Home Explore Help
Register Sign In
wuyongqiang
/
framework
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

修复资源地址匹配不正确问题

woody 1 year ago
parent
25fd3a3037
commit
d3792567de
7 changed files with 106 additions and 27 deletions
Unified View Show Diff Stats
  1. 68 0
      framework-base/src/main/java/com/chelvc/framework/base/util/ObjectUtils.java
  2. 12 4
      framework-base/src/main/java/com/chelvc/framework/base/util/StringUtils.java
  3. 9 9
      framework-security/src/main/java/com/chelvc/framework/security/config/SecurityProperties.java
  4. 2 2
      framework-security/src/main/java/com/chelvc/framework/security/context/SecurityContextHolder.java
  5. 5 4
      framework-security/src/main/java/com/chelvc/framework/security/interceptor/PermissionValidateInterceptor.java
  6. 5 4
      framework-security/src/main/java/com/chelvc/framework/security/interceptor/RequestSecurityInterceptor.java
  7. 5 4
      framework-security/src/main/java/com/chelvc/framework/security/interceptor/SignatureValidateInterceptor.java

+ 68 - 0
framework-base/src/main/java/com/chelvc/framework/base/util/ObjectUtils.java
View File 

@@ -112,6 +112,74 @@ public final class ObjectUtils {
 
     private ObjectUtils() {
 
     private ObjectUtils() {
 
     }
 
     }
 
 
 
+    /**
 
+     * 判断数组是否为空
 
+     *
 
+     * @param array 对象数组
 
+     * @param <T>   对象类型
 
+     * @return true/false
 
+     */
 
+    public static <T> boolean isEmpty(T[] array) {
 
+        return array == null || array.length == 0;
 
+    }
 
+
 
+    /**
 
+     * 判断字典是否为空
 
+     *
 
+     * @param map 键/值映射表
 
+     * @param <K> 键类型
 
+     * @param <V> 值类型
 
+     * @return true/false
 
+     */
 
+    public static <K, V> boolean isEmpty(Map<K, V> map) {
 
+        return CollectionUtils.isEmpty(map);
 
+    }
 
+
 
+    /**
 
+     * 判断集合是否为空
 
+     *
 
+     * @param collection 对象集合
 
+     * @param <T>        对象类型
 
+     * @return true/false
 
+     */
 
+    public static <T> boolean isEmpty(Collection<T> collection) {
 
+        return CollectionUtils.isEmpty(collection);
 
+    }
 
+
 
+    /**
 
+     * 判断数组是否非空
 
+     *
 
+     * @param array 对象数组
 
+     * @param <T>   对象类型
 
+     * @return true/false
 
+     */
 
+    public static <T> boolean nonEmpty(T[] array) {
 
+        return !isEmpty(array);
 
+    }
 
+
 
+    /**
 
+     * 判断字典是否非空
 
+     *
 
+     * @param map 键/值映射表
 
+     * @param <K> 键类型
 
+     * @param <V> 值类型
 
+     * @return true/false
 
+     */
 
+    public static <K, V> boolean nonEmpty(Map<K, V> map) {
 
+        return !isEmpty(map);
 
+    }
 
+
 
+    /**
 
+     * 判断集合是否非空
 
+     *
 
+     * @param collection 对象集合
 
+     * @param <T>        对象类型
 
+     * @return true/false
 
+     */
 
+    public static <T> boolean nonEmpty(Collection<T> collection) {
 
+        return !isEmpty(collection);
 
+    }
 
+
 
     /**
 
     /**
 
      * 返回不为空的对象(如果第一个对象为空,则返回第二个对象)
 
      * 返回不为空的对象(如果第一个对象为空,则返回第二个对象)
 
      *
 
      *

+ 12 - 4
framework-base/src/main/java/com/chelvc/framework/base/util/StringUtils.java
View File 

@@ -680,12 +680,20 @@ public final class StringUtils {
 
     /**
 
     /**
 
      * 判断资源路径是否符合指定匹配模式
 
      * 判断资源路径是否符合指定匹配模式
 
      *
 
      *
 
-     * @param pattern 匹配模式
 
-     * @param path    资源路径
 
+     * @param path     资源路径
 
+     * @param patterns 匹配模式数组
 
      * @return true/false
 
      * @return true/false
 
      */
 
      */
 
-    public static boolean isPath(String pattern, String path) {
 
-        return nonEmpty(pattern) && nonEmpty(path) && PATH_MATCHER.match(pattern, path);
 
+    public static boolean isPath(String path, String... patterns) {
 
+        if (isEmpty(path) || patterns == null || patterns.length == 0) {
 
+            return false;
 
