增加页面过滤器,提高系统安全性
This commit is contained in:
季圣华
@@ -139,7 +139,6 @@
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
UserOut(); //初始化时候执行
|
UserOut(); //初始化时候执行
|
||||||
setInterval(UserOut, 10000); //每10秒检测一次
|
|
||||||
});
|
});
|
||||||
|
|
||||||
</script>
|
</script>
|
||||||
|
|||||||
@@ -5,12 +5,14 @@ import org.springframework.beans.factory.annotation.Qualifier;
|
|||||||
import org.springframework.boot.SpringApplication;
|
import org.springframework.boot.SpringApplication;
|
||||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletAutoConfiguration;
|
import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletAutoConfiguration;
|
||||||
|
import org.springframework.boot.web.servlet.ServletComponentScan;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.scheduling.annotation.EnableScheduling;
|
import org.springframework.scheduling.annotation.EnableScheduling;
|
||||||
import org.springframework.web.servlet.DispatcherServlet;
|
import org.springframework.web.servlet.DispatcherServlet;
|
||||||
|
|
||||||
@SpringBootApplication
|
@SpringBootApplication
|
||||||
@MapperScan(basePackages = {"com.jsh.erp.datasource.mappers"})
|
@MapperScan(basePackages = {"com.jsh.erp.datasource.mappers"})
|
||||||
|
@ServletComponentScan
|
||||||
@EnableScheduling
|
@EnableScheduling
|
||||||
public class ErpApplication{
|
public class ErpApplication{
|
||||||
public static void main(String[] args) {
|
public static void main(String[] args) {
|
||||||
|
|||||||
92
src/main/java/com/jsh/erp/filter/LogCostFilter.java
Normal file
92
src/main/java/com/jsh/erp/filter/LogCostFilter.java
Normal file
@@ -0,0 +1,92 @@
|
|||||||
|
package com.jsh.erp.filter;
|
||||||
|
|
||||||
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
|
import org.springframework.util.StringUtils;
|
||||||
|
|
||||||
|
import javax.servlet.*;
|
||||||
|
import javax.servlet.annotation.WebFilter;
|
||||||
|
import javax.servlet.annotation.WebInitParam;
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.regex.Matcher;
|
||||||
|
import java.util.regex.Pattern;
|
||||||
|
|
||||||
|
@WebFilter(filterName = "LogCostFilter", urlPatterns = {"/*"},
|
||||||
|
initParams = {@WebInitParam(name = "ignoredUrl", value = ".css#.js#.jpg#.png#.gif#.ico"),
|
||||||
|
@WebInitParam(name = "filterPath", value = "/user/login")})
|
||||||
|
public class LogCostFilter implements Filter {
|
||||||
|
|
||||||
|
private static final String FILTER_PATH = "filterPath";
|
||||||
|
private static final String IGNORED_PATH = "ignoredUrl";
|
||||||
|
|
||||||
|
private static final List<String> ignoredList = new ArrayList<>();
|
||||||
|
private String[] allowUrls;
|
||||||
|
private String[] ignoredUrls;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void init(FilterConfig filterConfig) throws ServletException {
|
||||||
|
String filterPath = filterConfig.getInitParameter(FILTER_PATH);
|
||||||
|
if (!StringUtils.isEmpty(filterPath)) {
|
||||||
|
allowUrls = filterPath.contains("#") ? filterPath.split("#") : new String[]{filterPath};
|
||||||
|
}
|
||||||
|
|
||||||
|
String ignoredPath = filterConfig.getInitParameter(IGNORED_PATH);
|
||||||
|
if (!StringUtils.isEmpty(ignoredPath)) {
|
||||||
|
ignoredUrls = ignoredPath.contains("#") ? ignoredPath.split("#") : new String[]{ignoredPath};
|
||||||
|
for (String ignoredUrl : ignoredUrls) {
|
||||||
|
ignoredList.add(ignoredUrl);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@Override
|
||||||
|
public void doFilter(ServletRequest request, ServletResponse response,
|
||||||
|
FilterChain chain) throws IOException, ServletException {
|
||||||
|
HttpServletRequest servletRequest = (HttpServletRequest) request;
|
||||||
|
HttpServletResponse servletResponse = (HttpServletResponse) response;
|
||||||
|
String requestUrl = servletRequest.getRequestURI();
|
||||||
|
//具体,比如:处理若用户未登录,则跳转到登录页
|
||||||
|
Object userInfo = servletRequest.getSession().getAttribute("user");
|
||||||
|
if(userInfo!=null) { //如果已登录,不阻止
|
||||||
|
chain.doFilter(request, response);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (requestUrl != null && requestUrl.contains("/login.html")) {
|
||||||
|
chain.doFilter(request, response);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (verify(ignoredList, requestUrl)) {
|
||||||
|
chain.doFilter(servletRequest, response);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (null != allowUrls && allowUrls.length > 0) {
|
||||||
|
for (String url : allowUrls) {
|
||||||
|
if (requestUrl.startsWith(url)) {
|
||||||
|
chain.doFilter(request, response);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
servletResponse.sendRedirect("/login.html");
|
||||||
|
}
|
||||||
|
|
||||||
|
private static String regexPrefix = "^.*";
|
||||||
|
private static String regexSuffix = ".*$";
|
||||||
|
|
||||||
|
private static boolean verify(List<String> ignoredList, String url) {
|
||||||
|
for (String regex : ignoredList) {
|
||||||
|
Pattern pattern = Pattern.compile(regexPrefix + regex + regexSuffix);
|
||||||
|
Matcher matcher = pattern.matcher(url);
|
||||||
|
if (matcher.matches()) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
@Override
|
||||||
|
public void destroy() {
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user