HW问题改动_PDS

口令禁止拷贝###

100M 限制上传文件###

数据库连接串，加密

String logUser = userAdmin.getName() ;String logIp = IPUtil.getIpAddr(request);String logEvent = "login";loginServie.addLogNote(0,logUser,logIp,logEvent);String logUser = loginServie.getUserById( Integer.parseInt(request.getSession().getId())).getName();String logIp = IPUtil.getIpAddr(request);String logEvent = "login_out";loginServie.addLogNote(0,logUser,logIp,logEvent);HttpServletRequest requestInteger userId = (Integer) request.getAttribute("userId");String logUser = userService.getUserById(userId).getName();String logIp = IPUtil.getIpAddr(request);String logEvent = "login";loginServie.addLogNote(0,logUser,logIp,logEvent);

拦截器 get/set atrribute "userId"


通过 atrribute "userId" 与 token 获取用户

Integer userId = (Integer) request.getSession().getAttribute(Constants.ADMIN_USER);String logUser = loginServie.getUserById(userId).getName();String logIp = IPUtil.getIpAddr(request);String logEvent = "TrainServer/goSelectCountry";loginServie.addLogNote(1,logUser,logIp,logEvent);String logUser = (String) request.getSession().getAttribute("userName");

"[^0-9a-zA-Z\u4e00-\u9fa5]+";

String filepath = request.getSession().getServletContext().getRealPath("")+"/../"+ new PropertiesUtil("configmy.properties").getValue("TRAINDATA");

SecureRandom sr = new SecureRandom();sr.nextInt(interval);//更安全的随机数，不同于math.radom()

过滤器<!-- <filter>    <filter-name>httpHeaderSecurity</filter-name>    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>    <filter-class>cn.bupt.controller.inf.SecurityHeaderFilter</filter-class>注意类路径    <async-supported>true</async-supported>        </filter><filter-mapping><filter-name>httpHeaderSecurity</filter-name><url-pattern>/*</url-pattern></filter-mapping> -->    <!-- <filter>    <filter-name>httpHeaderSecurity</filter-name>    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>    <async-supported>true</async-supported>        </filter><filter-mapping><filter-name>httpHeaderSecurity</filter-name><url-pattern>/*</url-pattern></filter-mapping> -->

3. 如何验证过滤器是否生效，浏览器打开控制台，查看请求的response中是否有相应安全头

//参数校验开始String address = location.getAddress();String serverip = location.getServerip();String name = location.getServername();String port = String.valueOf(location.getServerport());boolean boolAdd = testMatch(address, "name");boolean boolIp = testMatch(serverip, "ip");boolean boolName = testMatch(name, "name");boolean boolPort = testMatch(port, "port");if (boolAdd&&boolIp&&boolName&&boolPort) {rs = locationMapper.insertSelective(location);if(rs > 0){return true;}else{return false;}}else{return false;}//参数校验结束public boolean testMatch(String str, String type){if(type=="name"){String pattern = "^[\\w\\u4e00-\\u9fa5]+$";Pattern r = Pattern.compile(pattern);Matcher m = r.matcher(str);System.out.println(m.matches());return m.matches();}else if(type=="ip"){String pattern = "(25[0-5]|2[0-4]\\d|[0-1]\\d{2}|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|[0-1]\\d{2}|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|[0-1]\\d{2}|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|[0-1]\\d{2}|[1-9]?\\d)";Pattern r = Pattern.compile(pattern);Matcher m = r.matcher(str);System.out.println(m.matches());return m.matches();}else if(type=="port"){String pattern = "^([0-9]|[1-9]\\d|[1-9]\\d{2}|[1-9]\\d{3}|[1-5]\\d{4}|6[0-4]\\d{3}|65[0-4]\\d{2}|655[0-2]\\d|6553[0-5])$";Pattern r = Pattern.compile(pattern);Matcher m = r.matcher(str);System.out.println(m.matches());return m.matches();}else {return true;}}boolean boolindexFromJSP = locationService.testMatch(String.valueOf(id), "StringId");if (boolindexFromJSP) {mv.addObject("errormessage","站点Id参数错误");}else{boolean boolindexFromJSP = locationService.testMatch(request.getParameter("buildingId"), "StringId");            boolean boolindexFromJSP2 = locationService.testMatch(request.getParameter("floornumber"), "floorId");            boolean boolindexFromJSP3 = locationService.testMatch(request.getParameter("name"), "name");            boolean boolindexFromJSP4 = locationService.testMatch(request.getParameter("scale"), "scale");            if (!(boolindexFromJSP&&boolindexFromJSP2&&boolindexFromJSP3&&boolindexFromJSP4)) {mv.addObject("errormessage","参数错误");return mv;}

CloseableHttpResponse response =null;CloseableHttpClient httpclient = null;finally{try{if(bReader != null)bReader.close();}catch(IOException e){e.printStackTrace();}try{if(response != null)response.close();}catch(IOException e){e.printStackTrace();}if(httpclient != null)try {httpclient.close();} catch (IOException e) {e.printStackTrace();}}

重写父类方法，解密指定属性名对应的属性值   DecryptPropertyPlaceholderConfigurer extends PropertyPlaceholderConfigurer