+        }
 
+        for (String pattern : patterns) {
 
+            if (nonEmpty(pattern) && PATH_MATCHER.match(pattern, path)) {
 
+                return true;
 
+            }
 
+        }
 
+        return false;
 
     }
 
     }
 
 
 
     /**
 
     /**

+ 9 - 9
framework-security/src/main/java/com/chelvc/framework/security/config/SecurityProperties.java
View File 

@@ -42,17 +42,17 @@ public class SecurityProperties {
 
         /**
 
         /**
 
          * 放行资源地址,多个地址使用","号隔开
 
          * 放行资源地址,多个地址使用","号隔开
 
          */
 
          */
 
-        private String permit;
 
+        private String[] permit;
 
 
 
         /**
 
         /**
 
          * 忽略的资源地址,多个地址使用","号隔开
 
          * 忽略的资源地址,多个地址使用","号隔开
 
          */
 
          */
 
-        private String ignore;
 
+        private String[] ignore;
 
 
 
         /**
 
         /**
 
          * 必须校验的资源地址,多个地址使用","号隔开
 
          * 必须校验的资源地址,多个地址使用","号隔开
 
          */
 
          */
 
-        private String require;
 
+        private String[] require;
 
 
 
         /**
 
         /**
 
          * 允许的请求耗时(毫秒)
 
          * 允许的请求耗时(毫秒)
 
@@ -68,17 +68,17 @@ public class SecurityProperties {
 
         /**
 
         /**
 
          * 放行资源地址,多个地址使用","号隔开
 
          * 放行资源地址,多个地址使用","号隔开
 
          */
 
          */
 
-        private String permit;
 
+        private String[] permit;
 
 
 
         /**
 
         /**
 
          * 忽略的资源地址,多个地址使用","号隔开
 
          * 忽略的资源地址,多个地址使用","号隔开
 
          */
 
          */
 
-        private String ignore;
 
+        private String[] ignore;
 
 
 
         /**
 
         /**
 
          * 必须校验的资源地址,多个地址使用","号隔开
 
          * 必须校验的资源地址,多个地址使用","号隔开
 
          */
 
          */
 
-        private String require;
 
+        private String[] require;
 
     }
 
     }
 
 
 
     /**
 
     /**
 
@@ -89,16 +89,16 @@ public class SecurityProperties {
 
         /**
 
         /**
 
          * 放行资源地址,多个地址使用","号隔开
 
          * 放行资源地址,多个地址使用","号隔开
 
          */
 
          */
 
-        private String permit;
 
+        private String[] permit;
 
 
 
         /**
 
         /**
 
          * 忽略的资源地址,多个地址使用","号隔开
 
          * 忽略的资源地址,多个地址使用","号隔开
 
          */
 
          */
 
-        private String ignore;
 
+        private String[] ignore;
 
 
 
         /**
 
         /**
 
          * 必须校验的资源地址,多个地址使用","号隔开
 
          * 必须校验的资源地址,多个地址使用","号隔开
 
          */
 
          */
 
-        private String require;
 
+        private String[] require;
 
     }
 
     }
 
 }
 
 }

+ 2 - 2
framework-security/src/main/java/com/chelvc/framework/security/context/SecurityContextHolder.java
View File 

@@ -69,9 +69,9 @@ public class SecurityContextHolder {
 
                 }
 
                 }
 
                 String[] sections = METHOD_RESOURCE_SPLIT_PATTERN.split(resource);
 
                 String[] sections = METHOD_RESOURCE_SPLIT_PATTERN.split(resource);
 
                 if (sections.length == 1) {
 
                 if (sections.length == 1) {
 
-                    return StringUtils.isPath(sections[0], uri);
 
+                    return StringUtils.isPath(uri, sections[0]);
 
                 }
 
                 }
 
-                return Objects.equals(method, sections[0]) && StringUtils.isPath(sections[1], uri);
 
+                return Objects.equals(method, sections[0]) && StringUtils.isPath(uri, sections[1]);
 
             });
 
             });
 
         });
 
         });
 
     }
 
     }

+ 5 - 4
framework-security/src/main/java/com/chelvc/framework/security/interceptor/PermissionValidateInterceptor.java
View File 

@@ -12,6 +12,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import com.chelvc.framework.base.context.ApplicationContextHolder;
 
 import com.chelvc.framework.base.context.ApplicationContextHolder;
 
 import com.chelvc.framework.base.model.Result;
 
 import com.chelvc.framework.base.model.Result;
 
 import com.chelvc.framework.base.util.HttpUtils;
 
 import com.chelvc.framework.base.util.HttpUtils;
 
