Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
smart_gov_platform
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
赵啸非
smart_gov_platform
Commits
3e5c7a8b
Commit
3e5c7a8b
authored
Oct 11, 2024
by
赵啸非
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
提交配置校验
parent
e3a2b723
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
36 additions
and
33 deletions
+36
-33
base-manager/src/main/java/com/mortals/xhx/base/framework/filter/SameSiteCookieFilter.java
...rtals/xhx/base/framework/filter/SameSiteCookieFilter.java
+36
-30
base-manager/src/main/java/com/mortals/xhx/base/framework/interceptor/AuthUserInterceptor.java
...s/xhx/base/framework/interceptor/AuthUserInterceptor.java
+0
-3
No files found.
base-manager/src/main/java/com/mortals/xhx/base/framework/filter/SameSiteCookieFilter.java
View file @
3e5c7a8b
package
com.mortals.xhx.base.framework.filter
;
import
cn.hutool.core.util.StrUtil
;
import
cn.hutool.http.HttpStatus
;
import
cn.hutool.core.util.URLUtil
;
import
com.mortals.framework.service.ICacheService
;
import
com.mortals.xhx.common.key.RedisKey
;
import
lombok.extern.slf4j.Slf4j
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.boot.autoconfigure.condition.ConditionalOnExpression
;
import
org.springframework.context.annotation.Profile
;
import
org.springframework.data.redis.core.RedisTemplate
;
import
org.springframework.stereotype.Component
;
import
org.springframework.util.ObjectUtils
;
import
javax.servlet.*
;
import
javax.servlet.http.*
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
java.io.IOException
;
import
java.net.URI
;
import
java.net.URL
;
import
java.util.List
;
@Slf4j
//
@Component
@Component
@Profile
({
"yanyuan"
,
"test"
})
public
class
SameSiteCookieFilter
implements
Filter
{
@Autowired
private
ICacheService
cacheService
;
@Value
(
"${token.database:0}"
)
private
Integer
portalDb
;
@Override
public
void
doFilter
(
ServletRequest
request
,
ServletResponse
response
,
FilterChain
chain
)
throws
IOException
,
ServletException
{
HttpServletResponse
httpResponse
=
(
HttpServletResponse
)
response
;
Cookie
[]
cookies
=
((
HttpServletRequest
)
request
).
getCookies
();
if
(
cookies
!=
null
)
{
for
(
Cookie
cookie
:
cookies
)
{
cookie
.
setHttpOnly
(
true
);
cookie
.
setSecure
(
true
);
cookie
.
setPath
(
"/"
);
cookie
.
setMaxAge
(
3600
);
httpResponse
.
addCookie
(
cookie
);
}
}
//cors
/* String referer = httpRequest.getHeader("Referer");
if(ObjectUtils.isEmpty(referer)){
chain.doFilter(request, response);
}else{
referer=StrUtil.removeSuffix(referer,"/");
List<String> trustReferers = StrUtil.split(trustedReferer, ",");
if(ObjectUtils.isEmpty(trustReferers)){
chain.doFilter(request, response);
}else{
if(trustReferers.contains(referer)) {
chain.doFilter(request, response);
}else {
httpResponse.setStatus(HttpStatus.HTTP_BAD_REQUEST);
RedisTemplate
<
String
,
String
>
redisTemplate
=
cacheService
.
selectDbRedisTemplate
(
portalDb
);
String
trustedReferer
=
redisTemplate
.
opsForValue
().
get
(
RedisKey
.
KEY_REFERERS_CACHE
);
List
<
String
>
allowedOrigins
=
StrUtil
.
split
(
trustedReferer
,
","
);
// Set allowedOrigins= new HashSet(Arrays.asList(allowDomain));
String
originHeader
=((
HttpServletRequest
)
request
).
getHeader
(
"Origin"
);
if
(!
ObjectUtils
.
isEmpty
(
originHeader
)){
URI
host
=
URLUtil
.
getHost
(
new
URL
(
originHeader
));
String
origin
=
host
.
getHost
();
if
(
allowedOrigins
.
contains
(
origin
)){
httpResponse
.
setHeader
(
"Access-Control-Allow-Origin"
,
originHeader
);
httpResponse
.
setContentType
(
"application/json;charset=UTF-8"
);
httpResponse
.
setHeader
(
"Access-Control-Allow-Methods"
,
"POST, GET, OPTIONS, DELETE"
);
httpResponse
.
setHeader
(
"Access-Control-Max-Age"
,
"3600"
);
httpResponse
.
setHeader
(
"Access-Control-Allow-Headers"
,
"Content-Type,authorization,authtoken"
);
// 如果要把Cookie发到服务器,需要指定Access-Control-Allow-Credentials字段为true
httpResponse
.
setHeader
(
"Access-Control-Allow-Credentials"
,
"true"
);
httpResponse
.
setHeader
(
"Access-Control-Expose-Headers"
,
"*"
);
}
}
}*/
chain
.
doFilter
(
request
,
response
);
}
...
...
base-manager/src/main/java/com/mortals/xhx/base/framework/interceptor/AuthUserInterceptor.java
View file @
3e5c7a8b
...
...
@@ -50,9 +50,6 @@ public class AuthUserInterceptor extends BaseInterceptor {
@Autowired
private
ICacheService
cacheService
;
@Value
(
"${trustedReferer:''}"
)
private
String
trustedReferer
;
@Value
(
"${token.database:0}"
)
private
Integer
portalDb
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
