文章目录
SensitiveWordFilter
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* 敏感词过滤
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface SensitiveWordFilter {
}
SensitiveWordFilterInterceptor
import com.alibaba.fastjson.JSON;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
@Component
public class SensitiveWordFilterInterceptor extends HandlerInterceptorAdapter {
@Autowired
SensitiveWordUtils sensitiveWordUtils;
@Autowired
SensitiveWordRecordService sensitiveWordRecordService;
private Logger logger = LoggerFactory.getLogger(SensitiveWordFilterInterceptor.class);
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 如果不是映射到方法直接通过
if (!(handler instanceof HandlerMethod)) {
return true;
}
// ①:START 方法注解级拦截器
HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
// 判断接口是否需要登录
SensitiveWordFilter methodAnnotation = method.getAnnotation(SensitiveWordFilter.class);
// 有 @LoginRequired 注解,需要认证
if (methodAnnotation != null) {
RequestWrappers requestWrapper = new RequestWrappers(request);
Map<String, String[]> map = new HashMap();
String msg = "";
Map<String, String[]> parameterMap = (Map<String, String[]>) JSON.parse(requestWrapper.getBody());
if (requestWrapper.getBody() == "") {
parameterMap = map;
}
for (Map.Entry<String, String[]> entry : parameterMap.entrySet()) {
Object value = entry.getValue();
if(String.class.getName().equals(value.getClass().getName())){
if(StringUtils.isNotBlank(value.toString())) {
msg += SensitiveWordUtils.getSensitiveWord(value.toString(), 1);
}
}
}
if (msg.length() > 0) {
String content = msg;
msg = "您提交的信息包含敏感词:" + msg + ",请修改核对后再提交。";
String uid = RequestUtil.getString("uid", request);
if(uid!=null) {
添加提交敏感词信息,敏感词、时间、提交用户id、IP地址
SensitiveWordRecord sensitiveWordRecord = new SensitiveWordRecord();
sensitiveWordRecord.setContent(content);
sensitiveWordRecord.setUserId(Long.valueOf(uid));
String ip = "";
if (request.getHeader("x-forwarded-for") == null) {
ip = request.getRemoteAddr();
} else {
ip = request.getHeader("x-forwarded-for");
}
sensitiveWordRecord.setIpAddress(ip);
sensitiveWordRecord.setCreateDate(new Date());
//雪花算法生成不重复id (可沿用至分布式系统)
sensitiveWordRecord.setId(String.valueOf(new IdWorker(1, 1).nextId()).substring(0, 11));
/**
* 是否是新记录(默认:false),调用setIsNewRecord()设置新记录,使用自定义ID。
* 设置为true后强制执行插入语句,ID不会自动生成,需从手动传入。
*/
sensitiveWordRecordService.save(sensitiveWordRecord);
}
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(JSON.toJSONString(HbResult.FAIL(msg)));
return false;
}
}
return true;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
}
}
SensitiveWordUtils
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Component;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
/**
* 敏感词工具类
* @date 2019年4月28日
*/
@Slf4j
@Component
public class SensitiveWordUtils {
// 最小匹配规则
public static final int minMatchType = 1;
public static final String CACHE_SENSITIVE_WORD_LIST = "sensitiveWordList";
/**
* 初始化获取敏感词Map
* @return
*/
public static Map getSensitiveWordMap(){
CommonSensitiveWordMapper commonSensitiveWordMapper=SpringUtil.getBean(CommonSensitiveWordMapper.class);
Map sensitiveWordMap = null;
RedisCacheUtils redisCacheUtils = SpringUtil.getBean(RedisCacheUtils.class);
sensitiveWordMap = (Map) redisCacheUtils.opsForValueGet(CACHE_SENSITIVE_WORD_LIST);
if(sensitiveWordMap == null) {
List<String> sensitiveWordList = commonSensitiveWordMapper.findAllSensitiveWord();
if(ListUtils.isNotEmptyList(sensitiveWordList)) {
//初始化敏感词容器,减少扩容操作
sensitiveWordMap = new HashMap(sensitiveWordList.size());
String key = null;
Map nowMap = null;
Map<String, String> newWordMap = null;
//迭代keyWordSet
Iterator<String> iterator = sensitiveWordList.iterator();
while(iterator.hasNext()){
//关键字
key = iterator.next();
nowMap = sensitiveWordMap;
for(int i = 0 ; i < key.length() ; i++){
//转换成char型
char keyChar = key.charAt(i);
//获取
Object wordMap = nowMap.get(keyChar);
//如果存在该key,直接赋值
if(wordMap != null){
nowMap = (Map) wordMap;
//不存在则,则构建一个map,同时将isEnd设置为0,因为他不是最后一个
}else{
newWordMap = new HashMap<String,String>();
//不是最后一个
newWordMap.put("isEnd", "0");
nowMap.put(keyChar, newWordMap);
nowMap = newWordMap;
}
if(i == key.length() - 1){
//最后一个
nowMap.put("isEnd", "1");
}
}
}
redisCacheUtils.opsForValueSet(CACHE_SENSITIVE_WORD_LIST, sensitiveWordMap);
}
}
return sensitiveWordMap;
}
/**
* 获取文字中的敏感词
* @param txt 文字
* @param matchType 匹配规则 1:最小匹配规则,2:最大匹配规则
* @return
*/
public static String getSensitiveWord(String txt, int matchType) {
String msg = "";
if(StringUtils.isNotBlank(txt)) {
for (int i = 0; i < txt.length(); i++) {
// 判断是否包含敏感字符
int length = checkKeyword(txt, i, matchType);
// 存在,加入list中
if (length > 0) {
msg += "【" + txt.substring(i, i + length) + "】";
// 减1的原因,是因为for会自增
i = i + length - 1; }
}
}
return msg;
}
/**
* 检查文字中是否包含敏感字符,检查规则如下:<br>
* @param txt
* @param beginIndex
* @param matchType
* @return,如果存在,则返回敏感词字符的长度,不存在返回0
* @version 1.0
*/
public static int checkKeyword(String txt, int beginIndex, int matchType) {
// 敏感词结束标识位:用于敏感词只有1位的情况
boolean flag = false;
// 匹配标识数默认为0
int matchFlag = 0;
String word = "";
Map nowMap = getSensitiveWordMap();
if(nowMap != null) {
for (int i = beginIndex; i < txt.length(); i++) {
word = String.valueOf(txt.charAt(i));
// 获取指定key
nowMap = (Map) nowMap.get(word);
// 存在,则判断是否为最后一个
if (nowMap != null) {
// 找到相应key,匹配标识+1
matchFlag++;
// 如果为最后一个匹配规则,结束循环,返回匹配标识数
if ("1".equals(nowMap.get("isEnd"))) {
// 结束标志位为true
flag = true;
// 最小规则,直接返回,最大规则还需继续查找
if (minMatchType == matchType) {
break;
}
}
// 不存在,直接返回
} else {
break;
}
}
// 长度必须大于等于1,为词
if (matchFlag < 2 || !flag) {
matchFlag = 0;
}
}
return matchFlag;
}
/**
* 清除敏感词缓存
*/
public void removeSensitiveWordCache() {
RedisCacheUtils redisCacheUtils = SpringUtil.getBean(RedisCacheUtils.class);
redisCacheUtils.delKey(CACHE_SENSITIVE_WORD_LIST);
}
/**
* 判断文字是否包含敏感字符
* @param txt 文字
* @param matchType 匹配规则 1:最小匹配规则,2:最大匹配规则
* @return 若包含返回true,否则返回false
*/
/*public static boolean isContaintKeyword(String txt, int matchType) {
boolean flag = false;
for (int i = 0; i < txt.length(); i++) {
int matchFlag = checkKeyword(txt, i, matchType); // 判断是否包含敏感字符
if (matchFlag > 0) { // 大于0存在,返回true
flag = true;
}
}
return flag;
}*/
/**
* 替换敏感字字符
*
* @param txt
* @param matchType
* @param replaceChar
* 替换字符,默认*
* @version 1.0
*/
/*public String replaceKeyword(String txt, int matchType, String replaceChar) {
String resultTxt = txt;
List<String> set = getKeyword(txt, matchType); // 获取所有的敏感词
Iterator<String> iterator = set.iterator();
String word = null;
String replaceString = null;
while (iterator.hasNext()) {
word = iterator.next();
replaceString = getReplaceChars(replaceChar, word.length());
resultTxt = resultTxt.replaceAll(word, replaceString);
}
return resultTxt;
}*/
/**
* 获取替换字符串
* @param replaceChar
* @param length
* @return
* @version 1.0
*/
/*private String getReplaceChars(String replaceChar, int length) {
String resultReplace = replaceChar;
for (int i = 1; i < length; i++) {
resultReplace += replaceChar;
}
return resultReplace;
}*/
}
RequestWrappers
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.io.*;
public class RequestWrappers extends HttpServletRequestWrapper {
private final String body;
public RequestWrappers(HttpServletRequest request) {
super(request);
StringBuilder stringBuilder = new StringBuilder();
BufferedReader bufferedReader = null;
InputStream inputStream = null;
try {
inputStream = request.getInputStream();
if (inputStream != null) {
bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
char[] charBuffer = new char[128];
int bytesRead = -1;
while ((bytesRead = bufferedReader.read(charBuffer)) > 0) {
