| | |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 防重放功能 |
|---|
| | | * 及 |
|---|
| | | * 用户登录验证拦截 |
|---|
| | | */ |
|---|
| | | @WebFilter |
|---|
| | | public class AccessFilter implements Filter { |
|---|
| | |
|---|
| | | |
|---|
| | | String requestURI = request.getRequestURI(); |
|---|
| | | String servletPath = request.getServletPath(); |
|---|
| | | //严格要求 |
|---|
| | | if (2 == YamlProperties.systemType || 3 == YamlProperties.systemType) { |
|---|
| | | //防重放 |
|---|
| | | if (2 == YamlProperties.systemType) { |
|---|
| | | if (time != null && sign != null && randomStr != null) { //检查接口的防重放功能 |
|---|
| | | //60秒内检查randomStr是否存在(60秒后定时清除) |
|---|
| | | //ServletContext context = request.getServletContext(); |
|---|
| | |
|---|
| | | else { |
|---|
| | | //签名所需时间戳 |
|---|
| | | if (!(requestURI.contains("server/timestamp") |
|---|
| | | //↓================此处与签名和无需登录放行保持一致===============↓/ |
|---|
| | | //对外接口-大屏 |
|---|
| | | || requestURI.contains("mapOutline/all") |
|---|
| | | || requestURI.contains("battMapInformation/findStationState") |
|---|
| | | || requestURI.contains("battMapInformation/searchUserManageStation") |
|---|
| | | || requestURI.contains("battMapInformation/del") |
|---|
| | | || requestURI.contains("station3D/byDeviceId") |
|---|
| | | || requestURI.contains("battMapInformation/multAmout") |
|---|
| | | //对外接口-外部 |
|---|
| | | || requestURI.contains("interface/") |
|---|
| | | // || requestURI.contains("interface/getBattAlarm") |
|---|
| | | // || requestURI.contains("interface/getPowerInf") |
|---|
| | | // || requestURI.contains("interface/getPowerAlarm") |
|---|
| | | //↑================此处与签名和无需登录放行保持一致===============↑/ |
|---|
| | | //静态资源 |
|---|
| | | || requestURI.contains(".") |
|---|
| | |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | if(YamlProperties.profileType.equals("prod")) { |
|---|
| | | //if(YamlProperties.profileType.equals("prod")) { |
|---|
| | | //用户需要登录 |
|---|
| | | UserInf user = UserUtil.getUser(); |
|---|
| | | //无需登录可以调用接口放行 |
|---|
| | | if (!requestURI.contains(".") && !servletPath.equals("/") && |
|---|
| | | (! |
|---|
| | | //签名所需时间戳 |
|---|
| | | (requestURI.contains("server/timestamp") |
|---|
| | | //↓================此处与签名和无需登录放行保持一致===============↓/ |
|---|
| | | //对外接口-大屏 |
|---|
| | | || requestURI.contains("mapOutline/all") |
|---|
| | | || requestURI.contains("battMapInformation/findStationState") |
|---|
| | | || requestURI.contains("battMapInformation/searchUserManageStation") |
|---|
| | | || requestURI.contains("battMapInformation/del") |
|---|
| | | || requestURI.contains("station3D/byDeviceId") |
|---|
| | | || requestURI.contains("battMapInformation/multAmout") |
|---|
| | | //对外接口-外部 |
|---|
| | | || requestURI.contains("interface/") |
|---|
| | | // || requestURI.contains("interface/getBattInf") |
|---|
| | | // || requestURI.contains("interface/getBattAlarm") |
|---|
| | | // || requestURI.contains("interface/getPowerInf") |
|---|
| | | // || requestURI.contains("interface/getPowerAlarm") |
|---|
| | | //↑================此处与签名和无需登录放行保持一致===============↑/ |
|---|
| | | //登录页面接口 |
|---|
| | | || requestURI.contains("User_infAction!searchSnIdByUId") //TODO 免登陆v2待开发 |
|---|
| | | || requestURI.contains("message") |
|---|
| | | || requestURI.contains("login/login") |
|---|
| | | || requestURI.contains("user/updatePassword2") |
|---|
| | | || requestURI.contains("pageParam/findByCategoryId") |
|---|
| | | || requestURI.contains("pageParam/allList") |
|---|
| | | || requestURI.contains("license") |
|---|
| | | || requestURI.contains("UKey") |
|---|
| | | || requestURI.contains("closeBrowser") |
|---|
| | | || requestURI.contains("user/register") |
|---|
| | | || requestURI.contains("face/activeOnline") |
|---|
| | | || requestURI.contains("face/faceCompare2N") |
|---|
| | | //WebSocket-账号其他主机登录 |
|---|
| | | || requestURI.contains("loginCheck") |
|---|
| | | || requestURI.contains("interfacePowerAlarm") |
|---|
| | | || requestURI.contains("interfaceDevAlarm") |
|---|
| | | || requestURI.contains("interfaceBattAlarm") |
|---|
| | | || requestURI.contains("interfaceRealTime") |
|---|
| | | //WebSocket-签名所需时间戳 |
|---|
| | | || requestURI.contains("server") |
|---|
| | | //options请求 |
|---|
| | | || request.getMethod().toUpperCase().equals("OPTIONS") |
|---|
| | | ))) { |
|---|
| | | (! |
|---|
| | | //签名所需时间戳 |
|---|
| | | (requestURI.contains("server/timestamp") |
|---|
| | | //↑================此处与签名和无需登录放行保持一致===============↑/ |
|---|
| | | //登录页面接口 |
|---|
| | | || requestURI.contains("login/login") |
|---|
| | | //WebSocket-账号其他主机登录 |
|---|
| | | || requestURI.contains("loginCheck") |
|---|
| | | //WebSocket-签名所需时间戳 |
|---|
| | | || requestURI.contains("server") |
|---|
| | | //options请求 |
|---|
| | | || request.getMethod().toUpperCase().equals("OPTIONS") |
|---|
| | | ))) { |
|---|
| | | if (user == null) { |
|---|
| | | //越权访问 |
|---|
| | | logService.record(OperationLogEnum.TYPE_1_SYS.getType(), OperationLogEnum.TYPE_2_UNAUTHORIZED_ACCESS.getType(),"越权访问", "越权访问接口:" + requestURI); |
|---|
| | |
|---|
| | | response.getWriter().write("非法请求,身份未验证"); |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | //} |
|---|
| | | } |
|---|
| | | |
|---|
| | | filterChain.doFilter(servletRequest, servletResponse); |
|---|
