Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
老丢丢
SpringBoot2Demo
提交
75b1f225
S
SpringBoot2Demo
项目概览
老丢丢
/
SpringBoot2Demo
通知
3
Star
1
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
S
SpringBoot2Demo
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
75b1f225
编写于
11月 06, 2020
作者:
Q
qinxiaodong@pannk.com
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
更新
上级
86c78781
变更
14
展开全部
隐藏空白更改
内联
并排
Showing
14 changed file
with
944 addition
and
8 deletion
+944
-8
mms-font/src/api/user.js
mms-font/src/api/user.js
+3
-4
mms-font/src/store/modules/user.js
mms-font/src/store/modules/user.js
+4
-2
mms-font/src/views/dashboard/index.vue
mms-font/src/views/dashboard/index.vue
+1
-0
mms-font/src/views/login/index.vue
mms-font/src/views/login/index.vue
+2
-2
mms/pom.xml
mms/pom.xml
+10
-0
mms/src/main/java/com/pannk/mms/common/config/FilterConfig.java
...c/main/java/com/pannk/mms/common/config/FilterConfig.java
+38
-0
mms/src/main/java/com/pannk/mms/common/config/ShiroConfig.java
...rc/main/java/com/pannk/mms/common/config/ShiroConfig.java
+66
-0
mms/src/main/java/com/pannk/mms/common/filters/HTMLFilter.java
...rc/main/java/com/pannk/mms/common/filters/HTMLFilter.java
+530
-0
mms/src/main/java/com/pannk/mms/common/filters/SQLFilter.java
...src/main/java/com/pannk/mms/common/filters/SQLFilter.java
+36
-0
mms/src/main/java/com/pannk/mms/common/filters/XssFilter.java
...src/main/java/com/pannk/mms/common/filters/XssFilter.java
+26
-0
mms/src/main/java/com/pannk/mms/common/filters/XssHttpServletRequestWrapper.java
...annk/mms/common/filters/XssHttpServletRequestWrapper.java
+131
-0
mms/src/main/java/com/pannk/mms/common/oauth2/OAuth2Filter.java
...c/main/java/com/pannk/mms/common/oauth2/OAuth2Filter.java
+46
-0
mms/src/main/java/com/pannk/mms/common/oauth2/OAuth2Realm.java
...rc/main/java/com/pannk/mms/common/oauth2/OAuth2Realm.java
+25
-0
mms/src/main/java/com/pannk/mms/common/oauth2/OAuth2Token.java
...rc/main/java/com/pannk/mms/common/oauth2/OAuth2Token.java
+26
-0
未找到文件。
mms-font/src/api/user.js
浏览文件 @
75b1f225
...
...
@@ -8,11 +8,10 @@ export function login(data) {
})
}
export
function
getInfo
(
token
)
{
export
function
getInfo
()
{
return
request
({
url
:
'
/vue-element-admin/user/info
'
,
method
:
'
get
'
,
params
:
{
token
}
url
:
'
/sys/user/info/
'
,
method
:
'
get
'
})
}
...
...
mms-font/src/store/modules/user.js
浏览文件 @
75b1f225
...
...
@@ -35,8 +35,9 @@ const actions = {
return
new
Promise
((
resolve
,
reject
)
=>
{
login
({
userName
:
userName
.
trim
(),
password
:
password
}).
then
(
response
=>
{
const
{
data
}
=
response
commit
(
'
SET_TOKEN
'
,
data
.
token
)
setToken
(
data
.
token
)
commit
(
'
SET_TOKEN
'
,
data
)
console
.
log
(
data
)
setToken
(
data
)
resolve
()
}).
catch
(
error
=>
{
reject
(
error
)
...
...
@@ -46,6 +47,7 @@ const actions = {
// get user info
getInfo
({
commit
,
state
})
{
console
.
log
(
state
)
return
new
Promise
((
resolve
,
reject
)
=>
{
getInfo
(
state
.
token
).
then
(
response
=>
{
const
{
data
}
=
response
...
...
mms-font/src/views/dashboard/index.vue
浏览文件 @
75b1f225
...
...
@@ -3,6 +3,7 @@
</
template
>
<
script
>
export
default
{
name
:
'
Dashboard
'
,
components
:
{
},
...
...
mms-font/src/views/login/index.vue
浏览文件 @
75b1f225
...
...
