Commit 6891ea1f authored by zengtianlai3's avatar zengtianlai3

解决未授权下载文件

parent b78f826e
...@@ -3,6 +3,7 @@ package iot.sixiang.license.controller; ...@@ -3,6 +3,7 @@ package iot.sixiang.license.controller;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam; import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import iot.sixiang.license.jwt.UserUtils;
import iot.sixiang.license.log.BusinessType; import iot.sixiang.license.log.BusinessType;
import iot.sixiang.license.log.MyLog; import iot.sixiang.license.log.MyLog;
import iot.sixiang.license.resource.ResourceManager; import iot.sixiang.license.resource.ResourceManager;
...@@ -27,10 +28,9 @@ public class ResourceContrller { ...@@ -27,10 +28,9 @@ public class ResourceContrller {
@ApiOperation(value = "资源下载接口", notes = "用于下载资源") @ApiOperation(value = "资源下载接口", notes = "用于下载资源")
@GetMapping("/download") @GetMapping("/download")
@MyLog(title = "下载资源", optParam = "#{userId}", businessType = BusinessType.OTHER) @MyLog(title = "下载资源", businessType = BusinessType.OTHER)
@ApiImplicitParam(name = "userId",value = "用户Id",required = true, dataType = "int") public void downloadWorkHourRecordTemplate(HttpServletResponse response) {
public void downloadWorkHourRecordTemplate(HttpServletResponse response, @RequestParam(value = "userId") int userId) { int userId = Integer.valueOf(XssUtil.checkXSS(UserUtils.getLoginUserId()));
userId = Integer.valueOf(XssUtil.checkXSS(String.valueOf(userId)));
resourceManager.downloadDeviceInfoExcle(response, userId); resourceManager.downloadDeviceInfoExcle(response, userId);
} }
......
...@@ -16,8 +16,6 @@ import java.util.Map; ...@@ -16,8 +16,6 @@ import java.util.Map;
@WebFilter(filterName = "jwtFilter", urlPatterns = "/*") @WebFilter(filterName = "jwtFilter", urlPatterns = "/*")
public class JwtFilter implements Filter { public class JwtFilter implements Filter {
private static final String url1 = "/login"; private static final String url1 = "/login";
private static final String url2 = "/resource";
private static final String url3 = "/doc.html"; private static final String url3 = "/doc.html";
private static final String url4 = "/v2/api-docs"; private static final String url4 = "/v2/api-docs";
private static final String url7 = "/swagger-resources"; private static final String url7 = "/swagger-resources";
...@@ -44,8 +42,8 @@ public class JwtFilter implements Filter { ...@@ -44,8 +42,8 @@ public class JwtFilter implements Filter {
boolean check = true; boolean check = true;
String uri = request.getRequestURI(); String uri = request.getRequestURI();
if (uri.contains(url1) || uri.contains(url2) || uri.contains(url3) || uri.contains(url4) || uri.contains(url7) || uri.contains(url8)) { if (uri.contains(url1)|| uri.contains(url3) || uri.contains(url4) || uri.contains(url7) || uri.contains(url8)) {
if (uri.contains(url1) || uri.contains(url2)) { if (uri.contains(url1)) {
uri = XssUtil.checkXSS(uri); uri = XssUtil.checkXSS(uri);
UserUtils.setUri(uri); UserUtils.setUri(uri);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment