| | |
|---|
| | | import javax.servlet.http.HttpServletResponse; |
|---|
| | | import java.io.IOException; |
|---|
| | | |
|---|
| | | import static ch.qos.logback.classic.ClassicConstants.REQUEST_METHOD; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 防重放功能 |
|---|
| | | */ |
|---|
| | |
|---|
| | | || requestURI.contains("station3D/byDeviceId") |
|---|
| | | || requestURI.contains("battMapInformation/multAmout") |
|---|
| | | //对外接口-外部 |
|---|
| | | || requestURI.contains("interface/getBattInf") |
|---|
| | | || requestURI.contains("interface/getBattAlarm") |
|---|
| | | || requestURI.contains("interface/getPowerInf") |
|---|
| | | || requestURI.contains("interface/getPowerAlarm") |
|---|
| | | || requestURI.contains("interface/") |
|---|
| | | // || requestURI.contains("interface/getBattAlarm") |
|---|
| | | // || requestURI.contains("interface/getPowerInf") |
|---|
| | | // || requestURI.contains("interface/getPowerAlarm") |
|---|
| | | //↑================此处与签名和无需登录放行保持一致===============↑/ |
|---|
| | | //静态资源 |
|---|
| | | || requestURI.contains(".") |
|---|
| | |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | //用户需要登录 |
|---|
| | | UserInf user = (UserInf) request.getSession().getAttribute("user"); |
|---|
| | | //无需登录可以调用接口放行 |
|---|
| | | if (!requestURI.contains(".") && !servletPath.equals("/") && |
|---|
| | | (! |
|---|
| | | //签名所需时间戳 |
|---|
| | | (requestURI.contains("server/timestamp") |
|---|
| | | //↓================此处与签名和无需登录放行保持一致===============↓/ |
|---|
| | | //对外接口-大屏 |
|---|
| | | || requestURI.contains("mapOutline/all") |
|---|
| | | || requestURI.contains("battMapInformation/findStationState") |
|---|
| | | || requestURI.contains("battMapInformation/searchUserManageStation") |
|---|
| | | || requestURI.contains("battMapInformation/del") |
|---|
| | | || requestURI.contains("station3D/byDeviceId") |
|---|
| | | || requestURI.contains("battMapInformation/multAmout") |
|---|
| | | //对外接口-外部 |
|---|
| | | || requestURI.contains("interface/getBattInf") |
|---|
| | | || requestURI.contains("interface/getBattAlarm") |
|---|
| | | || requestURI.contains("interface/getPowerInf") |
|---|
| | | || requestURI.contains("interface/getPowerAlarm") |
|---|
| | | //↑================此处与签名和无需登录放行保持一致===============↑/ |
|---|
| | | //登录页面接口 |
|---|
| | | || requestURI.contains("User_infAction!searchSnIdByUId") //TODO 免登陆v2待开发 |
|---|
| | | || requestURI.contains("message") |
|---|
| | | || requestURI.contains("login/login") |
|---|
| | | || requestURI.contains("user/updatePassword2") |
|---|
| | | || requestURI.contains("pageParam/findByCategoryId") |
|---|
| | | || requestURI.contains("pageParam/allList") |
|---|
| | | || requestURI.contains("license") |
|---|
| | | || requestURI.contains("UKey") |
|---|
| | | || requestURI.contains("closeBrowser") |
|---|
| | | || requestURI.contains("user/register") |
|---|
| | | || requestURI.contains("face/activeOnline") |
|---|
| | | || requestURI.contains("face/faceCompare2N") |
|---|
| | | //WebSocket-账号其他主机登录 |
|---|
| | | || requestURI.contains("loginCheck") |
|---|
| | | //WebSocket-签名所需时间戳 |
|---|
| | | || requestURI.contains("server") |
|---|
| | | //options请求 |
|---|
| | | || request.getMethod().toUpperCase().equals("OPTIONS") |
|---|
| | | ))) { |
|---|
| | | if (user == null) { |
|---|
| | | //越权访问 |
|---|
| | | //CommonUtil.record(0, UserOperation.TYPE_UNAUTHORIZED_ACCESS.getType(), "越权访问", "越权访问接口:" + requestURI); |
|---|
