备注修改

whycxzp

2022-03-14 827739af27d98d3229d47974f76e65d7ca39c09b

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package com.whyc.filter;
 
import com.whyc.constant.YamlProperties;
import com.whyc.util.ActionUtil;
 
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
 
/**
 * 防重放功能
 */
@WebFilter
public class AccessFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
 
    }
 
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
 
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        //加入接口防重放功能
        String time = request.getParameter("t");
        String sign = request.getParameter("sign");
        String randomStr = request.getParameter("rd");
 
 
        String requestURI = request.getRequestURI();
        //严格要求
        if (2 == YamlProperties.systemType) {
            if (time != null && sign != null && randomStr != null) { //检查接口的防重放功能
                //60秒内检查randomStr是否存在(60秒后定时清除)
                //ServletContext context = request.getServletContext();
                ServletContext context = request.getSession().getServletContext();
                //如果存在就说明参数在60秒内已经使用过了
                if (context.getAttribute(randomStr) != null) {
                    response.setStatus(403);
                    response.getWriter().write("非法请求,参数异常");
                    return;
                } else { //不存在,说明第一次使用,存入内存
                    context.setAttribute(randomStr, time);
                    context.setAttribute("randomStr_" + randomStr, time);
                }
 
                //60秒后,检查时效性
                if (System.currentTimeMillis() - Long.parseLong(time) >= 60 * 1000) {
                    response.setStatus(408);
                    response.getWriter().write("请求超时异常");
                    return;
                }
                boolean res = ActionUtil.checkSignMD5(time, randomStr, sign);
                if (!res) {
                    response.setStatus(403);
                    response.getWriter().write("非法请求,参数异常");
                    return;
                }
            } else {
                if (!(requestURI.contains("server/timestamp")
                        || requestURI.contains("mapOutline/all")
                        || requestURI.contains("battMapInformation/findStationState")
                        || requestURI.contains("battMapInformation/searchUserManageStation")
                        || requestURI.contains("battMapInformation/del")
                        || requestURI.contains("station3D/byDeviceId")
                        || requestURI.contains("battMapInformation/multAmout")
                        || requestURI.contains("."))) {
                    response.setStatus(403);
                    response.getWriter().write("非法请求,参数异常");
                    return;
                }
            }
        }
 
        filterChain.doFilter(servletRequest, servletResponse);
    }
 
    @Override
    public void destroy() {
 
    }
}