Startseite Erkunden Hilfe
Registrieren Anmelden
CodeAdmin
/
hcp
2
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Quellcode durchsuchen

渗透测试bug修改

hurixing vor 1 Jahr
Ursprung
9e973af43b
Commit
96214c1b08
1 geänderte Dateien mit 23 neuen und 21 gelöschten Zeilen
Geteilte Ansicht Diff-Statistik anzeigen
  1. 23 21
      hcp-core/src/main/java/com/yingyangfly/core/security/filter/JwtAuthenticationFilter.java

+ 23 - 21
hcp-core/src/main/java/com/yingyangfly/core/security/filter/JwtAuthenticationFilter.java
Datei anzeigen 

@@ -34,7 +34,6 @@ import java.security.NoSuchAlgorithmException;
 
 @Slf4j
 
 public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
 
-    public static final String UJNHYTGHYUJHYUYH = "ujnhytghyujhyuyh";
 
     @Autowired
 
     JwtUtil jwtUtil;
 
     @Autowired
 
@@ -53,27 +52,30 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
         String authHeader = request.getHeader(jwtUtil.getJwtProperties().getTokenHeader());
 
         String authTimestamp = request.getHeader("timestamp");
 
         String sign = request.getHeader("sign");
 
-        if (StringUtils.isEmpty(authTimestamp) || StringUtils.isEmpty(sign)){
 
-            handleUnauthorized(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"无效的请求");
 
-            return;
 
-        }
 
-        Long timestamp = Long.parseLong(authTimestamp);
 
-        timestamp += 60000;
 
-        Long currentTimeMillis = System.currentTimeMillis();
 
-        if (timestamp < currentTimeMillis){
 
-            handleUnauthorized(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"无效的请求");
 
-            return;
 
-        }
 
+        String contextPath = request.getServletPath();
 
+        if (StringUtils.isBlank(contextPath) || !contextPath.contains("app/task")){
 
+            if (StringUtils.isEmpty(authTimestamp) || StringUtils.isEmpty(sign)){
 
+                handleUnauthorized(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"无效的请求");
 
+                return;
 
+            }
 
+            Long timestamp = Long.parseLong(authTimestamp);
 
+            timestamp += 60000;
 
+            Long currentTimeMillis = System.currentTimeMillis();
 
+            if (timestamp < currentTimeMillis){
 
+                handleUnauthorized(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"无效的请求");
 
+                return;
 
+            }
 
 
-        String hash = "";
 
-        if (StringUtils.isEmpty(authHeader)){
 
-            hash = Sha256WithSaltUtils.hashWithSalt(authTimestamp);
 
-        }else {
 
-            hash = Sha256WithSaltUtils.hashWithSalt(authTimestamp+authHeader);
 
-        }
 
-        if (!sign.equals(hash)){
 
-            handleUnauthorized(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"无效的请求");
 
-            return;
 
+            String hash = "";
 
+            if (StringUtils.isEmpty(authHeader)){
 
+                hash = Sha256WithSaltUtils.hashWithSalt(authTimestamp);
 
+            }else {
 
+                hash = Sha256WithSaltUtils.hashWithSalt(authTimestamp+authHeader);
 
+            }
 
+            if (!sign.equals(hash)){
 
+                handleUnauthorized(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"无效的请求");
 
+                return;
 
+            }
 
         }
 
         String authToken = tokenUtil.getAuthToken(authHeader);
 
         String username = jwtUtil.getUserNameFromToken(authToken);