@@ -88,8 +88,8 @@ export default {
}
return
{
loginForm
:
{
userName
:
'
admin
'
,
password
:
'
1
11111
'
userName
:
'
qxd
'
,
password
:
'
1
23456
'
},
loginRules
:
{
password
:
[
...
...
mms/pom.xml
浏览文件 @
75b1f225
...
...
@@ -105,6 +105,16 @@
<artifactId>
shiro-spring
</artifactId>
<version>
${shiro.version}
</version>
</dependency>
<dependency>
<groupId>
commons-io
</groupId>
<artifactId>
commons-io
</artifactId>
<version>
${commons.io.version}
</version>
</dependency>
<dependency>
<groupId>
commons-lang
</groupId>
<artifactId>
commons-lang
</artifactId>
<version>
${commons.lang.version}
</version>
</dependency>
<dependency>
<groupId>
com.alibaba
</groupId>
<artifactId>
druid-spring-boot-starter
</artifactId>
...
...
mms/src/main/java/com/pannk/mms/common/config/FilterConfig.java
0 → 100644
浏览文件 @
75b1f225
package
com.pannk.mms.common.config
;
import
com.pannk.mms.common.filters.XssFilter
;
import
org.springframework.boot.web.servlet.FilterRegistrationBean
;
import
org.springframework.context.annotation.Bean
;
import
org.springframework.context.annotation.Configuration
;
import
org.springframework.web.filter.DelegatingFilterProxy
;
import
javax.servlet.DispatcherType
;
/**
* Created by wolf on 20-11-6.
*/
@Configuration
public
class
FilterConfig
{
@Bean
public
FilterRegistrationBean
shiroFilterRegistration
(){
FilterRegistrationBean
registration
=
new
FilterRegistrationBean
();
registration
.
setFilter
(
new
DelegatingFilterProxy
(
"shiroFilter"
));
registration
.
addInitParameter
(
"targetFilterLifecycle"
,
"true"
);
registration
.
setEnabled
(
true
);
registration
.
setOrder
(
Integer
.
MAX_VALUE
-
1
);
registration
.
addUrlPatterns
(
"/*"
);
return
registration
;
}
@Bean
public
FilterRegistrationBean
xssFilterRegistration
(){
FilterRegistrationBean
registrationBean
=
new
FilterRegistrationBean
();
registrationBean
.
setDispatcherTypes
(
DispatcherType
.
REQUEST
);
registrationBean
.
setFilter
(
new
XssFilter
());
registrationBean
.
addUrlPatterns
(
"/*"
);
registrationBean
.
setName
(
"xssFilter"
);
registrationBean
.
setOrder
(
Integer
.
MAX_VALUE
);
return
registrationBean
;
}
}
mms/src/main/java/com/pannk/mms/common/config/ShiroConfig.java
0 → 100644
浏览文件 @
75b1f225
package
com.pannk.mms.common.config
;
import
com.pannk.mms.common.oauth2.OAuth2Filter
;
import
com.pannk.mms.common.oauth2.OAuth2Realm
;
import
org.apache.shiro.mgt.SecurityManager
;
import
org.apache.shiro.spring.LifecycleBeanPostProcessor
;
import
org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor
;
import
org.apache.shiro.spring.web.ShiroFilterFactoryBean
;
import
org.apache.shiro.web.mgt.DefaultWebSecurityManager
;
import
org.springframework.context.annotation.Bean
;
import
org.springframework.context.annotation.Configuration
;
import
javax.servlet.Filter
;
import
java.util.HashMap
;
import
java.util.LinkedHashMap
;
import
java.util.Map
;
/**
* Created by wolf on 20-11-6.
*/
@Configuration
public
class
ShiroConfig
{
@Bean
public
SecurityManager
securityManager
(
OAuth2Realm
oAuth2Realm
){
DefaultWebSecurityManager
securityManager
=
new
DefaultWebSecurityManager
();
securityManager
.
setRealm
(
oAuth2Realm
);
securityManager
.
setRememberMeManager
(
null
);
return
securityManager
;
}
@Bean
public
AuthorizationAttributeSourceAdvisor
authorizationAttributeSourceAdvisor
(
SecurityManager
securityManager
){
AuthorizationAttributeSourceAdvisor
advisor
=
new
AuthorizationAttributeSourceAdvisor
();
advisor
.
