Commit 0d1e7daa authored by zengtianlai3's avatar zengtianlai3

添加白名单

parent e3a650f8
......@@ -4,6 +4,7 @@ import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
import iot.sixiang.license.xss.XssUtil;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.util.StringUtils;
import javax.servlet.*;
......@@ -34,9 +35,9 @@ public class JwtFilter implements Filter {
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
response.setHeader("Set-Cookie","cookiename=cookievalue; path=/; Domain=domainvaule; Max-age=seconds; HttpOnly");
response.setHeader("Set-Cookie", "cookiename=cookievalue; path=/; Domain=domainvaule; Max-age=seconds; HttpOnly");
response.setContentType("text/html; charset=utf-8");
if ("OPTIONS".equals(request.getMethod()) || "HEAD".equals(request.getMethod())) {
if (!"GET".equals(request.getMethod()) && !"POST".equals(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
ServletOutputStream outputStream = response.getOutputStream();
outputStream.write(new String("不安全的请求".getBytes(), StandardCharsets.UTF_8).getBytes());
......@@ -48,7 +49,7 @@ public class JwtFilter implements Filter {
boolean check = true;
String uri = request.getRequestURI();
if (uri.contains(url1)|| uri.contains(url2) || uri.contains(url3) || uri.contains(url4) || uri.contains(url7) || uri.contains(url8)) {
if (uri.contains(url1) || uri.contains(url2) || uri.contains(url3) || uri.contains(url4) || uri.contains(url7) || uri.contains(url8)) {
if (uri.contains(url1)) {
uri = XssUtil.checkXSS(uri);
UserUtils.setUri(uri);
......@@ -61,18 +62,18 @@ public class JwtFilter implements Filter {
}
if (StringUtils.isEmpty(token)) {
request.setAttribute("msg","认证信息不能为空");
request.getRequestDispatcher("/fail").forward(request, response);
request.setAttribute("msg", "认证信息不能为空");
request.getRequestDispatcher("/iot_license/fail").forward(request, response);
} else {
DecodedJWT jwt = JwtUtil.verifyToken(token);
if (jwt == null) {
request.setAttribute("msg","认证信息非法");
request.getRequestDispatcher("/fail").forward(request, response);
request.setAttribute("msg", "认证信息非法");
request.getRequestDispatcher("/iot_license/fail").forward(request, response);
} else {
Map<String, Claim> userData = jwt.getClaims();
if (userData == null) {
request.setAttribute("msg","认证信息非法");
request.getRequestDispatcher("/fail").forward(request, response);
request.setAttribute("msg", "认证信息非法");
request.getRequestDispatcher("/iot_license/fail").forward(request, response);
return;
}
String userId = userData.get("userId").asString();
......@@ -88,8 +89,8 @@ public class JwtFilter implements Filter {
} else {
UserUtils.removeToken(userId);
UserUtils.removeTokenExp(userId);
request.setAttribute("msg","token已失效");
request.getRequestDispatcher("/fail").forward(request, response);
request.setAttribute("msg", "token已失效");
request.getRequestDispatcher("/iot_license/fail").forward(request, response);
}
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment