صفحهٔ اصلی گشت‌و‌گذار راهنما
ثبت نام ورود
Amoy2
/
wlyy2.0
دنبال کردن 5
ستاره دار 1
انشعاب 18
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
فهرست منبع

Merge branch '2.0' of http://192.168.1.220:10080/Amoy2/wlyy2.0 into 2.0

LAPTOP-KB9HII50\70708 1 سال پیش
والد
21bc3bffe6 1fd8c42aa8
کامیت
0dc472b894
4فایلهای تغییر یافته به همراه27 افزوده شده و 3 حذف شده
مشاهده تقسیم شده نمایش آمار تفاوت ها
  1. 24 1
      gateway/ag-basic/src/main/java/com/yihu/jw/gateway/filter/BasicZuulFilter.java
  2. 1 0
      server/svr-authentication/src/main/java/com/yihu/jw/security/core/userdetails/jdbc/WlyyUserDetailsService.java
  3. 1 1
      server/svr-authentication/src/main/java/com/yihu/jw/security/oauth2/provider/WlyyTokenGranter.java
  4. 1 1
      server/svr-authentication/src/main/java/com/yihu/jw/security/oauth2/provider/endpoint/WlyyLoginEndpoint.java

+ 24 - 1
gateway/ag-basic/src/main/java/com/yihu/jw/gateway/filter/BasicZuulFilter.java
مشاهده فایل 

@ -120,10 +120,16 @@ public class BasicZuulFilter extends ZuulFilter {
 
            logger.info("入参"+ctx.getRequestQueryParams());
 
            try {
 
                decrypt(ctx,request);
 
                logger.info("1111111111111111222222222222222222");
 
                logger.info("第一步");
 
            } catch (Exception e) {
 
                e.printStackTrace();
 
            }
 
            //防止SQL注入过滤器
 
            if(doSqlFilterCtx(ctx)){
 
                logger.info("1111111111111111");
 
                return this.forbidden(ctx, ResultStatus.ERROR_PARA, "Illegal parameter");
 
            }
 
        }
 
        //保存操作日志
 
@ -364,6 +370,21 @@ public class BasicZuulFilter extends ZuulFilter {
 
        }
 
        return false;
 
    }
 
    public boolean doSqlFilterCtx(RequestContext ctx){
 
        Map<String, List<String>> map = ctx.getRequestQueryParams();
 
        String sql = "";
 
        if (map!=null&&map.size()!=0){
 
            for (Map.Entry<String,List<String>> entry:map.entrySet()) {
 
                sql = sql + entry.getValue();
 
            }
 
            if (sqlValidate(sql)) {
 
                return true;
 
            }
 
        }
 
        return false;
 
    }
 
    public boolean doSqlFilterParams(HttpServletRequest request){
 
        Enumeration params = request.getParameterNames();
 
        String sql = "";
 
@ -403,14 +424,16 @@ public class BasicZuulFilter extends ZuulFilter {
 
    private static boolean sqlValidate(String str) {
 
        if (org.apache.commons.lang3.StringUtils.isNoneBlank(str)){
 
            logger.info("sql"+str);
 
            str = str.toLowerCase();//统一转为小写,比较简单的单词加入右边空格,避免单词中包含字段
 
            String badStr = "and |exec |execute |insert |select |delete |update |drop |chr |mid |master |truncate |" +
 
            String badStr = "xor|sysdate|and |exec |execute |insert |select |delete |update |drop |chr |mid |master |truncate |" +
 
                    "declare | sitename |net user|xp_cmdshell|or |exec |execute |create |" +
 
                    "table |from |grant |use |group_concat|column_name|" +
 
                    "information_schema.columns|table_schema|union |where |select |update |order |by |like |" ;//过滤掉的sql关键字,可以手动添加
 
            String[] badStrs = badStr.split("\\|");
 
            for (int i = 0; i < badStrs.length; i++) {
 
                if (str.indexOf(badStrs[i]) >= 0) {
 
                    logger.info("true");
 
                    return true;
 
                }
 
            }

+ 1 - 0
server/svr-authentication/src/main/java/com/yihu/jw/security/core/userdetails/jdbc/WlyyUserDetailsService.java
مشاهده فایل 

@ -597,6 +597,7 @@ public class WlyyUserDetailsService extends JdbcDaoSupport implements UserDetail
 
                loginFailureCount = 0;
 
            }
 
        }
 
        logger.info("loginFailureCount == "+loginFailureCount+" date =" +DateUtil.getStringDate());
 
        loginFailureCount++;
 
        if (loginFailureCount >= tryLoginTimes) {
 
            locked(username);

+ 1 - 1
server/svr-authentication/src/main/java/com/yihu/jw/security/oauth2/provider/WlyyTokenGranter.java
مشاهده فایل 

@ -255,7 +255,7 @@ public class WlyyTokenGranter implements TokenGranter {
 
            }
 
            String pwd = MD5.md5Hex(password+ "{" + userDetails.getSalt() + "}");
 
            if(!pwd.equals(userDetails.getPassword())){
 
                throw new InvalidRequestException("Bad credentials");
 
                throw new InvalidGrantException("Bad credentials");
 
            }
 
            if (!userDetails.isEnabled()) {

+ 1 - 1
server/svr-authentication/src/main/java/com/yihu/jw/security/oauth2/provider/endpoint/WlyyLoginEndpoint.java
مشاهده فایل 

@ -1442,7 +1442,7 @@ public class WlyyLoginEndpoint extends AbstractEndpoint {
 
            return handleOAuth2Exception(new Oauth2Envelop("账号或者密码错误!", ResultStatus.INVALID_GRANT), e);
 
        } else if (e instanceof NoSuchClientException) {
 
            return handleOAuth2Exception(new Oauth2Envelop("应用未注册!", ResultStatus.INVALID_GRANT), e);
 
        } else if (e instanceof InvalidGrantException || e instanceof UsernameNotFoundException) {
 
        } else if (e instanceof InvalidGrantException   || e instanceof UsernameNotFoundException) {
 
            return handleOAuth2Exception(new Oauth2Envelop(invalidGrantMessage((InvalidGrantException) e), ResultStatus.INVALID_GRANT), e);
 
        } else if (e instanceof InvalidTokenException) {
 
            return handleOAuth2Exception(new Oauth2Envelop("Token过期!", ResultStatus.EXPIRE), e);