HW问题改动_PDS
来源:互联网 发布:互联网医院 知乎 编辑:程序博客网 时间:2024/06/07 03:05
口令禁止拷贝###
拦截器 get/set atrribute "userId"
通过 atrribute "userId" 与 token 获取用户
100M 限制上传文件###
数据库连接串,加密
String logUser = userAdmin.getName() ;String logIp = IPUtil.getIpAddr(request);String logEvent = "login";loginServie.addLogNote(0,logUser,logIp,logEvent);String logUser = loginServie.getUserById( Integer.parseInt(request.getSession().getId())).getName();String logIp = IPUtil.getIpAddr(request);String logEvent = "login_out";loginServie.addLogNote(0,logUser,logIp,logEvent);HttpServletRequest requestInteger userId = (Integer) request.getAttribute("userId");String logUser = userService.getUserById(userId).getName();String logIp = IPUtil.getIpAddr(request);String logEvent = "login";loginServie.addLogNote(0,logUser,logIp,logEvent);
拦截器 get/set atrribute "userId"
通过 atrribute "userId" 与 token 获取用户
Integer userId = (Integer) request.getSession().getAttribute(Constants.ADMIN_USER);String logUser = loginServie.getUserById(userId).getName();String logIp = IPUtil.getIpAddr(request);String logEvent = "TrainServer/goSelectCountry";loginServie.addLogNote(1,logUser,logIp,logEvent);String logUser = (String) request.getSession().getAttribute("userName");
"[^0-9a-zA-Z\u4e00-\u9fa5]+";
String filepath = request.getSession().getServletContext().getRealPath("")+"/../"+ new PropertiesUtil("configmy.properties").getValue("TRAINDATA");
SecureRandom sr = new SecureRandom();sr.nextInt(interval);//更安全的随机数,不同于math.radom()
过滤器<!-- <filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <filter-class>cn.bupt.controller.inf.SecurityHeaderFilter</filter-class>注意类路径 <async-supported>true</async-supported> </filter><filter-mapping><filter-name>httpHeaderSecurity</filter-name><url-pattern>/*</url-pattern></filter-mapping> --> <!-- <filter> <filter-name>httpHeaderSecurity</filter-name> <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class> <async-supported>true</async-supported> </filter><filter-mapping><filter-name>httpHeaderSecurity</filter-name><url-pattern>/*</url-pattern></filter-mapping> -->
3. 如何验证过滤器是否生效,浏览器打开控制台,查看请求的response中是否有相应安全头
//参数校验开始String address = location.getAddress();String serverip = location.getServerip();String name = location.getServername();String port = String.valueOf(location.getServerport());boolean boolAdd = testMatch(address, "name");boolean boolIp = testMatch(serverip, "ip");boolean boolName = testMatch(name, "name");boolean boolPort = testMatch(port, "port");if (boolAdd&&boolIp&&boolName&&boolPort) {rs = locationMapper.insertSelective(location);if(rs > 0){return true;}else{return false;}}else{return false;}//参数校验结束public boolean testMatch(String str, String type){if(type=="name"){String pattern = "^[\\w\\u4e00-\\u9fa5]+$";Pattern r = Pattern.compile(pattern);Matcher m = r.matcher(str);System.out.println(m.matches());return m.matches();}else if(type=="ip"){String pattern = "(25[0-5]|2[0-4]\\d|[0-1]\\d{2}|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|[0-1]\\d{2}|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|[0-1]\\d{2}|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|[0-1]\\d{2}|[1-9]?\\d)";Pattern r = Pattern.compile(pattern);Matcher m = r.matcher(str);System.out.println(m.matches());return m.matches();}else if(type=="port"){String pattern = "^([0-9]|[1-9]\\d|[1-9]\\d{2}|[1-9]\\d{3}|[1-5]\\d{4}|6[0-4]\\d{3}|65[0-4]\\d{2}|655[0-2]\\d|6553[0-5])$";Pattern r = Pattern.compile(pattern);Matcher m = r.matcher(str);System.out.println(m.matches());return m.matches();}else {return true;}}boolean boolindexFromJSP = locationService.testMatch(String.valueOf(id), "StringId");if (boolindexFromJSP) {mv.addObject("errormessage","站点Id参数错误");}else{boolean boolindexFromJSP = locationService.testMatch(request.getParameter("buildingId"), "StringId"); boolean boolindexFromJSP2 = locationService.testMatch(request.getParameter("floornumber"), "floorId"); boolean boolindexFromJSP3 = locationService.testMatch(request.getParameter("name"), "name"); boolean boolindexFromJSP4 = locationService.testMatch(request.getParameter("scale"), "scale"); if (!(boolindexFromJSP&&boolindexFromJSP2&&boolindexFromJSP3&&boolindexFromJSP4)) {mv.addObject("errormessage","参数错误");return mv;}
CloseableHttpResponse response =null;CloseableHttpClient httpclient = null;finally{try{if(bReader != null)bReader.close();}catch(IOException e){e.printStackTrace();}try{if(response != null)response.close();}catch(IOException e){e.printStackTrace();}if(httpclient != null)try {httpclient.close();} catch (IOException e) {e.printStackTrace();}}
重写父类方法,解密指定属性名对应的属性值 DecryptPropertyPlaceholderConfigurer extends PropertyPlaceholderConfigurer
阅读全文
0 0
- HW问题改动_PDS
- hw
- hw
- HW
- HW
- hw
- HW--FTP的登录问题
- enqueue:HW问题分析与解决
- enq: HW - contention 问题的处理
- HW Sever version不匹配的问题
- HW第一次系统问题,第二次测试,HW测试系统真烂
- 表结构改动后视图问题
- 改动bundle Id 碰到的问题
- 文件名大小写改动 Git 无法提交问题
- 来到HW
- hw 9.11
- hw 9.13
- hw 9.12
- 详解C中volatile关键字
- php冒泡排序法
- 访问网站显示MySQL"is marked as crashed and should be repaired错误
- 2017-09-25校训练题题解
- js如何判断微信5.0
- HW问题改动_PDS
- leetcode-4-Median of Two Sorted Arrays
- JVM总结
- 6.7-3求链表倒数第n项
- HttpClient4.X 解决POST请求返回重定向问题
- nginx服务器高并发优化思路
- Spark体系概况
- springboot报错(三) webjars被拦截或找不到
- shell脚本基础