CI持续集成之cruiserControl用户安全处理

于 2014-03-20 23:16:39 发布
阅读量802 收藏
点赞数
分类专栏: 软件研发 文章标签: CI持续集成
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/wodestudy/article/details/21655237
版权

最近使用开源持续集成框架CruiserControl进行项目持续集成,相关资料可以到官网查阅。


关键的CruiserControl在处理打包后可以下载,但是没有用户登录模块,也是一大缺陷,可以通过反编译进行处理。如下载会通过这个类处理DownloadController:

修改后:

package net.sourceforge.cruisecontrol.dashboard.web;

import java.io.File;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sourceforge.cruisecontrol.dashboard.service.ConfigurationService;
import net.sourceforge.cruisecontrol.dashboard.utils.DashboardUtils;
import net.sourceforge.cruisecontrol.dashboard.web.binder.DownLoadLogBinder;
import net.sourceforge.cruisecontrol.dashboard.web.binder.DownloadArtifactsBinder;
import net.sourceforge.cruisecontrol.dashboard.web.command.DownLoadArtifactsCommand;
import net.sourceforge.cruisecontrol.dashboard.web.command.DownLoadFile;
import net.sourceforge.cruisecontrol.dashboard.web.command.DownloadLogCommand;
import net.sourceforge.cruisecontrol.dashboard.web.validator.DownLoadFileValidator;
import org.springframework.validation.BindingResult;
import org.springframework.validation.ObjectError;
import org.springframework.validation.Validator;
import org.springframework.web.bind.ServletRequestDataBinder;
import org.springframework.web.servlet.ModelAndView;

public class DownloadController extends BaseMultiActionController
{
  private ConfigurationService configuration;

  public DownloadController(ConfigurationService configuration)
  {
    this.configuration = configuration;
    setSupportedMethods(new String[] { "GET" });
    setValidators(new Validator[] { new DownLoadFileValidator() });
  }

  protected ServletRequestDataBinder createBinder(HttpServletRequest request, Object command) throws Exception
  {
    if ((command instanceof DownloadLogCommand)) {
      return new DownLoadLogBinder(command);
    }
    return new DownloadArtifactsBinder(command);
  }

  public ModelAndView artifacts(HttpServletRequest request, HttpServletResponse response)
    throws Exception
  {
    return download(request, new DownLoadArtifactsCommand(this.configuration));
  }

  public ModelAndView log(HttpServletRequest request, HttpServletResponse response) throws Exception
  {
    return download(request, new DownloadLogCommand(this.configuration));
  }

  private ModelAndView download(HttpServletRequest request, DownLoadFile command) throws Exception
  {
		  String userName = (String)request.getSession().getAttribute("icell-username");
		  String password = (String)request.getSession().getAttribute("icell-password");
		  if("userName".equals(userName)&& "passWord".equals(password)){
			  	BindingResult bindingResult = bindObject(request, command);
			    if (bindingResult.hasErrors()) {
			      ModelAndView mov = new ModelAndView("page_error");
			      mov.getModel().put("errorMessage", bindingResult.getGlobalError().getDefaultMessage());
			      return mov; 
			    }
			    File downLoadFile = command.getDownLoadFile();
			    ModelAndView mov = new ModelAndView(DashboardUtils.getFileType(downLoadFile) + "View");
			    mov.getModel().put("targetFile", downLoadFile);
			    return mov;
		    }else{
		    	 //BindingResult bindingResult = bindObject(request, command);
		    	 ModelAndView mov = new ModelAndView("page_error");
			     mov.getModel().put("errorMessage", "no permission now,please login at (http://xxxx/dashboard/login.jsp)");
			     return mov;
		    }
	  
    
    

  }
}
这里是直接固化在程序中。当然也可以直接编写配置文件进行处理,然后读取判断,前端通过定义一个login.jsp页面进行处理,如下简单页面: 

<%@ page contentType="text/html;charset=UTF-8" language="java"
    pageEncoding="utf-8"%>

<script type="text/javascript">
 
 function submit(){
	 var username = document.getElementById("user").value;
     var pwd = document.getElementById("pwd").value;
     if (username == "" || pwd == "") {
         alert("用户名或者密码为空!");
     }else{
    	 document.getElementById("ds-form").submit();
     }
     
 }
 
</script>


<html>
<head>
	<title>身份验证</title>
</head>
<body>
	<div style="text-align: center">
		<form action="ok.jsp" method="post" id="ds-form">
			<table>
            <tr>
                <td colspan=2>登录界面</td>  
            </tr>
            <tr>
                <td>user:</td>
                <td><input type="text" name="user" id="user" size="16"></td>
            </tr>
            <tr>
                <td>pwd:</td>
                <td><input type="password"  name="pwd" id="pwd" size="16"></td>
            </tr>
            <tr>
                <td colspan="2"></td>
            </tr>
        </table>
		</form>
		<input type="button" value="submit" οnclick="submit();">
	</div>
</body>

</html>

ok.jsp是一个中间页面: 

<%@ page contentType="text/html;charset=UTF-8" language="java"
    pageEncoding="utf-8"%>
<%
			String username = request.getParameter("user");
			String password = request.getParameter("pwd");
    	    session.setAttribute("icell-username",username);
    	    session.setAttribute("icell-password",password);
    	    
%>






<html >
<head>
	<title>身份验证</title>
</head>
<body>
	go go
</body>


<script type="text/javascript">




	window.location.href="tab/dashboard";


	
     
</script>
</html>

这样就可以通过设置的用户密码进行打包的数据下载了。


wodestudy
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值