+import com.chelvc.framework.base.util.ObjectUtils;
 
 import com.chelvc.framework.base.util.StringUtils;
 
 import com.chelvc.framework.base.util.StringUtils;
 
 import com.chelvc.framework.security.config.SecurityProperties;
 
 import com.chelvc.framework.security.config.SecurityProperties;
 
 import com.chelvc.framework.security.context.SecurityContextHolder;
 
 import com.chelvc.framework.security.context.SecurityContextHolder;
 
@@ -42,19 +43,19 @@ public class PermissionValidateInterceptor implements Filter {
 
         // 判断是否拥有访问权限
 
         // 判断是否拥有访问权限
 
         SecurityProperties properties = ApplicationContextHolder.getBean(SecurityProperties.class);
 
         SecurityProperties properties = ApplicationContextHolder.getBean(SecurityProperties.class);
 
         SecurityProperties.Permission config = properties.getPermission();
 
         SecurityProperties.Permission config = properties.getPermission();
 
-        if (StringUtils.isEmpty(config.getPermit()) && StringUtils.isEmpty(config.getRequire())) {
 
+        if (ObjectUtils.isEmpty(config.getPermit()) && ObjectUtils.isEmpty(config.getRequire())) {
 
             return true;
 
             return true;
 
         }
 
         }
 
         String method = request.getMethod(), uri = HttpUtils.getRequestURI(request);
 
         String method = request.getMethod(), uri = HttpUtils.getRequestURI(request);
 
-        if (StringUtils.isPath(config.getPermit(), uri) || (StringUtils.nonEmpty(config.getRequire())
 
-                && !StringUtils.isPath(config.getRequire(), uri))
 
+        if (StringUtils.isPath(uri, config.getPermit()) || (ObjectUtils.nonEmpty(config.getRequire())
 
+                && !StringUtils.isPath(uri, config.getRequire()))
 
                 || SecurityContextHolder.hasPermission(method, uri)) {
 
                 || SecurityContextHolder.hasPermission(method, uri)) {
 
             return true;
 
             return true;
 
         }
 
         }
 
 
 
         // 无访问权限
 
         // 无访问权限
 
         log.warn(HttpUtils.getExceptionMessage(request, HttpStatus.FORBIDDEN, "Permission denied"));
 
         log.warn(HttpUtils.getExceptionMessage(request, HttpStatus.FORBIDDEN, "Permission denied"));
 
-        if (StringUtils.isPath(config.getIgnore(), uri)) {
 
+        if (StringUtils.isPath(uri, config.getIgnore())) {
 
             return true;
 
             return true;
 
         }
 
         }
 
         response.setStatus(HttpStatus.FORBIDDEN.value());
 
         response.setStatus(HttpStatus.FORBIDDEN.value());

+ 5 - 4
framework-security/src/main/java/com/chelvc/framework/security/interceptor/RequestSecurityInterceptor.java
View File 

@@ -13,6 +13,7 @@ import com.chelvc.framework.base.context.ApplicationContextHolder;
 
 import com.chelvc.framework.base.context.SessionContextHolder;
 
 import com.chelvc.framework.base.context.SessionContextHolder;
 
 import com.chelvc.framework.base.model.Result;
 
 import com.chelvc.framework.base.model.Result;
 
 import com.chelvc.framework.base.util.HttpUtils;
 
 import com.chelvc.framework.base.util.HttpUtils;
 
+import com.chelvc.framework.base.util.ObjectUtils;
 
 import com.chelvc.framework.base.util.StringUtils;
 
 import com.chelvc.framework.base.util.StringUtils;
 
 import com.chelvc.framework.security.config.SecurityProperties;
 
 import com.chelvc.framework.security.config.SecurityProperties;
 
 import lombok.extern.slf4j.Slf4j;
 
 import lombok.extern.slf4j.Slf4j;
 
@@ -42,12 +43,12 @@ public class RequestSecurityInterceptor implements Filter {
 
         // 判断是否需要放行
 
         // 判断是否需要放行
 
         SecurityProperties properties = ApplicationContextHolder.getBean(SecurityProperties.class);
 
         SecurityProperties properties = ApplicationContextHolder.getBean(SecurityProperties.class);
 
         SecurityProperties.Request config = properties.getRequest();
 
         SecurityProperties.Request config = properties.getRequest();
 
-        if (StringUtils.isEmpty(config.getPermit()) && StringUtils.isEmpty(config.getRequire())) {
 
+        if (ObjectUtils.isEmpty(config.getPermit()) && ObjectUtils.isEmpty(config.getRequire())) {
 
             return true;
 
             return true;
 
