| src/com/fgkj/Filters/CrossDomainFilter.java | ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 | |
| src/com/fgkj/actions/PageParamAction.java | ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 | |
| src/com/fgkj/interceptor/ExceptionInterceptor.java | ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 |
src/com/fgkj/Filters/CrossDomainFilter.java
@@ -42,6 +42,16 @@ resp.setHeader("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH"); resp.setHeader("Access-Control-Allow-Credentials", "true"); } //处理响应头缺失,信息漏洞 resp.addHeader("X-Frame-Options","SAMEORIGIN"); resp.addHeader("Referrer-Policy","origin"); resp.addHeader("Content-Security-Policy","object-src 'self'"); resp.addHeader("X-Permitted-Cross-Domain-Policies","master-only"); resp.addHeader("X-Content-Type-Options","nosniff"); resp.addHeader("X-XSS-Protection","1; mode=block"); resp.addHeader("X-Download-Options","noopen"); resp.addHeader("Strict-Transport-Security","max-age=63072000; includeSubdomains; preload"); chain.doFilter(request, resp); }
@@ -5,7 +5,11 @@ import com.fgkj.services.PageParamService; import com.fgkj.services.User_logService; import com.google.gson.reflect.TypeToken; import org.apache.struts2.ServletActionContext; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.HashMap; import java.util.List; /** @@ -18,9 +22,27 @@ public String findByCategoryId(){ //前端传参: json字符串 json:{categoryId:1} PageParam pageParam = getGson().fromJson(json, PageParam.class); ServiceModel model = service.findByCategoryId(pageParam.getCategoryId()); result = tojson(model); try { PageParam pageParam = getGson().fromJson(json, PageParam.class); ServiceModel model = service.findByCategoryId(pageParam.getCategoryId()); result = tojson(model); }catch (Exception e){ ServiceModel model = new ServiceModel(); model.setMsg("接口调用无数据返回"); HashMap map = new HashMap<String,ServiceModel>(); map.put("result",model); result = tojson(map); HttpServletResponse response = ServletActionContext.getResponse(); response.setContentType("application/json;charset=utf-8"); try { response.getWriter().write(result); } catch (IOException ex) { ex.printStackTrace(); } return NONE; } return SUCCESS; }
@@ -1,10 +1,18 @@ package com.fgkj.interceptor; import com.fgkj.actions.ActionUtil; import com.fgkj.dao.UinfDaoFactory; import com.fgkj.dto.ServiceModel; import com.fgkj.dto.User_log; import com.fgkj.services.User_logService; import com.opensymphony.xwork2.ActionInvocation; import com.opensymphony.xwork2.interceptor.AbstractInterceptor; import org.apache.struts2.ServletActionContext; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.HashMap; import java.util.Map; public class ExceptionInterceptor extends AbstractInterceptor { private static final long serialVersionUID = 4153142432948747854L; @@ -15,20 +23,32 @@ } @Override public String intercept(ActionInvocation actionInvocation) { public String intercept(ActionInvocation actionInvocation) throws IOException { String result = null; try { result = actionInvocation.invoke(); } catch (Exception e) { String actionName = actionInvocation.getProxy().getActionName(); String errorMsg = e.toString(); String msg = "接口调用异常:调用接口"+actionName+"发生错误:"+errorMsg; String msg = "接口调用异常:调用接口" + actionName + "发生错误:" + errorMsg; //日志记录 { User_log ulog = UinfDaoFactory.CreateULog(UinfDaoFactory.EXCEPTION, msg); new User_logService().addAbnormal(ulog); } return "error"; ServiceModel model = new ServiceModel(); HttpServletResponse response = ServletActionContext.getResponse(); response.setContentType("application/json;charset=utf-8"); model.setMsg("接口调用无数据返回"); Map<String, ServiceModel> map = new HashMap<>(); map.put("result", model); String resultJson = ActionUtil.tojson(map); response.getWriter().write(resultJson); return "none"; } return result;
