fg重构项目
blame | 历史 | 原始文档
whycxzp
2022-03-14 92306778c176a9ac956f0b3be2354a44eaf7f8b2 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

package com.whyc.filter;


 


import com.whyc.constant.YamlProperties;


import com.whyc.util.ActionUtil;


 


import javax.servlet.*;


import javax.servlet.annotation.WebFilter;


import javax.servlet.http.HttpServletRequest;


import javax.servlet.http.HttpServletResponse;


import java.io.IOException;


 


/**


 * 防重放功能


 */


@WebFilter


public class AccessFilter implements Filter {


    @Override


    public void init(FilterConfig filterConfig) throws ServletException {


 


    }


 


    @Override


    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {


 


        HttpServletRequest request = (HttpServletRequest) servletRequest;


        HttpServletResponse response = (HttpServletResponse) servletResponse;


        //加入接口防重放功能


        String time = request.getParameter("t");


        String sign = request.getParameter("sign");


        String randomStr = request.getParameter("rd");


 


 


        String requestURI = request.getRequestURI();


        //国网项目


        if (2 == YamlProperties.systemType) {


            if (time != null && sign != null && randomStr != null) { //检查接口的防重放功能


                //60秒内检查randomStr是否存在(60秒后定时清除)


                //ServletContext context = request.getServletContext();


                ServletContext context = request.getSession().getServletContext();


                //如果存在就说明参数在60秒内已经使用过了


                if (context.getAttribute(randomStr) != null) {


                    response.setStatus(403);


                    response.getWriter().write("非法请求,参数异常");


                    return;


                } else { //不存在,说明第一次使用,存入内存


                    context.setAttribute(randomStr, time);


                    context.setAttribute("randomStr_" + randomStr, time);


                }


 


                //60秒后,检查时效性


                if (System.currentTimeMillis() - Long.parseLong(time) >= 60 * 1000) {


                    response.setStatus(408);


                    response.getWriter().write("请求超时异常");


                    return;


                }


                boolean res = ActionUtil.checkSignMD5(time, randomStr, sign);


                if (!res) {


                    response.setStatus(403);


                    response.getWriter().write("非法请求,参数异常");


                    return;


                }


            } else {


                if (!(requestURI.contains("server/timestamp")


                        || requestURI.contains("mapOutline/all")


                        || requestURI.contains("battMapInformation/findStationState")


                        || requestURI.contains("battMapInformation/searchUserManageStation")


                        || requestURI.contains("battMapInformation/del")


                        || requestURI.contains("station3D/byDeviceId")


                        || requestURI.contains("battMapInformation/multAmout")


                        || requestURI.contains("."))) {


                    response.setStatus(403);


                    response.getWriter().write("非法请求,参数异常");


                    return;


                }


            }


        }


 


        filterChain.doFilter(servletRequest, servletResponse);


    }


 


    @Override


    public void destroy() {


 


    }


}