setSecurityManager
(
securityManager
);
return
advisor
;
}
@Bean
(
"shiroFilter"
)
public
ShiroFilterFactoryBean
shiroFilter
(
SecurityManager
securityManager
){
ShiroFilterFactoryBean
shiroFilterFactoryBean
=
new
ShiroFilterFactoryBean
();
shiroFilterFactoryBean
.
setSecurityManager
(
securityManager
);
Map
<
String
,
Filter
>
filters
=
new
HashMap
<>();
filters
.
put
(
"oauth2"
,
new
OAuth2Filter
());
shiroFilterFactoryBean
.
setFilters
(
filters
);
Map
<
String
,
String
>
filterMap
=
new
LinkedHashMap
<>();
filterMap
.
put
(
"/webjars/**"
,
"anon"
);
filterMap
.
put
(
"/durid/**"
,
"anon"
);
filterMap
.
put
(
"/sys/log"
,
"anon"
);
filterMap
.
put
(
"/swagger/**"
,
"anon"
);
filterMap
.
put
(
"v2/api-docs"
,
"anon"
);
filterMap
.
put
(
"/swagger-ui.html"
,
"anon"
);
filterMap
.
put
(
"/swagger-resources/**"
,
"anon"
);
shiroFilterFactoryBean
.
setFilterChainDefinitionMap
(
filterMap
);
return
shiroFilterFactoryBean
;
}
@Bean
(
"lifecycleBeanPostProcessor"
)
public
LifecycleBeanPostProcessor
lifecycleBeanPostProcessor
(){
return
new
LifecycleBeanPostProcessor
();
}
}
mms/src/main/java/com/pannk/mms/common/filters/HTMLFilter.java
0 → 100644
浏览文件 @
75b1f225
此差异已折叠。
点击以展开。
mms/src/main/java/com/pannk/mms/common/filters/SQLFilter.java
0 → 100644
浏览文件 @
75b1f225
package
com.pannk.mms.common.filters
;
import
com.pannk.mms.common.exception.BaseException
;
import
org.apache.commons.lang.StringUtils
;
/**
* Created by wolf on 20-11-6.
*/
public
class
SQLFilter
{
public
static
String
sqlInject
(
String
str
){
if
(
StringUtils
.
isBlank
(
str
)){
return
null
;
}
//去掉'|"|;|\字符
str
=
StringUtils
.
replace
(
str
,
"'"
,
""
);
str
=
StringUtils
.
replace
(
str
,
"\""
,
""
);
str
=
StringUtils
.
replace
(
str
,
";"
,
""
);
str
=
StringUtils
.
replace
(
str
,
"\\"
,
""
);
//转换为小写
str
=
str
.
toLowerCase
();
//非法字符
String
[]
keywords
=
{
"master"
,
"truncate"
,
"insert"
,
"select"
,
"delete"
,
"update"
,
"declare"
,
"alter"
,
"drop"
};
//判断是否包含非法字符
for
(
String
keyword
:
keywords
)
{
if
(
str
.
indexOf
(
keyword
)
!=
-
1
)
{
throw
new
BaseException
(
"包含非法字符"
);
}
}
return
str
;
}
}
mms/src/main/java/com/pannk/mms/common/filters/XssFilter.java
0 → 100644
浏览文件 @
75b1f225
package
com.pannk.mms.common.filters
;
import
javax.servlet.*
;
import
javax.servlet.http.HttpServletRequest
;
import
java.io.IOException
;
/**
* Created by wolf on 20-11-6.
*/
public
class
XssFilter
implements
Filter
{
@Override
public
void
init
(
FilterConfig
filterConfig
)
throws
ServletException
{
}
@Override
public
void
doFilter
(
ServletRequest
servletRequest
,
ServletResponse
servletResponse
,
FilterChain
filterChain
)
throws
IOException
,
ServletException
{
XssHttpServletRequestWrapper
xssHttpServletRequestWrapper
=
new
XssHttpServletRequestWrapper
((
HttpServletRequest
)
servletRequest
);
filterChain
.
doFilter
(
xssHttpServletRequestWrapper
,
servletResponse
);
}
@Override
public
void
destroy
()
{
}
}
mms/src/main/java/com/pannk/mms/common/filters/XssHttpServletRequestWrapper.java
0 → 100644
浏览文件 @
75b1f225
package
com.pannk.mms.common.filters
;
import
com.baomidou.mybatisplus.core.toolkit.StringUtils
;
import
org.apache.commons.io.IOUtils
;
import
org.apache.commons.lang.StringEscapeUtils
;
import
org.springframework.http.HttpHeaders
;
import
org.springframework.http.MediaType
;
import
javax.servlet.ReadListener
;
import
javax.servlet.ServletInputStream
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletRequestWrapper
;
import
java.io.ByteArrayInputStream
;
import
java.io.IOException
;
import
java.util.LinkedHashMap
;
import
java.util.Map
;
/**
* Created by wolf on 20-11-6.
