Merge branch 'm33' into 'master'

解决漏洞

See merge request !44

license/src/main/java/iot/sixiang/license/device/DeviceServerHandler.java

@@ -111,7 +111,7 @@ public class DeviceServerHandler extends SimpleChannelInboundHandler<Object> {
     }
 
     @Override
-    public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {
+    public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception{
         // TODO Auto-generated method stub
         super.exceptionCaught(ctx, cause);
         log.debug("设备服务器，exceptionCaught:{}", ctx.channel().id().asLongText());

license/src/main/java/iot/sixiang/license/entity/User.java

@@ -32,7 +32,7 @@ public class User implements Serializable {
     private Integer userId;
 
     @ApiModelProperty("密码")
-    private String password;
+    private transient String password;
 
     @ApiModelProperty("用户名")
     private String userName;

license/src/main/java/iot/sixiang/license/forward/ForwardClientHandler.java

@@ -94,7 +94,7 @@ public class ForwardClientHandler extends SimpleChannelInboundHandler<Object> {
     }
 
     @Override
-    public synchronized void userEventTriggered(ChannelHandlerContext ctx, Object obj) throws Exception {
+    public synchronized void userEventTriggered(ChannelHandlerContext ctx, Object obj) {
         log.debug("桥接客户端，userEventTriggered:{}", ctx.channel().id().asLongText());
     }
 

license/src/main/java/iot/sixiang/license/forward/ForwardConnectionListener.java

@@ -17,7 +17,7 @@ import lombok.extern.slf4j.Slf4j;
 public class ForwardConnectionListener extends BaseConnectionListener {
 
     @Override
-    public void operationComplete(ChannelFuture channelFuture) throws Exception {
+    public void operationComplete(ChannelFuture channelFuture) {
         AlarmService alarmService = SpringUtil.getBean(AlarmService.class);
         if (!channelFuture.isSuccess()) {
             //TODO 失败进行告警

license/src/main/java/iot/sixiang/license/jwt/AuthenticationInterceptor.java

@@ -21,14 +21,14 @@ public class AuthenticationInterceptor implements HandlerInterceptor {
 
 
     @Override
-    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
 
         UserUtils.removeUser();
         UserUtils.removeUri();
     }
 
     @Override
-    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
         response.setHeader("Set-Cookie","HttpOnly");
         return true;
     }

license/src/main/java/iot/sixiang/license/jwt/JwtUtil.java

@@ -66,7 +66,13 @@ public class JwtUtil {
      */
     public static DecodedJWT verifyToken(String token) {
         JWTVerifier verifier = JWT.require(Algorithm.HMAC256(SECRET)).build();
-        DecodedJWT jwt = verifier.verify(token);
+        DecodedJWT jwt = null;
+        try {
+            jwt = verifier.verify(token);
+        } catch ( RuntimeException e) {
+            log.error(e.getMessage());
+            log.error("解析编码异常");
+        }
         return jwt;
     }
 }

license/src/main/java/iot/sixiang/license/net/BaseChannelInitializer.java

@@ -2,13 +2,15 @@ package iot.sixiang.license.net;
 
 import io.netty.channel.ChannelInitializer;
 import io.netty.channel.socket.SocketChannel;
+import lombok.extern.slf4j.Slf4j;
 
+@Slf4j
 public class BaseChannelInitializer extends ChannelInitializer<SocketChannel> {
 
 	@Override
 	protected void initChannel(SocketChannel ch) throws Exception {
 		// TODO Auto-generated method stub
-		System.out.println("重写了initChannel方法");
+		log.info("重写了initChannel方法");
 	}
 
 }

license/src/main/java/iot/sixiang/license/net/BaseConnectionListener.java

@@ -3,16 +3,18 @@ package iot.sixiang.license.net;
 import io.netty.channel.ChannelFuture;
 import io.netty.channel.ChannelFutureListener;
 import lombok.Data;
+import lombok.extern.slf4j.Slf4j;
 
 @Data
+@Slf4j
 public class BaseConnectionListener implements ChannelFutureListener {
 
 	public String appId;
 	public String host;
 	public int port;
 	@Override
-	public void operationComplete(ChannelFuture future) throws Exception {
+	public void operationComplete(ChannelFuture future) {
 		// TODO Auto-generated method stub
-		System.out.println("重写了operationComplete方法");
+		log.info("重写了operationComplete方法");
 	}
 }