| | | CommonUtil.record2(request,0, UserOperation.TYPE_UNAUTHORIZED_ACCESS.getType(), "越权访问", "越权访问接口:" + requestURI); |
|---|
| | | response.setStatus(401); |
|---|
| | | response.setContentType("text/html;charset=utf-8"); |
|---|
| | | response.getWriter().write("非法请求,身份未验证"); |
|---|
| | | return; |
|---|
| | | if(YamlProperties.profileType.equals("prod")) { |
|---|
| | | //用户需要登录 |
|---|
| | | UserInf user = (UserInf) request.getSession().getAttribute("user"); |
|---|
| | | //无需登录可以调用接口放行 |
|---|
| | | if (!requestURI.contains(".") && !servletPath.equals("/") && |
|---|
| | | (! |
|---|
| | | //签名所需时间戳 |
|---|
| | | (requestURI.contains("server/timestamp") |
|---|
| | | //↓================此处与签名和无需登录放行保持一致===============↓/ |
|---|
| | | //对外接口-大屏 |
|---|
| | | || requestURI.contains("mapOutline/all") |
|---|
| | | || requestURI.contains("battMapInformation/findStationState") |
|---|
| | | || requestURI.contains("battMapInformation/searchUserManageStation") |
|---|
| | | || requestURI.contains("battMapInformation/del") |
|---|
| | | || requestURI.contains("station3D/byDeviceId") |
|---|
| | | || requestURI.contains("battMapInformation/multAmout") |
|---|
| | | //对外接口-外部 |
|---|
| | | || requestURI.contains("interface/") |
|---|
| | | || requestURI.equals("/fg/user") |
|---|
| | | // || requestURI.contains("interface/getBattInf") |
|---|
| | | // || requestURI.contains("interface/getBattAlarm") |
|---|
| | | // || requestURI.contains("interface/getPowerInf") |
|---|
| | | // || requestURI.contains("interface/getPowerAlarm") |
|---|
| | | //↑================此处与签名和无需登录放行保持一致===============↑/ |
|---|
| | | //登录页面接口 |
|---|
| | | || requestURI.contains("User_infAction!searchSnIdByUId") //TODO 免登陆v2待开发 |
|---|
| | | || requestURI.contains("message") |
|---|
| | | || requestURI.contains("login/login") |
|---|
| | | || requestURI.contains("user/updatePassword2") |
|---|
| | | || requestURI.contains("pageParam/findByCategoryId") |
|---|
| | | || requestURI.contains("pageParam/allList") |
|---|
| | | || requestURI.contains("license") |
|---|
| | | || requestURI.contains("UKey") |
|---|
| | | || requestURI.contains("closeBrowser") |
|---|
| | | || requestURI.contains("user/register") |
|---|
| | | || requestURI.contains("face/activeOnline") |
|---|
| | | || requestURI.contains("face/faceCompare2N") |
|---|
| | | //WebSocket-账号其他主机登录 |
|---|
| | | || requestURI.contains("loginCheck") |
|---|
| | | || requestURI.contains("interfacePowerAlarm") |
|---|
| | | || requestURI.contains("interfaceDevAlarm") |
|---|
| | | || requestURI.contains("interfaceBattAlarm") |
|---|
| | | || requestURI.contains("interfaceRealTime") |
|---|
| | | //WebSocket-签名所需时间戳 |
|---|
| | | || requestURI.contains("server") |
|---|
| | | //options请求 |
|---|
| | | || request.getMethod().toUpperCase().equals("OPTIONS") |
|---|
| | | ))) { |
|---|
| | | if (user == null) { |
|---|
| | | //越权访问 |
|---|
| | | //CommonUtil.record(0, UserOperation.TYPE_UNAUTHORIZED_ACCESS.getType(), "越权访问", "越权访问接口:" + requestURI); |
|---|
| | | CommonUtil.record2(request, 0, UserOperation.TYPE_UNAUTHORIZED_ACCESS.getType() |
|---|
| | | , "越权访问", "越权访问接口:" + requestURI, "Unauthorized access", "Unauthorized access interface:" + requestURI); |
|---|
| | | response.setStatus(401); |
|---|
| | | response.setContentType("text/html;charset=utf-8"); |
|---|
| | | response.getWriter().write("非法请求,身份未验证"); |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