*/
public
class
XssHttpServletRequestWrapper
extends
HttpServletRequestWrapper
{
HttpServletRequest
oriRequest
;
private
final
static
HTMLFilter
HTML_FILTER
=
new
HTMLFilter
();
public
XssHttpServletRequestWrapper
(
HttpServletRequest
request
)
{
super
(
request
);
this
.
oriRequest
=
request
;
}
@Override
public
ServletInputStream
getInputStream
()
throws
IOException
{
if
(!
MediaType
.
APPLICATION_JSON_VALUE
.
equalsIgnoreCase
(
super
.
getHeader
(
HttpHeaders
.
CONTENT_TYPE
))){
return
super
.
getInputStream
();
}
String
json
=
IOUtils
.
toString
(
super
.
getInputStream
(),
"UTF-8"
);
if
(
StringUtils
.
isBlank
(
json
)){
return
super
.
getInputStream
();
}
json
=
xssEncode
(
json
);
final
ByteArrayInputStream
bis
=
new
ByteArrayInputStream
(
json
.
getBytes
(
"UTF-8"
));
return
new
ServletInputStream
()
{
@Override
public
boolean
isFinished
()
{
return
true
;
}
@Override
public
boolean
isReady
()
{
return
true
;
}
@Override
public
void
setReadListener
(
ReadListener
listener
)
{
}
@Override
public
int
read
()
throws
IOException
{
return
bis
.
read
();
}
};
}
@Override
public
String
getParameter
(
String
name
)
{
String
value
=
super
.
getParameter
(
xssEncode
(
name
));
if
(
StringUtils
.
isNotBlank
(
value
)){
value
=
xssEncode
(
value
);
}
value
=
SQLFilter
.
sqlInject
(
value
);
return
StringEscapeUtils
.
unescapeHtml
(
value
);
}
@Override
public
String
[]
getParameterValues
(
String
name
)
{
String
[]
parameters
=
super
.
getParameterValues
(
name
);
if
(
parameters
==
null
||
parameters
.
length
==
0
){
return
null
;
}
for
(
int
i
=
0
;
i
<
parameters
.
length
;
i
++)
{
parameters
[
i
]
=
xssEncode
(
parameters
[
i
]);
parameters
[
i
]
=
SQLFilter
.
sqlInject
(
parameters
[
i
]);
parameters
[
i
]
=
StringEscapeUtils
.
unescapeHtml
(
parameters
[
i
]);
}
return
parameters
;
}
@Override
public
Map
<
String
,
String
[]>
getParameterMap
()
{
Map
<
String
,
String
[]>
map
=
new
LinkedHashMap
<>();
Map
<
String
,
String
[]>
parameters
=
super
.
getParameterMap
();
for
(
String
key:
parameters
.
keySet
()){
String
[]
values
=
parameters
.
get
(
key
);
for
(
int
i
=
0
;
i
<
values
.
length
;
i
++)
{
values
[
i
]
=
xssEncode
(
values
[
i
]);
values
[
i
]
=
SQLFilter
.
sqlInject
(
values
[
i
]);
values
[
i
]
=
StringEscapeUtils
.
unescapeHtml
(
values
[
i
]);
}
map
.
put
(
key
,
values
);
}
return
map
;
}
@Override
public
String
getHeader
(
String
name
)
{
String
value
=
super
.
getHeader
(
xssEncode
(
name
));
if
(
StringUtils
.
isNotBlank
(
value
)){
value
=
xssEncode
(
value
);
}
value
=
SQLFilter
.
sqlInject
(
value
);
return
StringEscapeUtils
.
unescapeHtml
(
value
);
}
private
String
xssEncode
(
String
json
)
{
return
HTML_FILTER
.
