渗透测试bug修改

hcp-core/src/main/java/com/yingyangfly/core/security/filter/JwtAuthenticationFilter.java

@@ -34,7 +34,6 @@ import java.security.NoSuchAlgorithmException;
 @Slf4j
 public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
-    public static final String UJNHYTGHYUJHYUYH = "ujnhytghyujhyuyh";
     @Autowired
     JwtUtil jwtUtil;
     @Autowired
@@ -53,27 +52,30 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
         String authHeader = request.getHeader(jwtUtil.getJwtProperties().getTokenHeader());
         String authTimestamp = request.getHeader("timestamp");
         String sign = request.getHeader("sign");
-        if (StringUtils.isEmpty(authTimestamp) || StringUtils.isEmpty(sign)){
-            handleUnauthorized(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"无效的请求");
-            return;
-        }
-        Long timestamp = Long.parseLong(authTimestamp);
-        timestamp += 60000;
-        Long currentTimeMillis = System.currentTimeMillis();
-        if (timestamp < currentTimeMillis){
-            handleUnauthorized(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"无效的请求");
-            return;
-        }
+        String contextPath = request.getServletPath();
+        if (StringUtils.isBlank(contextPath) || !contextPath.contains("app/task")){
+            if (StringUtils.isEmpty(authTimestamp) || StringUtils.isEmpty(sign)){
+                handleUnauthorized(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"无效的请求");
+                return;
+            }
+            Long timestamp = Long.parseLong(authTimestamp);
+            timestamp += 60000;
+            Long currentTimeMillis = System.currentTimeMillis();
+            if (timestamp < currentTimeMillis){
+                handleUnauthorized(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"无效的请求");
+                return;
+            }
 
-        String hash = "";
-        if (StringUtils.isEmpty(authHeader)){
-            hash = Sha256WithSaltUtils.hashWithSalt(authTimestamp);
-        }else {
-            hash = Sha256WithSaltUtils.hashWithSalt(authTimestamp+authHeader);
-        }
-        if (!sign.equals(hash)){
-            handleUnauthorized(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"无效的请求");
-            return;
+            String hash = "";
+            if (StringUtils.isEmpty(authHeader)){
+                hash = Sha256WithSaltUtils.hashWithSalt(authTimestamp);
+            }else {
+                hash = Sha256WithSaltUtils.hashWithSalt(authTimestamp+authHeader);
+            }
+            if (!sign.equals(hash)){
+                handleUnauthorized(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"无效的请求");
+                return;
+            }
         }
         String authToken = tokenUtil.getAuthToken(authHeader);
         String username = jwtUtil.getUserNameFromToken(authToken);