bkz-server.git - Gitblit

parent: 7d7a3dd1 | 补丁 | 提交 | ignore whitespace

admin

2020-06-03 622a0f6cffe4b2178518f4b9775a53832c0e77d8

完善

2个文件已修改

4个文件已添加

	pom.xml	15 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	src/main/java/com/ks/tool/bkz/SpringSecurityConfig.java	37 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	src/main/java/com/ks/tool/bkz/aspact/PermissionValidateAspect.java	28 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	src/main/java/com/ks/tool/bkz/aspact/SignValidateAspect.java	232 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	src/main/java/com/ks/tool/bkz/entity/FirstOrderSubGoods.java	12 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	src/main/resources/application.yml	18 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史

 pom.xml

@@ -22,12 +22,21 @@
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-mongodb</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-redis</artifactId>
        </dependency>

        <dependency>
            <groupId>org.mybatis.spring.boot</groupId>
            <artifactId>mybatis-spring-boot-starter</artifactId>
@@ -77,9 +86,9 @@
            <version>1.10</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-web</artifactId>
            <version>4.3.0.RELEASE</version>
            <groupId>org.aspectj</groupId>
            <artifactId>aspectjrt</artifactId>
            <version>1.8.5</version>
        </dependency>



 src/main/java/com/ks/tool/bkz/SpringSecurityConfig.java

New file
@@ -0,0 +1,37 @@
package com.ks.tool.bkz;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SpringSecurityConfig  extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
        http.authorizeRequests()
                .antMatchers("/").permitAll() //主路径允许访问
                .anyRequest().authenticated()  //验证
                .and()
                .logout().permitAll() //注销也是运行访问
                .and()
                .formLogin();
        http.csrf().disable();  //关闭csrf() 认证
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        super.configure(web);
        web.ignoring().antMatchers("/js/**", "/css/**", "/images/**");
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        super.configure(auth);
    }
}

 src/main/java/com/ks/tool/bkz/aspact/PermissionValidateAspect.java

New file
@@ -0,0 +1,28 @@
package com.ks.tool.bkz.aspact;

import com.yeshi.fanli.util.Constant;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

//权限检测
@Component
@Aspect
@Order(2)
public class PermissionValidateAspect {
    public static final String EDP = "execution(* com.ks.tool.bkz.controller.user.*.*.*(..))";

    public static String KEY = "";

    static {
        KEY = Constant.systemCommonConfig.getSignKey();
    }

    @Around(EDP)
    public Object around(ProceedingJoinPoint joinPoint) throws Throwable {

    }

}

 src/main/java/com/ks/tool/bkz/aspact/SignValidateAspect.java

New file
@@ -0,0 +1,232 @@
package com.ks.tool.bkz.aspact;

import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.servlet.http.HttpServletRequest;
import java.io.PrintWriter;
import java.util.*;

//客户端接口签名验证
@Component
@Aspect
@Order(1)
public class SignValidateAspect {
    public static final String EDP = "execution(* com.ks.tool.bkz.controller.*.*.*(..))";

    public static String KEY = "";

    static {
        KEY = Constant.systemCommonConfig.getSignKey();
    }

    @Around(EDP)
    public Object testAround(ProceedingJoinPoint joinPoint) throws Throwable {
        Object[] args = joinPoint.getArgs();
        PrintWriter out = null;
        ServletRequestAttributes servletContainer = (ServletRequestAttributes) RequestContextHolder
                .getRequestAttributes();

        out = servletContainer.getResponse().getWriter();
        HttpServletRequest request = servletContainer.getRequest();

        AcceptData acceptData = null;
        for (Object obj : args) {
            if (obj instanceof AcceptData) {
                acceptData = (AcceptData) obj;
            } else if (obj instanceof HttpServletRequest) {
                request = (HttpServletRequest) obj;
            }
        }
        boolean isRight = true;
        if (acceptData == null) {
            out.print(JsonUtil.loadFalseResult(-1, "签名错误"));
            return null;
        }

        isRight = false;

        if ((acceptData.getPlatform() != null && acceptData.getPlatform().equalsIgnoreCase("android")
                && acceptData.getVersion() != null && Integer.parseInt(acceptData.getVersion()) > 21)
                || (acceptData.getPlatform() != null && acceptData.getPlatform().equalsIgnoreCase("ios")
                        && acceptData.getVersion() != null && Integer.parseInt(acceptData.getVersion()) > 24)) {
            isRight = signIsRight(request);
        } else if (acceptData.getPackages().startsWith("com.haicaojie")) {
            isRight = signIsRight(request);
        } else {
            isRight = signIsRight(acceptData);
        }
        // if (Integer.parseInt(acceptData.getVersion()) > 21) {
        // isRight = signIsRight(request);
        // } else {
        // isRight = signIsRight(acceptData);
        // }

