guoyuepeng
/
qa-prevention-gwj
1
0
Fork 3
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

替赵煜提交代码

liujun-2024-05-23-接口漏洞修复
liujun 2024-04-02 17:06:03 +08:00
parent df9a0e3dfb
commit a93fc05ea5
2 changed files with 176 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
src/main/java/com/zcloud/controller/system/LoginController.java
View File

@ -126,6 +126,9 @@ public class LoginController extends BaseController {
PageData pd = new PageData(); PageData pd = new PageData();
pd = this.getPageData(); pd = this.getPageData();
PageData loginPd = new PageData();
loginPd.put("KEYDATA", pd.getString("KEYDATA"));
loginPd.put("tm", pd.getString("tm"));
String loginData = pd.getString("KEYDATA"); String loginData = pd.getString("KEYDATA");
if (!loginData.startsWith("qdkjchina")) { if (!loginData.startsWith("qdkjchina")) {
loginData = RSAUtils.decryptDataOnJava(loginData, RSAUtils.getPrivateKey()); loginData = RSAUtils.decryptDataOnJava(loginData, RSAUtils.getPrivateKey());
@ -178,6 +181,37 @@ public class LoginController extends BaseController {
removeSession(USERNAME); removeSession(USERNAME);
if (pd != null) { if (pd != null) {
//查询该用户或企业的图片和后端地址
if (!Tools.isEmpty(pd.getString("CORPINFO_ID")) && !pd.getString("CORPINFO_ID").equals("1")) {
PageData pathData = corpPathService.getCorpPathByCorpId(pd);
map.put("baseImgPath",pathData.getString("PIC_PATH"));
map.put("USER_IDENTITY",pathData.getString("USER_IDENTITY"));
map.put("BACKENDADDR", pathData.getString("BACK_END_PATH"));
} else {
PageData pathData = corpPathService.getCorpPathByPersonInfo(pd);
map.put("baseImgPath",pathData.getString("PIC_PATH"));
map.put("USER_IDENTITY",pathData.getString("USER_IDENTITY"));
map.put("BACKENDADDR", pathData.getString("BACK_END_PATH"));
}
// 如果用户不是港务局用户,则向对应分公司发送登录请求
if (!map.get("USER_IDENTITY").toString().equals("GWJ")) {
Map backEndPath = HttpClientUtil.getPOSTTest(map.get("BACKENDADDR").toString() + "admin/check", loginPd);
if (backEndPath.get("result").toString().equals("success")) {
backEndPath.put("baseImgPath",map.get("baseImgPath").toString());
backEndPath.put("USER_IDENTITY",map.get("USER_IDENTITY").toString());
backEndPath.put("BACKENDADDR", map.get("BACKENDADDR").toString());
System.out.println("登录返回参数:" + backEndPath);
return backEndPath;
} else {
map.put("result", "fail");
map.put("msg", backEndPath.get("msg").toString());
map.put("errorCode", errInfo);
map.put("failMsg", backEndPath.get("msg").toString());
return map;
}
}
if ("99".equals(pd.getString("STATUS"))) { if ("99".equals(pd.getString("STATUS"))) {
errInfo = "userlock"; errInfo = "userlock";
map.put("result", "fail"); map.put("result", "fail");
@ -236,6 +270,7 @@ public class LoginController extends BaseController {
PageData rpd = roleService.findMaxRoleByRId(roleIds); PageData rpd = roleService.findMaxRoleByRId(roleIds);
map.put("ROLEID", rpd.getString("ROLE_ID")); map.put("ROLEID", rpd.getString("ROLE_ID"));
map.put("ROLE_NAME", rpd.getString("ROLE_NAME")); map.put("ROLE_NAME", rpd.getString("ROLE_NAME"));
map.put("RNUMBER", rpd.getString("RNUMBER"));
map.put("USERBZ", pd.getString("BZ")); map.put("USERBZ", pd.getString("BZ"));
PageData dpd = new PageData(); PageData dpd = new PageData();
dpd.put("DEPARTMENT_ID", pd.getString("DEPARTMENT_ID")); dpd.put("DEPARTMENT_ID", pd.getString("DEPARTMENT_ID"));
@ -288,18 +323,6 @@ public class LoginController extends BaseController {
FHLOG.save(USERNAME, "成功登录系统", ip); //记录日志 FHLOG.save(USERNAME, "成功登录系统", ip); //记录日志
//查询该用户或企业的图片和后端地址
if (!Tools.isEmpty(pd.getString("CORPINFO_ID")) && !pd.getString("CORPINFO_ID").equals("1")) {
PageData pathData = corpPathService.getCorpPathByCorpId(pd);
map.put("baseImgPath",pathData.getString("PIC_PATH"));
map.put("USER_IDENTITY",pathData.getString("USER_IDENTITY"));
map.put("BACKENDADDR", pathData.getString("BACK_END_PATH"));
} else {
PageData pathData = corpPathService.getCorpPathByPersonInfo(pd);
map.put("baseImgPath",pathData.getString("PIC_PATH"));
map.put("USER_IDENTITY",pathData.getString("USER_IDENTITY"));
map.put("BACKENDADDR", pathData.getString("BACK_END_PATH"));
}
} }
} else { } else {
token.clear(); token.clear();

