Commit c9c45b60 authored by AfirSraftGarrier's avatar AfirSraftGarrier

不安全的框架绑定

parent 06640090
...@@ -26,6 +26,11 @@ import org.springframework.web.bind.annotation.RestController; ...@@ -26,6 +26,11 @@ import org.springframework.web.bind.annotation.RestController;
@Api(value = "数据脱敏", tags = {"数据脱敏"}) @Api(value = "数据脱敏", tags = {"数据脱敏"})
public class MaskingController { public class MaskingController {
@InitBinder
public void initBinder(WebDataBinder binder) {
binder.setDisallowedFields(new String[]{"adminCome"});
}
@ApiOperation(value = "数据脱敏") @ApiOperation(value = "数据脱敏")
@PostMapping("/desensitize") @PostMapping("/desensitize")
public ResResult<MaskingVo> encrypt(@RequestBody MaskingVo maskingVo) { public ResResult<MaskingVo> encrypt(@RequestBody MaskingVo maskingVo) {
...@@ -40,9 +45,8 @@ public class MaskingController { ...@@ -40,9 +45,8 @@ public class MaskingController {
MaskingVo vo = new MaskingVo(); MaskingVo vo = new MaskingVo();
vo.setUserName(ESAPI.encoder().encodeForHTML(CommonUtil.nameDesensitization(maskingVo.getUserName()))); vo.setUserName(ESAPI.encoder().encodeForHTML(CommonUtil.nameDesensitization(maskingVo.getUserName())));
vo.setIdCard(ESAPI.encoder().encodeForHTML(CommonUtil.idCardEncrypt(maskingVo.getIdCard()))); vo.setIdCard(CommonUtil.idCardEncrypt(maskingVo.getIdCard()));
return ResResult.success().goRecord(vo); return ResResult.success().goRecord(vo);
} }
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment