CI持续集成之cruiserControl用户安全处理
来源:互联网 发布:iis7 php http503 编辑:程序博客网 时间:2024/06/15 05:41
最近使用开源持续集成框架CruiserControl进行项目持续集成,相关资料可以到官网查阅。
关键的CruiserControl在处理打包后可以下载,但是没有用户登录模块,也是一大缺陷,可以通过反编译进行处理。如下载会通过这个类处理DownloadController:
修改后:
package net.sourceforge.cruisecontrol.dashboard.web;import java.io.File;import java.util.Map;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import net.sourceforge.cruisecontrol.dashboard.service.ConfigurationService;import net.sourceforge.cruisecontrol.dashboard.utils.DashboardUtils;import net.sourceforge.cruisecontrol.dashboard.web.binder.DownLoadLogBinder;import net.sourceforge.cruisecontrol.dashboard.web.binder.DownloadArtifactsBinder;import net.sourceforge.cruisecontrol.dashboard.web.command.DownLoadArtifactsCommand;import net.sourceforge.cruisecontrol.dashboard.web.command.DownLoadFile;import net.sourceforge.cruisecontrol.dashboard.web.command.DownloadLogCommand;import net.sourceforge.cruisecontrol.dashboard.web.validator.DownLoadFileValidator;import org.springframework.validation.BindingResult;import org.springframework.validation.ObjectError;import org.springframework.validation.Validator;import org.springframework.web.bind.ServletRequestDataBinder;import org.springframework.web.servlet.ModelAndView;public class DownloadController extends BaseMultiActionController{ private ConfigurationService configuration; public DownloadController(ConfigurationService configuration) { this.configuration = configuration; setSupportedMethods(new String[] { "GET" }); setValidators(new Validator[] { new DownLoadFileValidator() }); } protected ServletRequestDataBinder createBinder(HttpServletRequest request, Object command) throws Exception { if ((command instanceof DownloadLogCommand)) { return new DownLoadLogBinder(command); } return new DownloadArtifactsBinder(command); } public ModelAndView artifacts(HttpServletRequest request, HttpServletResponse response) throws Exception { return download(request, new DownLoadArtifactsCommand(this.configuration)); } public ModelAndView log(HttpServletRequest request, HttpServletResponse response) throws Exception { return download(request, new DownloadLogCommand(this.configuration)); } private ModelAndView download(HttpServletRequest request, DownLoadFile command) throws Exception { String userName = (String)request.getSession().getAttribute("icell-username"); String password = (String)request.getSession().getAttribute("icell-password"); if("userName".equals(userName)&& "passWord".equals(password)){ BindingResult bindingResult = bindObject(request, command); if (bindingResult.hasErrors()) { ModelAndView mov = new ModelAndView("page_error"); mov.getModel().put("errorMessage", bindingResult.getGlobalError().getDefaultMessage()); return mov; } File downLoadFile = command.getDownLoadFile(); ModelAndView mov = new ModelAndView(DashboardUtils.getFileType(downLoadFile) + "View"); mov.getModel().put("targetFile", downLoadFile); return mov; }else{ //BindingResult bindingResult = bindObject(request, command); ModelAndView mov = new ModelAndView("page_error"); mov.getModel().put("errorMessage", "no permission now,please login at (http://xxxx/dashboard/login.jsp)"); return mov; } }}这里是直接固化在程序中。当然也可以直接编写配置文件进行处理,然后读取判断,前端通过定义一个login.jsp页面进行处理,如下简单页面:
<%@ page contentType="text/html;charset=UTF-8" language="java" pageEncoding="utf-8"%><script type="text/javascript"> function submit(){ var username = document.getElementById("user").value; var pwd = document.getElementById("pwd").value; if (username == "" || pwd == "") { alert("用户名或者密码为空!"); }else{ document.getElementById("ds-form").submit(); } } </script><html><head><title>身份验证</title></head><body><div style="text-align: center"><form action="ok.jsp" method="post" id="ds-form"><table> <tr> <td colspan=2>登录界面</td> </tr> <tr> <td>user:</td> <td><input type="text" name="user" id="user" size="16"></td> </tr> <tr> <td>pwd:</td> <td><input type="password" name="pwd" id="pwd" size="16"></td> </tr> <tr> <td colspan="2"></td> </tr> </table></form><input type="button" value="submit" onclick="submit();"></div></body></html>
ok.jsp是一个中间页面:
<%@ page contentType="text/html;charset=UTF-8" language="java" pageEncoding="utf-8"%><%String username = request.getParameter("user");String password = request.getParameter("pwd"); session.setAttribute("icell-username",username); session.setAttribute("icell-password",password); %><html ><head><title>身份验证</title></head><body>go go</body><script type="text/javascript">window.location.href="tab/dashboard"; </script></html>
这样就可以通过设置的用户密码进行打包的数据下载了。
0 0
- CI持续集成之cruiserControl用户安全处理
- 持续集成CI之Jenkins使用指南
- 持续集成 ci简介
- Travis CI 持续集成
- 持续集成(CI)
- jenkins CI 持续集成
- 持续集成CI
- CI持续集成
- [CI] Jenkins - 持续集成
- 持续集成(CI)
- CI(持续集成)之Jenkins+Gitlab的基本配置
- 什么是持续集成(CI)
- CI持续集成组合方案
- 持续集成CI(一)
- Travis CI android 持续集成
- 安全开发之持续集成相关工具
- 持续集成CI(Continuous integration)
- CI continus intergrtion与.net 持续集成
- Web中文乱码——2、SpringMVC+Jetty 乱码
- ural 1716
- NYOJ NO.305 表达式求值
- C++流(半搬运)
- Web中文乱码——4、Webx+jetty乱码
- CI持续集成之cruiserControl用户安全处理
- 大小段问题
- Web中文乱码——5、Response乱码
- 其它中文乱码——1、PL/SQL Developer乱码
- The journey of Ural dynamic programming
- 其它中文乱码——2、Oracle视图乱码
- 会用.gitignore么?
- PHP匹配中文的正则表达式
- IOS ARC内存管理,提高效率避免内存泄露