97
src/main/java/com/zcloud/util/HttpClientUtil.java
View File

@ -1,14 +1,9 @@
package com.zcloud.util; package com.zcloud.util;
import java.io.BufferedReader; import java.io.*;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection; import java.net.HttpURLConnection;
import java.net.URL; import java.net.URL;
import java.net.URLEncoder;
import java.security.KeyManagementException; import java.security.KeyManagementException;
import java.security.KeyStore; import java.security.KeyStore;
import java.security.KeyStoreException; import java.security.KeyStoreException;
@ -19,10 +14,12 @@ import java.security.cert.CertificateException;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import com.alibaba.fastjson.JSONObject;
import com.sun.net.ssl.HttpsURLConnection; import com.sun.net.ssl.HttpsURLConnection;
import com.sun.net.ssl.KeyManagerFactory; import com.sun.net.ssl.KeyManagerFactory;
import com.sun.net.ssl.SSLContext; import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManagerFactory; import com.sun.net.ssl.TrustManagerFactory;
import com.zcloud.entity.PageData;
public class HttpClientUtil { public class HttpClientUtil {
/** /**
@ -284,4 +281,90 @@ public class HttpClientUtil {
} }
public static Map getPOSTTest(String httpUrl , PageData pd ){
HttpURLConnection connection = null;
InputStream is = null;
BufferedReader br = null;
StringBuffer result = new StringBuffer();
// ?username=admin&password=234f3424be5a75ad898a1b55f6e34d9e&url_token_only=true
StringBuffer nameValue = new StringBuffer();
Map<Object, Object> map = (Map)pd;
System.out.print("参数:{");
for(Map.Entry<Object, Object> entry : map.entrySet()){
System.out.print(entry.getKey().toString() + ":" + entry.getValue().toString() + ",");
nameValue.append(entry.getKey().toString()+"=" + entry.getValue().toString() + "&");
}
System.out.println("}");
String parameter = "";
if(nameValue.length()>0){
parameter = "?"+nameValue.toString().substring(0,nameValue.length()-1);
}
try {
String plusEncode = URLEncoder.encode("+", "UTF-8");
parameter = parameter.replaceAll("\\+", plusEncode);
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
System.out.println( "地址:"+httpUrl + parameter);
try {
//创建连接
URL url = new URL(httpUrl + parameter);
connection = (HttpURLConnection) url.openConnection();
//设置请求方式
connection.setRequestMethod("POST");
//设置连接超时时间
connection.setReadTimeout(15000);
//开始连接
connection.connect();
//获取响应数据
if (connection.getResponseCode() == 200) {
//获取返回的数据
is = connection.getInputStream();
if (null != is) {
br = new BufferedReader(new InputStreamReader(is, "UTF-8"));
String temp = null;
while (null != (temp = br.readLine())) {
result.append(temp);
}
}
}
} catch (IOException e) {
e.printStackTrace();
} finally {
if (null != br) {
try {
br.close();
} catch (IOException e) {
e.printStackTrace();
}
}
if (null != is) {
try {
is.close();
} catch (IOException e) {
e.printStackTrace();
}
}
//关闭远程连接
connection.disconnect();
}
// return result.toString();
/**
* json,json
*/
JSONObject jsonObject = null;
try{
jsonObject = JSONObject.parseObject(result.toString());
Map<String, Object> maps = new HashMap<String, Object>();
maps = HttpClientService.parseJSON2Map(jsonObject);
return maps;
}catch (Exception e){
e.printStackTrace();
return null;
}
}
} }