         }
 
         }
 
         String uri = HttpUtils.getRequestURI(request);
 
         String uri = HttpUtils.getRequestURI(request);
 
-        if (StringUtils.isPath(config.getPermit(), uri) || (StringUtils.nonEmpty(config.getRequire())
 
-                && !StringUtils.isPath(config.getRequire(), uri))) {
 
+        if (StringUtils.isPath(uri, config.getPermit()) || (ObjectUtils.nonEmpty(config.getRequire())
 
+                && !StringUtils.isPath(uri, config.getRequire()))) {
 
             return true;
 
             return true;
 
         }
 
         }
 
 
 
@@ -66,7 +67,7 @@ public class RequestSecurityInterceptor implements Filter {
 
 
 
         // 无效请求
 
         // 无效请求
 
         log.warn(HttpUtils.getExceptionMessage(request, HttpStatus.FORBIDDEN, "Request invalid"));
 
         log.warn(HttpUtils.getExceptionMessage(request, HttpStatus.FORBIDDEN, "Request invalid"));
 
-        if (StringUtils.isPath(config.getIgnore(), uri)) {
 
+        if (StringUtils.isPath(uri, config.getIgnore())) {
 
             return true;
 
             return true;
 
         }
 
         }
 
         response.setStatus(HttpStatus.FORBIDDEN.value());
 
         response.setStatus(HttpStatus.FORBIDDEN.value());

+ 5 - 4
framework-security/src/main/java/com/chelvc/framework/security/interceptor/SignatureValidateInterceptor.java
View File 

@@ -15,6 +15,7 @@ import com.chelvc.framework.base.context.SessionContextHolder;
 
 import com.chelvc.framework.base.model.Result;
 
 import com.chelvc.framework.base.model.Result;
 
 import com.chelvc.framework.base.util.CodecUtils;
 
 import com.chelvc.framework.base.util.CodecUtils;
 
 import com.chelvc.framework.base.util.HttpUtils;
 
 import com.chelvc.framework.base.util.HttpUtils;
 
+import com.chelvc.framework.base.util.ObjectUtils;
 
 import com.chelvc.framework.base.util.StringUtils;
 
 import com.chelvc.framework.base.util.StringUtils;
 
 import com.chelvc.framework.security.config.SecurityProperties;
 
 import com.chelvc.framework.security.config.SecurityProperties;
 
 import lombok.extern.slf4j.Slf4j;
 
 import lombok.extern.slf4j.Slf4j;
 
@@ -44,12 +45,12 @@ public class SignatureValidateInterceptor implements Filter {
 
         // 判断请求是否需要放行
 
         // 判断请求是否需要放行
 
         SecurityProperties properties = ApplicationContextHolder.getBean(SecurityProperties.class);
 
         SecurityProperties properties = ApplicationContextHolder.getBean(SecurityProperties.class);
 
         SecurityProperties.Signature config = properties.getSignature();
 
         SecurityProperties.Signature config = properties.getSignature();
 
-        if (StringUtils.isEmpty(config.getPermit()) && StringUtils.isEmpty(config.getRequire())) {
 
+        if (ObjectUtils.isEmpty(config.getPermit()) && ObjectUtils.isEmpty(config.getRequire())) {
 
             return true;
 
             return true;
 
         }
 
         }
 
         String uri = HttpUtils.getRequestURI(request);
 
         String uri = HttpUtils.getRequestURI(request);
 
-        if (StringUtils.isPath(config.getPermit(), uri) || (StringUtils.nonEmpty(config.getRequire())
 
-                && !StringUtils.isPath(config.getRequire(), uri))) {
 
+        if (StringUtils.isPath(uri, config.getPermit()) || (ObjectUtils.nonEmpty(config.getRequire())
 
+                && !StringUtils.isPath(uri, config.getRequire()))) {
 
             return true;
 
             return true;
 
         }
 
         }
 
 
 
@@ -71,7 +72,7 @@ public class SignatureValidateInterceptor implements Filter {
 
 
 
         // 签名无效
 
         // 签名无效
 
         log.warn(HttpUtils.getExceptionMessage(request, HttpStatus.FORBIDDEN, "Signature invalid"));
 
         log.warn(HttpUtils.getExceptionMessage(request, HttpStatus.FORBIDDEN, "Signature invalid"));
 
-        if (StringUtils.isPath(config.getIgnore(), uri)) {
 
+        if (StringUtils.isPath(uri, config.getIgnore())) {
 
             return true;
 
             return true;
 
         }
 
         }
 
         response.setStatus(HttpStatus.FORBIDDEN.value());
 
         response.setStatus(HttpStatus.FORBIDDEN.value());