license/src/main/java/iot/sixiang/license/net/TcpServer.java

@@ -27,29 +27,26 @@ public class TcpServer {
 				EventLoopGroup bossGroup = new NioEventLoopGroup(4);
 				EventLoopGroup workerGroup = new NioEventLoopGroup(4);
 				log.debug("Tcp服务，开始监听端口:{}",port);
+				//创建服务端的启动对象，设置参数
+				ServerBootstrap b = new ServerBootstrap();
+				//设置两个线程组boosGroup和workerGroup
+				b.group(bossGroup, workerGroup)
+						//设置服务端通道实现类型
+						.channel(NioServerSocketChannel.class)
+//						.handler(new LoggingHandler(LogLevel.INFO))
+						.childHandler(channelInitializer)
+						// 设置tcp缓冲区
+						.option(ChannelOption.SO_BACKLOG, 1024)
+						//设置保持活动连接状态
+						.childOption(ChannelOption.SO_KEEPALIVE, true);
+				ChannelFuture f;
 				try {
-					//创建服务端的启动对象，设置参数
-					ServerBootstrap b = new ServerBootstrap();
-					//设置两个线程组boosGroup和workerGroup
-					b.group(bossGroup, workerGroup)
-							//设置服务端通道实现类型
-							.channel(NioServerSocketChannel.class)
-//							.handler(new LoggingHandler(LogLevel.INFO))
-							.childHandler(channelInitializer)
-							// 设置tcp缓冲区
-							.option(ChannelOption.SO_BACKLOG, 1024)
-							//设置保持活动连接状态
-							.childOption(ChannelOption.SO_KEEPALIVE, true);
-					ChannelFuture f;
-					try {
-						f = b.bind(port).sync();
-						f.channel().closeFuture().sync();
-					} catch (InterruptedException e) {
-						// TODO Auto-generated catch block
-						log.error("Tcp服务异常，端口:{}",port);
-					}
-
-				} finally {
+					f = b.bind(port).sync();
+					f.channel().closeFuture().sync();
+				} catch (InterruptedException e) {
+					// TODO Auto-generated catch block
+					log.error("Tcp服务异常，端口:{}",port);
+				}finally {
 					log.debug("Tcp服务，停止退出");
 					workerGroup.shutdownGracefully();
 					bossGroup.shutdownGracefully();

license/src/main/java/iot/sixiang/license/resource/ResourceManager.java

@@ -22,7 +22,7 @@ public class ResourceManager {
     @Autowired
     ResourceService resourceService;
 
-    public void downloadDeviceInfoExcle(HttpServletResponse response, int userId){
+    public void downloadDeviceInfoExcle(HttpServletResponse response, int userId) throws IOException {
         OutputStream os = null;
         HSSFWorkbook wb = null;
         try {
@@ -115,15 +115,11 @@ public class ResourceManager {
         } catch (IOException e) {
             log.error("Excel表格信息下载异常,{}",e.getMessage());
         } finally {
-            try {
-                if (os != null) {
-                    os.close();
-                }
-                if (wb != null) {
-                    wb.close();
-                }
-            } catch (IOException e) {
-                log.error("Excel表格信息下载异常,{}",e.getMessage());
+            if (os != null) {
+                os.close();
+            }
+            if (wb != null) {
+                wb.close();
             }
         }
     }

license/src/main/java/iot/sixiang/license/util/CommonUtil.java

@@ -85,11 +85,14 @@ public class CommonUtil {
 	public static String getLibFilePathByFileName(String fileName) {
 		String os = System.getProperty("os.name");
 		String serverParentDirectory = getServerParentDirectory();
-		if (os.toLowerCase(Locale.ENGLISH).startsWith("win")) {
-			return serverParentDirectory + File.separator + "lib" + File.separator + fileName + ".dll";
-		} else {
-			return serverParentDirectory + File.separator + "lib" + File.separator + fileName + ".so";
+		if (os != null) {
+			if (os.toLowerCase(Locale.ENGLISH).startsWith("win")) {
+				return serverParentDirectory + File.separator + "lib" + File.separator + fileName + ".dll";
+			} else {
+				return serverParentDirectory + File.separator + "lib" + File.separator + fileName + ".so";
+			}
 		}
+		return "";
 	}
 
 }

license/src/main/java/iot/sixiang/license/util/HexUtil.java

@@ -4,13 +4,13 @@ public class HexUtil {
 
     public static String bytes2hex(byte[] bytes) {
         StringBuilder sb = new StringBuilder();
-        String tmp;
+        StringBuilder tmp;
         sb.append("[");
         for (byte b : bytes) {
             // 将每个字节与0xFF进行与运算，然后转化为10进制，然后借助于Integer再转化为16进制
-            tmp = Integer.toHexString(0xFF & b);
+            tmp = new StringBuilder(Integer.toHexString(0xFF & b));
             if (tmp.length() == 1) {
-                tmp = "0" + tmp;//只有一位的前面补个0
+                tmp = tmp.insert(0, '0');//只有一位的前面补个0
             }
             sb.append(tmp).append(" ");//每个字节用空格断开
         }
@@ -18,4 +18,4 @@ public class HexUtil {
         sb.append("]");
         return sb.toString();
     }
-}
+}
\ No newline at end of file