|
||||
|
||||
$.ajaxSetup({
|
||||
cache : false,
|
||||
headers : {
|
||||
|
|
@ -22,7 +31,7 @@ $.ajaxSetup({
|
|||
layer.msg(message);
|
||||
} else if (code == 401) {
|
||||
localStorage.removeItem("smz-token");
|
||||
location.href = '/login.html';
|
||||
top.location.href = IP_URL + '/bmw/login.html';
|
||||
} else if (code == 403) {
|
||||
console.log("未授权:" + message);
|
||||
layer.msg('未授权');
|
||||
|
|
|
|||
|
|
@ -1,14 +1,15 @@
|
|||
var ctxPath = getContextPath();
|
||||
var currentHostname = window.location.hostname;
|
||||
let IP_URL="http://127.0.0.1:39100/lpRealName"
|
||||
let ctxPath = IP_URL+"/bmw";
|
||||
let currentHostname = window.location.hostname;
|
||||
|
||||
|
||||
//测试
|
||||
var loginPath = "http://" + currentHostname + ":39200";//auth
|
||||
var systemPath = "http://" + currentHostname + ":31910";//system
|
||||
var fileUrl = "http://" + currentHostname + ":31909/file";
|
||||
var planUrl = "http://" + currentHostname + ":1918/ynPlan";
|
||||
var filePath = "http://" + currentHostname + ":31909/file";
|
||||
var oiPlanUrl = "http://" + currentHostname + ":31914/oiPlan";
|
||||
let loginPath =IP_URL+"/auth"//auth
|
||||
let systemPath = IP_URL+"/system";//system
|
||||
let fileUrl = IP_URL+"/file"; // ":31909/file";
|
||||
let planUrl = IP_URL+"/ynPlan"; // + ":1918/ynPlan";
|
||||
let filePath = IP_URL+"/file"; //+ ":31909/file";
|
||||
let oiPlanUrl = IP_URL+"/oiPlan"; //+ ":31914/oiPlan";
|
||||
//正式环境
|
||||
// var loginPath = "http://" + currentHostname + ":14413/auth";
|
||||
// var systemPath = "http://" + currentHostname + ":14413/system";
|
||||
|
|
|
|||
|
|
@ -24,7 +24,10 @@
|
|||
<scope>system</scope>
|
||||
<systemPath>${project.basedir}/lib/aspose-words-15.8.0-jdk16.jar</systemPath>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-actuator</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>aspose</groupId>
|
||||
<artifactId>aspose-slide</artifactId>
|
||||
|
|
|
|||
|
|
@ -30,4 +30,16 @@ spring:
|
|||
- application-${spring.profiles.active}.${spring.cloud.nacos.config.file-extension}
|
||||
namespace: @name.space@
|
||||
# username: @username@
|
||||
# password: @password@
|
||||
# password: @password@
|
||||
|
||||
management:
|
||||
server:
|
||||
port: -1
|
||||
endpoints:
|
||||
web:
|
||||
exposure:
|
||||
exclude: []
|
||||
enabled-by-default: false
|
||||
endpoint:
|
||||
beans:
|
||||
enabled: false
|
||||
|
|
@ -1,8 +1,8 @@
|
|||
# Tomcat
|
||||
server:
|
||||
port: 31917
|
||||
servlet:
|
||||
context-path: /line
|
||||
# servlet:
|
||||
# context-path: /line
|
||||
|
||||
# Spring
|
||||
spring:
|
||||
|
|
|
|||
|
|
@ -13,8 +13,8 @@ server:
|
|||
buffered: true
|
||||
requestAttributesEnabled: true
|
||||
port: 31914
|
||||
servlet:
|
||||
context-path: /oiPlan
|
||||
# servlet:
|
||||
# context-path: /oiPlan
|
||||
#
|
||||
environment: @profiles.active@
|
||||
|
||||
|
|
|
|||
|
|
@ -36,3 +36,4 @@ spring:
|
|||
namespace: @name.space@
|
||||
username: @username@
|
||||
password: @password@
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue