guoyuepeng
/
qa-prevention-gwj
1
0
Fork 3
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Merge branch 'limingyu-20240401-app登录曹实业判断修改' into pet

liujun-2024-05-23-接口漏洞修复
limingyu 2024-04-01 18:07:30 +08:00
parent 02f8e70fcf c14275d5f4
commit 8ee09f0d51
2 changed files with 176 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
src/main/java/com/zcloud/controller/system/LoginController.java
View File

@ -126,6 +126,9 @@ public class LoginController extends BaseController {
PageData pd = new PageData();
pd = this.getPageData();
PageData loginPd = new PageData();
loginPd.put("KEYDATA", pd.getString("KEYDATA"));
loginPd.put("tm", pd.getString("tm"));
String loginData = pd.getString("KEYDATA");
if (!loginData.startsWith("qdkjchina")) {
loginData = RSAUtils.decryptDataOnJava(loginData, RSAUtils.getPrivateKey());
@ -178,6 +181,38 @@ public class LoginController extends BaseController {
removeSession(USERNAME);
if (pd != null) {
//查询该用户或企业的图片和后端地址
if (!Tools.isEmpty(pd.getString("CORPINFO_ID")) && !pd.getString("CORPINFO_ID").equals("1")) {
PageData pathData = corpPathService.getCorpPathByCorpId(pd);
map.put("baseImgPath",pathData.getString("PIC_PATH"));
map.put("USER_IDENTITY",pathData.getString("USER_IDENTITY"));
map.put("BACKENDADDR", pathData.getString("BACK_END_PATH"));
} else {
PageData pathData = corpPathService.getCorpPathByPersonInfo(pd);
map.put("baseImgPath",pathData.getString("PIC_PATH"));
map.put("USER_IDENTITY",pathData.getString("USER_IDENTITY"));
map.put("BACKENDADDR", pathData.getString("BACK_END_PATH"));
}
// 如果用户不是港务局用户,则向对应分公司发送登录请求
if (!map.get("USER_IDENTITY").toString().equals("GWJ")) {
Map backEndPath = HttpClientUtil.getPOSTTest(map.get("BACK_END_PATH").toString() + "admin/check", pd);
if (backEndPath.get("result").toString().equals("success")) {
backEndPath.put("baseImgPath",map.get("PIC_PATH").toString());
backEndPath.put("USER_IDENTITY",map.get("USER_IDENTITY").toString());
backEndPath.put("BACKENDADDR", map.get("BACK_END_PATH").toString());
System.out.println("登录返回参数:" + backEndPath);
return backEndPath;
} else {
map.put("result", "fail");
map.put("msg", backEndPath.get("msg").toString());
map.put("errorCode", errInfo);
map.put("failMsg", backEndPath.get("msg").toString());
return map;
}
}
if ("99".equals(pd.getString("STATUS"))) {
errInfo = "userlock";
map.put("result", "fail");
@ -236,6 +271,7 @@ public class LoginController extends BaseController {
PageData rpd = roleService.findMaxRoleByRId(roleIds);
map.put("ROLEID", rpd.getString("ROLE_ID"));
map.put("ROLE_NAME", rpd.getString("ROLE_NAME"));
map.put("RNUMBER", rpd.getString("RNUMBER"));
map.put("USERBZ", pd.getString("BZ"));
PageData dpd = new PageData();
dpd.put("DEPARTMENT_ID", pd.getString("DEPARTMENT_ID"));
@ -288,18 +324,6 @@ public class LoginController extends BaseController {
FHLOG.save(USERNAME, "成功登录系统", ip); //记录日志
//查询该用户或企业的图片和后端地址
if (!Tools.isEmpty(pd.getString("CORPINFO_ID")) && !pd.getString("CORPINFO_ID").equals("1")) {
PageData pathData = corpPathService.getCorpPathByCorpId(pd);
map.put("baseImgPath",pathData.getString("PIC_PATH"));
map.put("USER_IDENTITY",pathData.getString("USER_IDENTITY"));
map.put("BACKENDADDR", pathData.getString("BACK_END_PATH"));
} else {
PageData pathData = corpPathService.getCorpPathByPersonInfo(pd);
map.put("baseImgPath",pathData.getString("PIC_PATH"));
map.put("USER_IDENTITY",pathData.getString("USER_IDENTITY"));
map.put("BACKENDADDR", pathData.getString("BACK_END_PATH"));
}
}
} else {
token.clear();

197
src/main/java/com/zcloud/util/HttpClientUtil.java
View File

@ -1,14 +1,9 @@
package com.zcloud.util;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.*;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLEncoder;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
@ -19,10 +14,12 @@ import java.security.cert.CertificateException;
import java.util.HashMap;
import java.util.Map;
import com.alibaba.fastjson.JSONObject;
import com.sun.net.ssl.HttpsURLConnection;
import com.sun.net.ssl.KeyManagerFactory;
import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManagerFactory;
import com.zcloud.entity.PageData;
public class HttpClientUtil {
/**
@ -33,7 +30,7 @@ public class HttpClientUtil {
public static final String JKS = "JKS";
public static final String PKCS12 = "PKCS12";
public static final String TLS = "TLS";
/**
* get HttpURLConnection
* @param strUrl url
@ -47,7 +44,7 @@ public class HttpClientUtil {
.openConnection();
return httpURLConnection;
}
/**
* get HttpsURLConnection
* @param strUrl urlַ
@ -61,7 +58,7 @@ public class HttpClientUtil {
.openConnection();
return httpsURLConnection;
}
/**
* url
* @param strUrl
@ -73,34 +70,34 @@ public class HttpClientUtil {
int indexOf = strUrl.indexOf("?");
if(-1 != indexOf) {
return strUrl.substring(0, indexOf);
}
}
return strUrl;
}
return strUrl;
}
/**
*
* @param strUrl
* @return String
*/
public static String getQueryString(String strUrl) {
if(null != strUrl) {
int indexOf = strUrl.indexOf("?");
if(-1 != indexOf) {
return strUrl.substring(indexOf+1, strUrl.length());
}
}
return "";
}
return strUrl;
}
/**
* map
* name1=key1&name2=key2&...
@ -111,18 +108,18 @@ public class HttpClientUtil {
if(null == queryString || "".equals(queryString)) {
return null;
}
Map m = new HashMap();
String[] strArray = queryString.split("&");
for(int index = 0; index < strArray.length; index++) {
String pair = strArray[index];
HttpClientUtil.putMapByPair(pair, m);
}
return m;
}
/**
* map
* pair:name=value
@ -130,11 +127,11 @@ public class HttpClientUtil {
* @param m
*/
public static void putMapByPair(String pair, Map m) {
if(null == pair || "".equals(pair)) {
return;
}
int indexOf = pair.indexOf("=");
if(-1 != indexOf) {
String k = pair.substring(0, indexOf);
@ -160,7 +157,7 @@ public class HttpClientUtil {
buf.append(line);
buf.append("\r\n");
}
return buf.toString();
}
/**
@ -192,17 +189,17 @@ public class HttpClientUtil {
}
/**
* SSLContext
* @param trustFile
* @param trustFile
* @param trustPasswd
* @param keyFile
* @param keyPasswd
* @return
* @throws NoSuchAlgorithmException
* @throws KeyStoreException
* @throws IOException
* @throws CertificateException
* @throws UnrecoverableKeyException
* @throws KeyManagementException
* @throws NoSuchAlgorithmException
* @throws KeyStoreException
* @throws IOException
* @throws CertificateException
* @throws UnrecoverableKeyException
* @throws KeyManagementException
*/
public static SSLContext getSSLContext(
FileInputStream trustFileInputStream, String trustPasswd,
@ -230,7 +227,7 @@ public class HttpClientUtil {
return ctx;
}
/**
* char
* @param str
@ -238,14 +235,14 @@ public class HttpClientUtil {
*/
public static char[] str2CharArray(String str) {
if(null == str) return null;
return str.toCharArray();
}
public static InputStream String2Inputstream(String str) {
return new ByteArrayInputStream(str.getBytes());
}
/**
* InputStreamByte
* :
@ -253,23 +250,23 @@ public class HttpClientUtil {
* @return byte
* @throws Exception
*/
public static byte[] InputStreamTOByte(InputStream in) throws IOException{
int BUFFER_SIZE = 4096;
ByteArrayOutputStream outStream = new ByteArrayOutputStream();
byte[] data = new byte[BUFFER_SIZE];
int count = -1;
while((count = in.read(data,0,BUFFER_SIZE)) != -1)
outStream.write(data, 0, count);
data = null;
public static byte[] InputStreamTOByte(InputStream in) throws IOException{
int BUFFER_SIZE = 4096;
ByteArrayOutputStream outStream = new ByteArrayOutputStream();
byte[] data = new byte[BUFFER_SIZE];
int count = -1;
while((count = in.read(data,0,BUFFER_SIZE)) != -1)
outStream.write(data, 0, count);
data = null;
byte[] outByte = outStream.toByteArray();
outStream.close();
return outByte;
}
return outByte;
}
/**
* InputStreamString
* :
@ -278,10 +275,96 @@ public class HttpClientUtil {
* @return String
* @throws Exception
*/
public static String InputStreamTOString(InputStream in,String encoding) throws IOException{
public static String InputStreamTOString(InputStream in,String encoding) throws IOException{
return new String(InputStreamTOByte(in),encoding);
}
}
}
public static Map getPOSTTest(String httpUrl , PageData pd ){
HttpURLConnection connection = null;
InputStream is = null;
BufferedReader br = null;
StringBuffer result = new StringBuffer();
// ?username=admin&password=234f3424be5a75ad898a1b55f6e34d9e&url_token_only=true
StringBuffer nameValue = new StringBuffer();
Map<Object, Object> map = (Map)pd;
System.out.print("参数:{");
for(Map.Entry<Object, Object> entry : map.entrySet()){
System.out.print(entry.getKey().toString() + ":" + entry.getValue().toString() + ",");
nameValue.append(entry.getKey().toString()+"=" + entry.getValue().toString() + "&");
}
System.out.println("}");
String parameter = "";
if(nameValue.length()>0){
parameter = "?"+nameValue.toString().substring(0,nameValue.length()-1);
}
try {
String plusEncode = URLEncoder.encode("+", "UTF-8");
parameter = parameter.replaceAll("\\+", plusEncode);
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
System.out.println( "地址:"+httpUrl + parameter);
try {
//创建连接
URL url = new URL(httpUrl + parameter);
connection = (HttpURLConnection) url.openConnection();
//设置请求方式
connection.setRequestMethod("POST");
//设置连接超时时间
connection.setReadTimeout(15000);
//开始连接
connection.connect();
//获取响应数据
if (connection.getResponseCode() == 200) {
//获取返回的数据
is = connection.getInputStream();
if (null != is) {
br = new BufferedReader(new InputStreamReader(is, "UTF-8"));
String temp = null;
while (null != (temp = br.readLine())) {
result.append(temp);
}
}
}
} catch (IOException e) {
e.printStackTrace();
} finally {
if (null != br) {
try {
br.close();
} catch (IOException e) {
e.printStackTrace();
}
}
if (null != is) {
try {
is.close();
} catch (IOException e) {
e.printStackTrace();
}
}
//关闭远程连接
connection.disconnect();
}
// return result.toString();
/**
* json,json
*/
JSONObject jsonObject = null;
try{
jsonObject = JSONObject.parseObject(result.toString());
Map<String, Object> maps = new HashMap<String, Object>();
maps = HttpClientService.parseJSON2Map(jsonObject);
return maps;
}catch (Exception e){
e.printStackTrace();
return null;
}
}
}