filter
(
json
);
}
public
HttpServletRequest
getOriRequest
()
{
return
oriRequest
;
}
public
static
HttpServletRequest
getOriRequest
(
HttpServletRequest
request
){
if
(
request
instanceof
XssHttpServletRequestWrapper
){
return
((
XssHttpServletRequestWrapper
)
request
).
getOriRequest
();
}
return
request
;
}
}
mms/src/main/java/com/pannk/mms/common/oauth2/OAuth2Filter.java
0 → 100644
浏览文件 @
75b1f225
package
com.pannk.mms.common.oauth2
;
import
com.alibaba.fastjson.JSON
;
import
com.pannk.mms.common.base.Result
;
import
org.apache.shiro.authc.AuthenticationToken
;
import
org.apache.shiro.web.filter.authc.AuthenticatingFilter
;
import
org.junit.platform.commons.util.StringUtils
;
import
org.springframework.http.HttpStatus
;
import
javax.servlet.ServletRequest
;
import
javax.servlet.ServletResponse
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
/**
* Created by wolf on 20-11-6.
*/
public
class
OAuth2Filter
extends
AuthenticatingFilter
{
@Override
protected
AuthenticationToken
createToken
(
ServletRequest
servletRequest
,
ServletResponse
servletResponse
)
throws
Exception
{
String
token
=
getToken
(
servletRequest
);
if
(
StringUtils
.
isBlank
(
token
))
{
return
null
;
}
return
new
OAuth2Token
(
token
);
}
@Override
protected
boolean
onAccessDenied
(
ServletRequest
servletRequest
,
ServletResponse
servletResponse
)
throws
Exception
{
String
token
=
getToken
(
servletRequest
);
if
(
StringUtils
.
isBlank
(
token
))
{
HttpServletResponse
httpServletResponse
=
(
HttpServletResponse
)
servletResponse
;
httpServletResponse
.
setHeader
(
"Access-Control-Allow-Credentials"
,
"true"
);
httpServletResponse
.
setHeader
(
"Access-Control-Allow-Origin"
,
((
HttpServletRequest
)
servletRequest
).
getHeader
(
"Origin"
));
String
responJson
=
JSON
.
toJSONString
(
Result
.
error
(
HttpStatus
.
FORBIDDEN
.
value
(),
HttpStatus
.
FORBIDDEN
.
getReasonPhrase
()));
httpServletResponse
.
getWriter
().
print
(
responJson
);
return
false
;
}
return
executeLogin
(
servletRequest
,
servletResponse
);
}
private
String
getToken
(
ServletRequest
request
)
{
return
((
HttpServletRequest
)
request
).
getHeader
(
"X-Token"
);
}
}
mms/src/main/java/com/pannk/mms/common/oauth2/OAuth2Realm.java
0 → 100644
浏览文件 @
75b1f225
package
com.pannk.mms.common.oauth2
;
import
org.apache.shiro.authc.AuthenticationException
;
import
org.apache.shiro.authc.AuthenticationInfo
;
import
org.apache.shiro.authc.AuthenticationToken
;
import
org.apache.shiro.authz.AuthorizationInfo
;
import
org.apache.shiro.realm.AuthorizingRealm
;
import
org.apache.shiro.subject.PrincipalCollection
;
import
org.springframework.stereotype.Component
;
/**
* Created by wolf on 20-11-6.
*/
@Component
public
class
OAuth2Realm
extends
AuthorizingRealm
{
@Override
protected
AuthorizationInfo
doGetAuthorizationInfo
(
PrincipalCollection
principalCollection
)
{
return
null
;
}
@Override
protected
AuthenticationInfo
doGetAuthenticationInfo
(
AuthenticationToken
authenticationToken
)
throws
AuthenticationException
{
return
null
;
}
}
mms/src/main/java/com/pannk/mms/common/oauth2/OAuth2Token.java
0 → 100644
浏览文件 @
75b1f225
package
com.pannk.mms.common.oauth2
;
import
org.apache.shiro.authc.AuthenticationToken
;
/**
* Created by wolf on 20-11-6.
*/
public
class
OAuth2Token
implements
AuthenticationToken
{
private
String
token
;
public
OAuth2Token
(
String
token
){
this
.
token
=
token
;
}
@Override
public
Object
getPrincipal
()
{
return
token
;
}
@Override
public
Object
getCredentials
()
{
return
token
;
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录