stringBuilder.append(charBuffer, 0, bytesRead);
}
} else {
stringBuilder.append("");
}
} catch (IOException ex) {
} finally {
if (inputStream != null) {
try {
inputStream.close();
}
catch (IOException e) {
e.printStackTrace();
}
}
if (bufferedReader != null) {
try {
bufferedReader.close();
}
catch (IOException e) {
e.printStackTrace();
}
}
}
body = stringBuilder.toString();
}
@Override
public ServletInputStream getInputStream() throws IOException {
final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(body.getBytes());
ServletInputStream servletInputStream = new ServletInputStream() {
@Override
public boolean isFinished() {
return false;
}
@Override
public boolean isReady() {
return false;
}
@Override
public void setReadListener(ReadListener readListener) {
}
@Override
public int read() throws IOException {
return byteArrayInputStream.read();
}
};
return servletInputStream;
}
@Override
public BufferedReader getReader() throws IOException {
return new BufferedReader(new InputStreamReader(this.getInputStream()));
}
public String getBody() {
return this.body;
}
}
RequestUtil
package com.hb.union.xby.unit;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apache.commons.lang3.time.DateUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
@Slf4j
public class RequestUtil {
/**
* Logger for this class
*/
private static final Logger logger = LoggerFactory.getLogger(RequestUtil.class);
/**
* 获取提交中的String类型的字符串
* @param sKey 表示指定的字符串
* @param request 表示有web页面传递过来的HttpServletRequest请求
* @return 如果匹配成功,则返回该数值,否则返回null
*/
public static String getString(String sKey, HttpServletRequest request) {
String sReturn ="";
if (request.getParameter(sKey) != null) {
sReturn = "";
String[] sArray = request.getParameterValues(sKey);
for (int i = 0; i < sArray.length - 1; i++) {
sReturn +=new String(sArray[i]) + ",";
}
sReturn += new String(sArray[sArray.length - 1]);
//sReturn=request.getParameter(sKey);
}
else {
if(request.getAttribute(sKey)!=null) {
sReturn = request.getAttribute(sKey).toString();
}
else
{
if(request.getQueryString()!=null) {
String[] paramter = request.getQueryString().split("&");
for (int i = 0; i < paramter.length; i++) {
if (paramter[i].indexOf(sKey) != -1) {
return paramter[i].substring(paramter[i].indexOf("=") + 1);
}
}
}else{
Map<String,String> map=new HashMap();
map=request.getSession().getAttribute("not_parameter_map")!=null?(Map)request.getSession().getAttribute("not_parameter_map"):map;
return map.get(sKey);
}
}
}
return sReturn;
}
/**
* 获取int类型的参数。增加默认
* @param cKey
* @param defVal
* @param request
* @return
*/
public static int getInt(String cKey, int defVal, HttpServletRequest request) {
String cReturn = getStringByOther(cKey, request);
return NumberUtils.toInt(cReturn,defVal);
}
/**
* 获取int类型参数
* @param cKey 表示指定的字符串
* @param request 表示有web页面传递过来的HttpServletRequest请求
* @return 如果匹配成功,则返回该数值,否则,返回0;
*/
public static int getInt(String cKey, HttpServletRequest request) {
return getInt(cKey, 0, request);
}
public static long getLong(String cKey, long defVal, HttpServletRequest request) {
String cReturn = getStringByOther(cKey, request);
return NumberUtils.toLong(cReturn,defVal);
}
/**
* 获取long类型的变量发生错误
* @param cKey 表示指定的字符串
* @param request 表示有web页面传递过来的HttpServletRequest请求
* @return 如果匹配成功,则返回该数值,否则,返回0l;
*/
public static long getLong(String cKey, HttpServletRequest request) {
return getLong(cKey, 0L, request);
}
public static double getDouble(String cKey, double defVal, HttpServletRequest request) {
String cReturn = getStringByOther(cKey, request);
return NumberUtils.toDouble(cReturn,defVal);
}
/**
* 获取double类型参数
* @param cKey 表示指定的字符串
* @param request 表示有web页面传递过来的HttpServletRequest请求
* @return 如果匹配成功,则返回该数值,否则,返回0.0;
*/
public static double getDouble(String cKey, HttpServletRequest request) {
return getDouble(cKey, 0d, request);
}
public static float getFloat(String cKey, float defval, HttpServletRequest request) {
String cReturn = getStringByOther(cKey, request);
return NumberUtils.toFloat(cReturn,defval);
}
/**
* 获取float类型参数
* @param cKey 表示指定的字符串
* @param request 表示有web页面传递过来的HttpServletRequest请求
* @return 如果匹配成功,则返回该数值,否则,返回0.0f;
*/
public static float getFloat(String cKey, HttpServletRequest request) {
return getFloat(cKey, 0f, request);
}
/**
* 通用的方法,可以获取int、float、long以及doblue
* @param cKey 表示指定的字符串
* @param request 表示有web页面传递过来的HttpServletRequest请求
* @return 如果匹配成功,则返回该数值,否则返回null
*/
private static String getStringByOther(String cKey, HttpServletRequest request) {
String cReturn =null;
if(request.getParameter(cKey)!=null) {
String sV = request.getParameter(cKey);
if(sV !=null) {
sV = sV.trim();
for(int i=0;i<sV.length();i++) {
int myASCII = sV.charAt(i);
if (!(myASCII >= 45 && myASCII <= 57)){
return null;
}else{
if(myASCII==47){
return null;
}
}
}
cReturn =sV;
}
}
//做一下防止 xss攻击 处理。
if(cReturn != null){
cReturn = StringEscapeUtils.escapeHtml4(cReturn.trim());
}
return cReturn;
}
public static Date getDate(String cKey, HttpServletRequest request) {
Date date = null;
String cReturn = getStringByOther(cKey, request);
if(cReturn!=null) {
try {
date = DateUtils.parseDate(cReturn,"yyyy-MM-dd");
} catch (Exception ex) {
logger.error("get date type error:"+ex.getMessage());
logger.debug(null,ex);
}
}
return date;
}
public static Date getDatetime(String cKey, HttpServletRequest request) {
Date date = null;
String cReturn = getStringByOther(cKey, request);
if(cReturn!=null) {
try {
date = DateUtils.parseDate(cReturn,"yyyy-MM-dd HH:mm:ss");
} catch (Exception ex) {
logger.error("get date type error:"+ex.getMessage());
logger.debug(null,ex);
}
}
return date;
}
/**
* 获取IP地址
* @param req
* @return
*/
public static String getRemoteAddr(HttpServletRequest req) {
String ip = req.getHeader("X-Forwarded-For");
if(StringUtils.isNotBlank(ip)){
String[] ips = StringUtils.split(ip,',');
if(ips!=null){
for(String tmpip : ips){
if(StringUtils.isBlank(tmpip)) {
continue;
}
tmpip = tmpip.trim();
if(isIPAddr(tmpip) && !tmpip.startsWith("10.") && !tmpip.startsWith("192.168.") && !"127.0.0.1".equals(tmpip)){
return tmpip.trim();
}
}
}
}
ip = req.getHeader("x-real-ip");
if(isIPAddr(ip)) {
return ip;
}
ip = req.getRemoteAddr();
if(ip.indexOf('.')==-1) {
ip = "127.0.0.1";
}
return ip;
}
/**
* 获取HTTP端口
* @param req
* @return
* @throws MalformedURLException
*/
public static int getHttpPort(HttpServletRequest req) {
try {
return new URL(req.getRequestURL().toString()).getPort();
} catch (MalformedURLException excp) {
return 80;
}
}
/**
* @param addr
* @return
*/
private static boolean isIPAddr(String addr) {
if(StringUtils.isEmpty(addr)) {
return false;
}
String[] ips = StringUtils.split(addr, '.');
if(ips.length != 4) {
return false;
}
try{
int ipa = Integer.parseInt(ips[0]);
int ipb = Integer.parseInt(ips[1]);
int ipc = Integer.parseInt(ips[2]);
int ipd = Integer.parseInt(ips[3]);
return ipa >= 0 && ipa <= 255 && ipb >= 0 && ipb <= 255 && ipc >= 0
&& ipc <= 255 && ipd >= 0 && ipd <= 255;
}catch(Exception e){}
return false;
}
/**
* 获取用户访问URL中的根域名
* 例如: www.dlog.cn -> dlog.cn
* @param host
* @return
*/
public static String getDomainOfServerName(String host){
if(isIPAddr(host)) {
return null;
}
String[] names = StringUtils.split(host, '.');
int len = names.length;
if(len==1) {
return null;
}
if(len==3){
return makeup(names[len-2],names[len-1]);
}
if(len>3){
String dp = names[len-2];
if("com".equalsIgnoreCase(dp) || "gov".equalsIgnoreCase(dp) || "net".equalsIgnoreCase(dp) || "edu".equalsIgnoreCase(dp) || "org".equalsIgnoreCase(dp)) {
return makeup(names[len - 3], names[len - 2], names[len - 1]);
} else {
