Commit eb48ade2 authored by zengtianlai3's avatar zengtianlai3

Merge branch 'm33' into 'master'

解决漏洞

See merge request !44
parents 47837199 e1d56c3f
...@@ -111,7 +111,7 @@ public class DeviceServerHandler extends SimpleChannelInboundHandler<Object> { ...@@ -111,7 +111,7 @@ public class DeviceServerHandler extends SimpleChannelInboundHandler<Object> {
} }
@Override @Override
public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception { public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception{
// TODO Auto-generated method stub // TODO Auto-generated method stub
super.exceptionCaught(ctx, cause); super.exceptionCaught(ctx, cause);
log.debug("设备服务器,exceptionCaught:{}", ctx.channel().id().asLongText()); log.debug("设备服务器,exceptionCaught:{}", ctx.channel().id().asLongText());
......
...@@ -32,7 +32,7 @@ public class User implements Serializable { ...@@ -32,7 +32,7 @@ public class User implements Serializable {
private Integer userId; private Integer userId;
@ApiModelProperty("密码") @ApiModelProperty("密码")
private String password; private transient String password;
@ApiModelProperty("用户名") @ApiModelProperty("用户名")
private String userName; private String userName;
......
...@@ -94,7 +94,7 @@ public class ForwardClientHandler extends SimpleChannelInboundHandler<Object> { ...@@ -94,7 +94,7 @@ public class ForwardClientHandler extends SimpleChannelInboundHandler<Object> {
} }
@Override @Override
public synchronized void userEventTriggered(ChannelHandlerContext ctx, Object obj) throws Exception { public synchronized void userEventTriggered(ChannelHandlerContext ctx, Object obj) {
log.debug("桥接客户端,userEventTriggered:{}", ctx.channel().id().asLongText()); log.debug("桥接客户端,userEventTriggered:{}", ctx.channel().id().asLongText());
} }
......
...@@ -17,7 +17,7 @@ import lombok.extern.slf4j.Slf4j; ...@@ -17,7 +17,7 @@ import lombok.extern.slf4j.Slf4j;
public class ForwardConnectionListener extends BaseConnectionListener { public class ForwardConnectionListener extends BaseConnectionListener {
@Override @Override
public void operationComplete(ChannelFuture channelFuture) throws Exception { public void operationComplete(ChannelFuture channelFuture) {
AlarmService alarmService = SpringUtil.getBean(AlarmService.class); AlarmService alarmService = SpringUtil.getBean(AlarmService.class);
if (!channelFuture.isSuccess()) { if (!channelFuture.isSuccess()) {
//TODO 失败进行告警 //TODO 失败进行告警
......
...@@ -21,14 +21,14 @@ public class AuthenticationInterceptor implements HandlerInterceptor { ...@@ -21,14 +21,14 @@ public class AuthenticationInterceptor implements HandlerInterceptor {
@Override @Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
UserUtils.removeUser(); UserUtils.removeUser();
UserUtils.removeUri(); UserUtils.removeUri();
} }
@Override @Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
response.setHeader("Set-Cookie","HttpOnly"); response.setHeader("Set-Cookie","HttpOnly");
return true; return true;
} }
......
...@@ -66,7 +66,13 @@ public class JwtUtil { ...@@ -66,7 +66,13 @@ public class JwtUtil {
*/ */
public static DecodedJWT verifyToken(String token) { public static DecodedJWT verifyToken(String token) {
JWTVerifier verifier = JWT.require(Algorithm.HMAC256(SECRET)).build(); JWTVerifier verifier = JWT.require(Algorithm.HMAC256(SECRET)).build();
DecodedJWT jwt = verifier.verify(token); DecodedJWT jwt = null;
try {
jwt = verifier.verify(token);
} catch ( RuntimeException e) {
log.error(e.getMessage());
log.error("解析编码异常");
}
return jwt; return jwt;
} }
} }
...@@ -2,13 +2,15 @@ package iot.sixiang.license.net; ...@@ -2,13 +2,15 @@ package iot.sixiang.license.net;
import io.netty.channel.ChannelInitializer; import io.netty.channel.ChannelInitializer;
import io.netty.channel.socket.SocketChannel; import io.netty.channel.socket.SocketChannel;
import lombok.extern.slf4j.Slf4j;
@Slf4j
public class BaseChannelInitializer extends ChannelInitializer<SocketChannel> { public class BaseChannelInitializer extends ChannelInitializer<SocketChannel> {
@Override @Override
protected void initChannel(SocketChannel ch) throws Exception { protected void initChannel(SocketChannel ch) throws Exception {
// TODO Auto-generated method stub // TODO Auto-generated method stub
System.out.println("重写了initChannel方法"); log.info("重写了initChannel方法");
} }
} }
...@@ -3,16 +3,18 @@ package iot.sixiang.license.net; ...@@ -3,16 +3,18 @@ package iot.sixiang.license.net;
import io.netty.channel.ChannelFuture; import io.netty.channel.ChannelFuture;
import io.netty.channel.ChannelFutureListener; import io.netty.channel.ChannelFutureListener;
import lombok.Data; import lombok.Data;
import lombok.extern.slf4j.Slf4j;
@Data @Data
@Slf4j
public class BaseConnectionListener implements ChannelFutureListener { public class BaseConnectionListener implements ChannelFutureListener {
public String appId; public String appId;
public String host; public String host;
public int port; public int port;
