代码在测试中,遇到一个安全问题,测试人员在测试中,会反复请求同一个路径,造成了数据很多脏数据,给数据库造成了压力,导致会话重放,通过时间戳的方式解决问题,话不多说,直接上代码
@Data //实体类
public class SessionReplay {
private String requestURL;
private Long newTime;
}
/**
* @Description 防止会话重放拦截器注入
**/
@Configuration
public class TimestampConfig implements WebMvcConfigurer
{
@Autowired
private UUIDInterceptor uuidInterceptor; // 注入拦截器对象
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(uuidInterceptor); // 注册拦截器
}
}
@Slf4j
@Component
public class UUIDInterceptor extends HandlerInterceptorAdapter {
private List<SessionReplay> list = new ArrayList<>();
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String newRequestURL = String.valueOf(request.getRequestURL());
Long newTime = 0L;
String time = request.getHeader("Time");
if (time == null) {
return true;
} else {
newTime = Long.valueOf(request.getHeader("Time"));
}
if (list.isEmpty()) {
SessionReplay sessionReplay = new SessionReplay();
sessionReplay.setRequestURL(newRequestURL);
sessionReplay.setNewTime(newTime);
list.add(sessionReplay);
} else {
for (SessionReplay sessionReplay : list) {
String oldRequestURL = sessionReplay.getRequestURL();
if (newRequestURL.equals(oldRequestURL)) {
Long oldTime = sessionReplay.getNewTime();
log.info("旧值:" + oldTime);
log.info("新值:" + newTime);
if (newTime - oldTime < 3000) {
throw new Exception("500");
} else {
sessionReplay.setNewTime(newTime);
}
}
}
SessionReplay sessionReplay1 = new SessionReplay();
sessionReplay1.setRequestURL(newRequestURL);
sessionReplay1.setNewTime(newTime);
list.add(sessionReplay1);
return true;
}
return true; // 继续处理该请求
}
}