return makeup(names[len - 2], names[len - 1]);
}
}
return host;
}
/**
* 判断是否为搜索引擎
* @param req
* @return
*/
public static boolean isRobot(HttpServletRequest req){
String ua = req.getHeader("user-agent");
if(StringUtils.isBlank(ua)) {
return false;
}
return (ua != null
&& (ua.indexOf("Baiduspider") != -1 || ua.indexOf("Googlebot") != -1
|| ua.indexOf("sogou") != -1
|| ua.indexOf("sina") != -1
|| ua.indexOf("iaskspider") != -1
|| ua.indexOf("ia_archiver") != -1
|| ua.indexOf("Sosospider") != -1
|| ua.indexOf("YoudaoBot") != -1
|| ua.indexOf("yahoo") != -1
|| ua.indexOf("yodao") != -1
|| ua.indexOf("MSNBot") != -1
|| ua.indexOf("spider") != -1
|| ua.indexOf("Twiceler") != -1
|| ua.indexOf("Sosoimagespider") != -1
|| ua.indexOf("naver.com/robots") != -1
|| ua.indexOf("Nutch") != -1
|| ua.indexOf("spider") != -1));
}
/**
* @return
*/
private static String makeup(String...ps){
StringBuilder s = new StringBuilder();
for(int idx = 0; idx < ps.length; idx++){
if(idx > 0) {
s.append('.');
}
s.append(ps[idx]);
}
return s.toString();
}
/**
* 从请求中直接获取对象
* @param beanClass
* @param request
* @param <T>
* @return
*/
public static <T> T form(Class<T> beanClass, HttpServletRequest request) {
return WebUtil.populateObject(beanClass, request);
}
/**
* 从请求中直接获取对象的分页信息(该对象必须有 pageNo 和 pageSize 属性和其setter)
* @param beanClass
* @param request
* @return
*/
public static <T> T getPageNoAndSize(Class<T> beanClass, HttpServletRequest request) {
try {
T bean = beanClass.newInstance();
//从请求中获取分页参数
int pageNo = getInt("pageNo", -111, request);
int pageSize = getInt("pageSize", -111, request);
if(pageNo > 0) {
Method method = beanClass.getMethod("setPageNo", int.class);
method.invoke(bean, pageNo);//调用对象 setPageNo 方法赋值
}
if(pageSize > 0) {
Method method = beanClass.getMethod("setPageSize", int.class);
method.invoke(bean, pageSize);//调用对象 setPageSize 方法赋值
}
return bean;
} catch (Exception e) {
return null;
}
}
/**
* 从请求中获取全URL
* @param request
* @return
*/
@SuppressWarnings("unchecked")
public static String getFullURL(HttpServletRequest request) {
StringBuffer queryString= new StringBuffer(request.getRequestURL());
Map<String, String[]> params = request.getParameterMap();
queryString.append("?");
for (String key : params.keySet()) {
String[] values = params.get(key);
for (int i = 0; i < values.length; i++) {
String value = values[i];
queryString.append(key + "=" + value + "&");
}
}
return queryString.toString();
}
}
拦截器配置类HbWebMvcConfigurerAdapter
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
/**
* 拦截器配置类
*/
@Configuration
public class HbWebMvcConfigurerAdapter extends WebMvcConfigurerAdapter {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("forward:/index.html");
registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
super.addViewControllers(registry);
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry){
registry.addResourceHandler("/static/**").addResourceLocations("classpath:/static/").setCachePeriod(604800);
super.addResourceHandlers(registry);
}
// @Bean
// public ResourceUrlEncodingFilter resourceUrlEncodingFilter() {
// return new ResourceUrlEncodingFilter();
// }
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new SensitiveWordFilterInterceptor()).addPathPatterns("/**");
//super.addInterceptors(registry);
}
// registry.addInterceptor(loginInterceptor()).addPathPatterns("/**")
// .excludePathPatterns("/product/*.html")
//解决前端js里面long丢失精度的问题。
// public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
// MappingJackson2HttpMessageConverter jackson2HttpMessageConverter = new MappingJackson2HttpMessageConverter();
// ObjectMapper objectMapper = new ObjectMapper();
// /**
// * 序列换成json时,将所有的long变成string
// * 因为js中得数字类型不能包含所有的java long值
// */
// SimpleModule simpleModule = new SimpleModule();
// simpleModule.addSerializer(Long.class, ToStringSerializer.instance);