@Override @Override
public void operationComplete(ChannelFuture future) throws Exception { public void operationComplete(ChannelFuture future) {
// TODO Auto-generated method stub // TODO Auto-generated method stub
System.out.println("重写了operationComplete方法"); log.info("重写了operationComplete方法");
} }
} }
...@@ -27,29 +27,26 @@ public class TcpServer { ...@@ -27,29 +27,26 @@ public class TcpServer {
EventLoopGroup bossGroup = new NioEventLoopGroup(4); EventLoopGroup bossGroup = new NioEventLoopGroup(4);
EventLoopGroup workerGroup = new NioEventLoopGroup(4); EventLoopGroup workerGroup = new NioEventLoopGroup(4);
log.debug("Tcp服务,开始监听端口:{}",port); log.debug("Tcp服务,开始监听端口:{}",port);
//创建服务端的启动对象,设置参数
ServerBootstrap b = new ServerBootstrap();
//设置两个线程组boosGroup和workerGroup
b.group(bossGroup, workerGroup)
//设置服务端通道实现类型
.channel(NioServerSocketChannel.class)
// .handler(new LoggingHandler(LogLevel.INFO))
.childHandler(channelInitializer)
// 设置tcp缓冲区
.option(ChannelOption.SO_BACKLOG, 1024)
//设置保持活动连接状态
.childOption(ChannelOption.SO_KEEPALIVE, true);
ChannelFuture f;
try { try {
//创建服务端的启动对象,设置参数 f = b.bind(port).sync();
ServerBootstrap b = new ServerBootstrap(); f.channel().closeFuture().sync();
//设置两个线程组boosGroup和workerGroup } catch (InterruptedException e) {
b.group(bossGroup, workerGroup) // TODO Auto-generated catch block
//设置服务端通道实现类型 log.error("Tcp服务异常,端口:{}",port);
.channel(NioServerSocketChannel.class) }finally {
// .handler(new LoggingHandler(LogLevel.INFO))
.childHandler(channelInitializer)
// 设置tcp缓冲区
.option(ChannelOption.SO_BACKLOG, 1024)
//设置保持活动连接状态
.childOption(ChannelOption.SO_KEEPALIVE, true);
ChannelFuture f;
try {
f = b.bind(port).sync();
f.channel().closeFuture().sync();
} catch (InterruptedException e) {
// TODO Auto-generated catch block
log.error("Tcp服务异常,端口:{}",port);
}
} finally {
log.debug("Tcp服务,停止退出"); log.debug("Tcp服务,停止退出");
workerGroup.shutdownGracefully(); workerGroup.shutdownGracefully();
bossGroup.shutdownGracefully(); bossGroup.shutdownGracefully();
......
...@@ -22,7 +22,7 @@ public class ResourceManager { ...@@ -22,7 +22,7 @@ public class ResourceManager {
@Autowired @Autowired
ResourceService resourceService; ResourceService resourceService;
public void downloadDeviceInfoExcle(HttpServletResponse response, int userId){ public void downloadDeviceInfoExcle(HttpServletResponse response, int userId) throws IOException {
OutputStream os = null; OutputStream os = null;
HSSFWorkbook wb = null; HSSFWorkbook wb = null;
try { try {
...@@ -115,15 +115,11 @@ public class ResourceManager { ...@@ -115,15 +115,11 @@ public class ResourceManager {
} catch (IOException e) { } catch (IOException e) {
log.error("Excel表格信息下载异常,{}",e.getMessage()); log.error("Excel表格信息下载异常,{}",e.getMessage());
} finally { } finally {
try { if (os != null) {
if (os != null) { os.close();
os.close(); }
} if (wb != null) {
if (wb != null) { wb.close();
wb.close();
}
} catch (IOException e) {
log.error("Excel表格信息下载异常,{}",e.getMessage());
} }
} }
} }
......
...@@ -85,11 +85,14 @@ public class CommonUtil { ...@@ -85,11 +85,14 @@ public class CommonUtil {
public static String getLibFilePathByFileName(String fileName) { public static String getLibFilePathByFileName(String fileName) {
String os = System.getProperty("os.name"); String os = System.getProperty("os.name");
String serverParentDirectory = getServerParentDirectory(); String serverParentDirectory = getServerParentDirectory();
if (os.toLowerCase(Locale.ENGLISH).startsWith("win")) { if (os != null) {
return serverParentDirectory + File.separator + "lib" + File.separator + fileName + ".dll"; if (os.toLowerCase(Locale.ENGLISH).startsWith("win")) {
} else { return serverParentDirectory + File.separator + "lib" + File.separator + fileName + ".dll";
return serverParentDirectory + File.separator + "lib" + File.separator + fileName + ".so"; } else {
return serverParentDirectory + File.separator + "lib" + File.separator + fileName + ".so";
}
} }
return "";
} }
} }
...@@ -4,13 +4,13 @@ public class HexUtil { ...@@ -4,13 +4,13 @@ public class HexUtil {
public static String bytes2hex(byte[] bytes) { public static String bytes2hex(byte[] bytes) {
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
String tmp; StringBuilder tmp;
sb.append("["); sb.append("[");
for (byte b : bytes) { for (byte b : bytes) {
// 将每个字节与0xFF进行与运算,然后转化为10进制,然后借助于Integer再转化为16进制 // 将每个字节与0xFF进行与运算,然后转化为10进制,然后借助于Integer再转化为16进制
tmp = Integer.toHexString(0xFF & b); tmp = new StringBuilder(Integer.toHexString(0xFF & b));
if (tmp.length() == 1) { if (tmp.length() == 1) {
tmp = "0" + tmp;//只有一位的前面补个0 tmp = tmp.insert(0, '0');//只有一位的前面补个0
} }
sb.append(tmp).append(" ");//每个字节用空格断开 sb.append(tmp).append(" ");//每个字节用空格断开
} }
...@@ -18,4 +18,4 @@ public class HexUtil { ...@@ -18,4 +18,4 @@ public class HexUtil {
sb.append("]"); sb.append("]");
return sb.toString(); return sb.toString();
} }
} }
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment