package com.fgkj.Filters;
|
|
import com.fgkj.actions.ActionUtil;
|
import com.fgkj.dao.UinfDaoFactory;
|
import com.fgkj.dao.impl.User_infImpl;
|
import com.fgkj.dto.User_inf;
|
import com.fgkj.dto.User_log;
|
import com.fgkj.dto.User_permitgroup;
|
import com.fgkj.services.User_logService;
|
import com.fgkj.util.AESUtil;
|
import com.fgkj.util.MsgUtil;
|
import com.fgkj.util.PropertiesUtil;
|
import com.google.gson.Gson;
|
import com.google.gson.reflect.TypeToken;
|
|
import javax.servlet.*;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
import java.io.IOException;
|
import java.text.SimpleDateFormat;
|
import java.util.Date;
|
import java.util.List;
|
import java.util.stream.Collectors;
|
|
public class AccessFilter implements Filter {
|
@Override
|
public void init(FilterConfig filterConfig) throws ServletException {
|
|
}
|
|
@Override
|
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
|
|
HttpServletRequest request = (HttpServletRequest) servletRequest;
|
HttpServletResponse response = (HttpServletResponse) servletResponse;
|
//加入接口防重放功能
|
String time = request.getParameter("t");
|
String sign = request.getParameter("sign");
|
String randomStr = request.getParameter("rd");
|
|
|
String requestURI = request.getRequestURI();
|
//国网项目
|
if ("1".equals(PropertiesUtil.props.get("system.type"))) {
|
if (time != null && sign != null && randomStr != null) { //检查接口的防重放功能
|
//60秒内检查randomStr是否存在(60秒后定时清除)
|
//ServletContext context = request.getServletContext();
|
ServletContext context = request.getSession().getServletContext();
|
//如果存在就说明参数在60秒内已经使用过了
|
if (context.getAttribute(randomStr) != null) {
|
response.setStatus(403);
|
response.getWriter().write("非法请求,参数异常");
|
return;
|
} else { //不存在,说明第一次使用,存入内存
|
context.setAttribute(randomStr, time);
|
context.setAttribute("randomStr_" + randomStr, time);
|
}
|
|
//60秒后,检查时效性
|
if (System.currentTimeMillis() - Long.parseLong(time) >= 60 * 1000) {
|
response.setStatus(408);
|
response.getWriter().write("请求超时异常");
|
return;
|
}
|
boolean res = ActionUtil.checkSignMD5(time, randomStr, sign);
|
if (!res) {
|
response.setStatus(403);
|
response.getWriter().write("非法请求,参数异常");
|
return;
|
}
|
} else {
|
if (!(requestURI.contains("Server_stateAction_action_getTimestamp")
|
|| requestURI.contains("MapOutlineAction!getAll")
|
|| requestURI.contains("BattMap_informationAction!findStationState")
|
|| requestURI.contains("BattMap_informationAction!searchUserManageStation")
|
|| requestURI.contains("BattMap_informationAction!del")
|
|| requestURI.contains("Station3DAction!getByDeviceId")
|
|| requestURI.contains("BattMap_informationAction!multiAmount")
|
|| requestURI.contains("User_infAction!searchSnIdByUId")
|
|| requestURI.contains("."))) {
|
response.setStatus(403);
|
response.getWriter().write("非法请求,参数异常");
|
return;
|
}
|
}
|
}
|
//用户需要登录
|
User_inf user = (User_inf) request.getSession().getAttribute("user");
|
//对action进行拦截,放行获取时间/验证码/登录接口
|
if ((requestURI.contains("Action") || requestURI.contains(".servlet")) &&
|
(!(requestURI.contains("Server_stateAction_action_getTimestamp")
|
|| requestURI.contains("MessageAction")
|
|| requestURI.contains("LoginAction_login")
|
|| requestURI.contains("User_infAction!updatePassword2")
|
|| requestURI.contains("LoginAction!getSessionByString")
|
|| requestURI.contains("LoginAction!initDBPool")
|
|| requestURI.contains("PageParamAction!findByCategoryId")
|
|| requestURI.contains("LicenseAction")
|
|| requestURI.contains("UKey")
|
|| requestURI.contains("closeBrowser")
|
|| requestURI.contains("User_infAction!register")
|
|| requestURI.contains("FaceIdentifyAction_face_activeOnline")
|
//大屏需要直接调用接口
|
|| requestURI.contains("MapOutlineAction!getAll")
|
|| requestURI.contains("BattMap_informationAction!findStationState")
|
|| requestURI.contains("BattMap_informationAction!searchUserManageStation")
|
|| requestURI.contains("BattMap_informationAction!del")
|
|| requestURI.contains("Station3DAction!getByDeviceId")
|
|| requestURI.contains("BattMap_informationAction!multiAmount")
|
|| requestURI.contains("User_infAction!searchSnIdByUId")
|
|
))) {
|
if (user == null) {
|
User_log ulog = new User_log();
|
//未登录的用户账号
|
ulog.setuId(0);
|
ulog.setUOprateType(20);
|
ulog.setuOprateMsg("越权访问");
|
ulog.setUOprateDay(new Date());
|
ulog.setuTerminalIp(request.getRemoteAddr());
|
new User_logService().add(ulog);
|
response.setStatus(401);
|
response.getWriter().write("非法请求,身份未验证");
|
return;
|
} else {
|
String permits = (String) request.getSession().getAttribute("permits");
|
Gson gson = ActionUtil.getGson();
|
List<User_permitgroup> permitList = gson.fromJson(permits, new TypeToken<List<User_permitgroup>>() {
|
}.getType());
|
//List<User_permitgroup> permittedList = permitList.stream().filter(permit -> (permit.getPermit_item_value() == 1)).collect(Collectors.toList());
|
String permittedListStr = gson.toJson(permitList);
|
List<String> permittedList = permitList.stream().filter(permit -> (permit.getPermit_item_value() == 1)).map(User_permitgroup::getPermit_item_name).collect(Collectors.toList());
|
//检验接口权限
|
String api = requestURI.substring(4);
|
switch (api) {
|
case "BattInfAction!searchInform":
|
if (!permittedList.contains("batttest_data_query_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
case "BattInfAction_add":
|
case "BattInfAction!delete":
|
case "BattInfAction!update":
|
if (!permittedList.contains("batttest_data_edit_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
case "Fbs9100s_dfu_stateAction_action_searchAll":
|
case "BattInfAction!getPageLD9":
|
case "BattDischarge_planAction!serchByCondition":
|
case "Fbs9100s_dfu_stateAction_action_serchByCondition":
|
if (!permittedList.contains("task_query_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
case "Fbs9100s_dfu_stateAction_action_updatePro":
|
case "LD9UpdateStateAction!updateUpdateFile":
|
case "BattDischarge_planAction!del":
|
case "BattDischarge_planAction!addPro":
|
if (!permittedList.contains("task_edit_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
case "User_infAction!searchAll":
|
case "User_battgroup_baojigroupAction!searchAll":
|
if (!permittedList.contains("usr_query_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
case "User_infAction!add":
|
case "User_infAction!update":
|
case "User_infAction!delete":
|
case "User_battgroup_baojigroupAction!add":
|
case "User_battgroup_baojigroupAction!update":
|
case "User_battgroup_baojigroupAction!delete":
|
if (!permittedList.contains("usr_edit_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
case "User_permitgroupAction!searchAll":
|
case "User_permitgroupAction!serchRole":
|
if (!permittedList.contains("permit_query_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
case "User_permitgroupAction!updatePermit":
|
case "User_permitgroupAction!delete":
|
case "User_permitgroup_dataAction!add":
|
case "User_permitgroup_dataAction!batchDelete":
|
if (!permittedList.contains("permit_edit_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
case "MenuApproveAction!getNotApprovedList":
|
case "PageParam2Action!getVisitSet":
|
case "PageParamAction!findByCategoryId":
|
if (!permittedList.contains("server_param_query_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
case "MenuAction!updateMenus":
|
case "PageParam2Action!updateVisitSet":
|
case "MenuApproveAction!rejectMenu":
|
case "MenuApproveAction!approveMenu":
|
case "PageParamAction!updateParamById":
|
if (!permittedList.contains("server_param_edit_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
case "Fbs9100_setparamAction_action_serchbyDev_id":
|
case "Fbs9100_setparamAction_action_update61850Param":
|
case "Fbs9100_setparamAction_action_update":
|
case "Fbs9600_stateAction_action_update":
|
case "LD9_setparamAction_ld9action_serchByCondition":
|
case "LD9_setparamAction_ld9action_update":
|
case "LD9_setparamAction_ld9action_serchbyDev_id":
|
if (!permittedList.contains("batt_test_op_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
case "Battalarm_dataAction!serchByCondition":
|
case "Battalarm_dataAction!getRealAlarm":
|
if (!permittedList.contains("batt_alm_query_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
case "Battalarm_dataAction!update":
|
if (!permittedList.contains("batt_alm_confirm_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
case "Battalarm_dataAction!cancelalarm":
|
if (!permittedList.contains("batt_alm_clear_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
case "Battalarm_dataAction!delete":
|
if (!permittedList.contains("batt_alm_delete_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
case "Dev_paramAction!serchByCondition":
|
if (!permittedList.contains("dev_alm_query_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
case "Dev_paramAction!update":
|
if (!permittedList.contains("batt_alm_param_edit_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
case "Batt_devalarm_dataAction!serchByInfo":
|
if (!permittedList.contains("dev_alm_query_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
case "Batt_devalarm_dataAction!updatePro":
|
if (!permittedList.contains("dev_alm_confirm_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
case "Batt_devalarm_dataAction!cancelPro":
|
if (!permittedList.contains("dev_alm_clear_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
case "Batt_devalarm_dataAction!deletePro":
|
if (!permittedList.contains("dev_alm_delete_permit")) {
|
unauthorizedAccess(user, response);
|
return;
|
}break;
|
default:
|
break;
|
}
|
|
}
|
}
|
|
filterChain.doFilter(servletRequest, servletResponse);
|
}
|
|
/**
|
* 越权处理
|
*/
|
private void unauthorizedAccess(User_inf user, HttpServletResponse response) {
|
//越权访问
|
{
|
String msg = user.getUName() + "(" + user.getUId() + ")发出越权访问,已拒接其访问";
|
User_log ulog = UinfDaoFactory.CreateULog(UinfDaoFactory.UNAUTHORIZED_ACCESS, msg);
|
new User_logService().addAbnormal(ulog);
|
}
|
//启用,采用审计管理员弹窗告知的方式
|
/*//获取内置的系统管理员电话
|
String adminPhone = AESUtil.desEncrypt(new User_infImpl().getUserInfo(1).getUMobilephone());
|
MsgUtil.sendWarnOfCrossAccess(adminPhone, user.getUName(), new SimpleDateFormat(ActionUtil.time_yyyyMMddHHmmss).format(new Date()));
|
response.setStatus(401);
|
try {
|
response.getWriter().write("非法请求,拒绝请求-无访问权限");
|
} catch (IOException e) {
|
e.printStackTrace();
|
}*/
|
}
|
|
@Override
|
public void destroy() {
|
|
}
|
}
|