// simpleModule.addSerializer(Long.TYPE, ToStringSerializer.instance);
// objectMapper.registerModule(simpleModule);
// jackson2HttpMessageConverter.setObjectMapper(objectMapper);
// converters.add(jackson2HttpMessageConverter);
// }
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new SensitiveWordFilterInterceptor()).addPathPatterns("/**");
//super.addInterceptors(registry);
}
ListUtils
package com.hb.union.common.utils;
import java.util.List;
public class ListUtils {
/**
* 判断 list 不为null或空集合
* @param list
* @return
*/
public static boolean isNotEmptyList(List<?> list) {
return list != null && list.size() > 0;
}
/**
* 判断 list 为null或空集合
* @param list
* @return
*/
public static boolean isEmptyList(List<?> list) {
return !isNotEmptyList(list);
}
}
JwtAuthorizationTokenFilter
package com.hb.union.security.filter;
import com.alibaba.fastjson.JSON;
import io.jsonwebtoken.ExpiredJwtException;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Slf4j
@Component
public class JwtAuthorizationTokenFilter extends OncePerRequestFilter {
@Autowired
private CurrentUserDetailsService currentUserDetailsService;
@Autowired
private WebCurrentUserDetailsService webCurrentUserDetailsService;
@Autowired
private JwtTokenUtil jwtTokenUtil;
@Value("${jwt.header:Authorization}")
private String tokenHeader;
@Value("${jwt.prefix:Bearer}")
private String prefix;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
log.debug("processing authentication for '{}'", request.getRequestURL());
String requestHeader = request.getHeader(this.tokenHeader);
String username = null;
String authToken = null;
if (requestHeader != null && requestHeader.startsWith(prefix)) {
authToken = requestHeader.substring(prefix.length() + 1);
try {
username = jwtTokenUtil.getUsernameFromToken(authToken);
} catch (ExpiredJwtException e) {
log.error("登陆已过期:"+e.getMessage());
throw new BadRequestException(HttpStatus.UNAUTHORIZED, "登录状态过期,请重新登录!");
}
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
log.debug("security context was null, so authorizating user");
UserDetails userDetails = this.currentUserDetailsService.loadUserByUsername(username);
if (jwtTokenUtil.validateToken(authToken, userDetails)) {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
log.info("authorizated user '{}', setting security context", username);
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
}
else
{
if(requestHeader != null && requestHeader.startsWith("xiao."))
{
authToken = requestHeader.substring(5);
try {
username = jwtTokenUtil.getUsernameFromToken(authToken);
} catch (ExpiredJwtException e) {
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(JSON.toJSONString(HbResult.HbResultExpired()));
return;
}
}
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
log.debug("security context was null, so authorizating user");
UserDetails userDetails = this.webCurrentUserDetailsService.loadUserByUsername(username);
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
log.info("authorizated user '{}', setting security context", username);
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
log.debug("checking authentication for user '{}'", username);
ServletRequest requestWrapper = null;
if(request instanceof HttpServletRequest) {
requestWrapper = new RequestWrappers(request);
}
if(requestWrapper == null) {
chain.doFilter(request, response);
} else {
chain.doFilter(requestWrapper, response);
}
//chain.doFilter(request, response);
}
}
ServletRequest requestWrapper = null;
if(request instanceof HttpServletRequest) {
requestWrapper = new RequestWrappers(request);
}
if(requestWrapper == null) {
chain.doFilter(request, response);
} else {
chain.doFilter(requestWrapper, response);
}
扫一扫
363
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
