| | |
|---|
| | | |
|---|
| | | import com.whyc.constant.OperationLogEnum; |
|---|
| | | import com.whyc.constant.YamlProperties; |
|---|
| | | import com.whyc.dto.Response; |
|---|
| | | import com.whyc.pojo.db_user.UserInf; |
|---|
| | | import com.whyc.service.OperationLogService; |
|---|
| | | import com.whyc.util.JsonUtil; |
|---|
| | | import com.whyc.util.MD5Util; |
|---|
| | | import org.apache.shiro.SecurityUtils; |
|---|
| | | import org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext; |
|---|
| | |
|---|
| | | if (context.getAttribute(randomStr) != null) { |
|---|
| | | response.setStatus(403); |
|---|
| | | response.setContentType("text/html;charset=utf-8"); |
|---|
| | | response.getWriter().write("非法请求,参数异常"); |
|---|
| | | response.getWriter().write(JsonUtil.getGson().toJson(new Response().set(0,"非法请求,参数异常"))); |
|---|
| | | return; |
|---|
| | | } else { //不存在,说明第一次使用,存入内存 |
|---|
| | | context.setAttribute(randomStr, time); |
|---|
| | |
|---|
| | | if (System.currentTimeMillis() - Long.parseLong(time) >= 60 * 1000) { |
|---|
| | | response.setStatus(408); |
|---|
| | | response.setContentType("text/html;charset=utf-8"); |
|---|
| | | response.getWriter().write("请求超时异常"); |
|---|
| | | response.getWriter().write(JsonUtil.getGson().toJson(new Response().set(0,"请求超时异常"))); |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | boolean res = MD5Util.checkSignMD5(time, randomStr, sign); |
|---|
| | | if (!res) { |
|---|
| | | response.setStatus(403); |
|---|
| | | response.setContentType("text/html;charset=utf-8"); |
|---|
| | | response.getWriter().write("非法请求,参数异常"); |
|---|
| | | response.getWriter().write(JsonUtil.getGson().toJson(new Response().set(0,"非法请求,参数异常"))); |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | } |
|---|
| | |
|---|
| | | )) { |
|---|
| | | response.setStatus(403); |
|---|
| | | response.setContentType("text/html;charset=utf-8"); |
|---|
| | | response.getWriter().write("非法请求,参数异常"); |
|---|
| | | response.getWriter().write(JsonUtil.getGson().toJson(new Response().set(0,"非法请求,参数异常"))); |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | } |
|---|
| | |
|---|
| | | logService.record(OperationLogEnum.TYPE_1_SYS.getType(), OperationLogEnum.TYPE_2_UNAUTHORIZED_ACCESS.getType(),"越权访问", "越权访问接口:" + requestURI,remoteIp); |
|---|
| | | response.setStatus(401); |
|---|
| | | response.setContentType("text/html;charset=utf-8"); |
|---|
| | | response.getWriter().write("非法请求,身份未验证"); |
|---|
| | | response.getWriter().write(JsonUtil.getGson().toJson(new Response().set(0,"非法请求,身份未验证"))); |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | else if(requestURI.contains("userInf/resetSnId") //重置其他用户密码,必须1000以下的管理员才能设置 |
|---|
| | |
|---|
| | | logService.record(OperationLogEnum.TYPE_1_SYS.getType(), OperationLogEnum.TYPE_2_UNAUTHORIZED_ACCESS.getType(),"越权访问", "越权访问接口:" + requestURI,remoteIp); |
|---|
| | | response.setStatus(401); |
|---|
| | | response.setContentType("text/html;charset=utf-8"); |
|---|
| | | response.getWriter().write("非法请求,身份未授权"); |
|---|
| | | response.getWriter().write(JsonUtil.getGson().toJson(new Response().set(0,"非法请求,身份未授权"))); |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | } |
|---|