        // 签名是否正确
        if (isRight) {
            // 判断签名超时
            if (Math.abs((Long.parseLong(acceptData.getTime()) - System.currentTimeMillis())) > 1000 * 60 * 10) {
                JSONObject data = new JSONObject();
                data.put("code", -2);
                data.put("msg", "时间错误");
                out.print(data);
                out.close();
                return null;
            }

            final String url = request.getRequestURI();
            @SuppressWarnings("unchecked")
            final Map<String, Object> params = request.getParameterMap();
            ThreadUtil.run(new Runnable() {
                @Override
                public void run() {
                    // 记录请求日志
                    LogHelper.requestInfo(url, params);
                }
            });

            Object obj = null;
            try {
                long startTime = System.currentTimeMillis();
                obj = joinPoint.proceed(args);
                final long responseTime = System.currentTimeMillis() - startTime;
                // 记录大于2s的请求
                if (responseTime >= 2000) {
                    ThreadUtil.run(new Runnable() {

                        @Override
                        public void run() {
                            LogHelper.requestTime(url, params, responseTime);
                        }
                    });

                }

            } catch (Throwable e) {
                LogHelper.errorDetailInfo(e, getHttpServletParams(request), request.getRequestURI().toString());
                if (!Constant.IS_TEST)
                    out.print(JsonUtil.loadFalseResult(90009, "服务器内部错误"));
                else
                    throw e;
            }
            return obj;
        } else {
            JSONObject data = new JSONObject();
            data.put("code", -1);
            data.put("msg", "签名错误");
            out.print(data);
            out.close();
            LogHelper.error("签名错误:" + request.getRequestURI() + "-" + getHttpServletParams(request));
            return null;
        }
    }

    private String getHttpServletParams(HttpServletRequest request) {
        if (request == null) {
            return "";
        }
        Map map = request.getParameterMap();
        if (map != null) {
            Iterator<String> its = map.keySet().iterator();
            JSONObject json = new JSONObject();
            while (its.hasNext()) {
                String next = its.next();
                if (map.get(next) != null) {
                    Object[] objects = (Object[]) map.get(next);
                    if (objects != null && objects.length > 0) {
                        json.put(next, objects[0].toString());
                    }
                }
            }
            return json.toString();
        }
        return "";
    }

    private boolean signIsRight(AcceptData acceptData) {
        String[] arr = new String[] { acceptData.getApiversion(), acceptData.getAppkey(), acceptData.getDevice(),
                acceptData.getPackages(), acceptData.getPlatform(), acceptData.getTime(), acceptData.getVersion() };
        Arrays.sort(arr);
        StringBuffer sb = new StringBuffer();
        for (String val : arr) {
            sb.append(val);
        }
        String md5 = StringUtil.Md5(sb.toString() + KEY);
        if (!md5.equals(acceptData.getSign())) {
            return false;
        } else {
            return true;
        }
    }

    /**
     * 判断签名的正确性 Android version>50
     * 
     * @param request
     * @return
     */
    @SuppressWarnings("unchecked")
    private boolean signIsRight(HttpServletRequest request) {
        Map<String, Object> map = request.getParameterMap();
        Iterator<String> its = map.keySet().iterator();
        List<String> list = new ArrayList<>();
        boolean fromWEB = false;

        while (its.hasNext()) {
            String key = its.next();

            // if (key.equalsIgnoreCase("callback")) {
            // fromWEB = true;
            // }

            if (key.equalsIgnoreCase("sign") || key.equalsIgnoreCase("callback") || key.equalsIgnoreCase("_")) {
                continue;
            }
            Object value = map.get(key);
            Object[] values = (Object[]) value;
            list.add(key + "=" + values[0].toString());
        }
        Collections.sort(list);
        String str = "";
        for (String st : list) {
            str += st + "&";
        }
        String sign = null;
        if (!fromWEB)
            sign = StringUtil.Md5(str + KEY);
        else
            sign = StringUtil.Md5(str + Constant.WEBPAGE_SIGN_KEY);
        if (sign.equalsIgnoreCase(request.getParameter("sign") + "")) {
            return true;
        } else {
            return false;
        }
    }

    public static boolean signIsRight(JSONObject json) {
        List<String> list = new ArrayList<>();
        for (Iterator<String> its = json.keySet().iterator(); its.hasNext();) {
            String key = its.next();
            if (!key.equalsIgnoreCase("sign"))
                list.add(key + "=" + json.optString(key));
        }
        Collections.sort(list);
        String str = "";
        for (String st : list) {
            str += st + "&";
        }
        String sign = StringUtil.Md5(str + KEY);
        if (sign.equalsIgnoreCase(json.optString("sign"))) {
            return true;
        } else {
            return false;
        }

    }

}

 src/main/java/com/ks/tool/bkz/entity/FirstOrderSubGoods.java

New file
@@ -0,0 +1,12 @@
package com.ks.tool.bkz.entity;

import java.math.BigDecimal;
import java.util.Date;

public class FirstOrderSubGoods {
    private Long auctionId;//商品ID
    private BigDecimal subMoney;//首单立减的金额
    private BigDecimal zkPrice;
    private String couponInfo;
    private Date createTime;
}

 src/main/resources/application.yml

@@ -30,13 +30,29 @@
      database: bkz
      username: admin
      password: 123456
  redis:
    database: 0
    host: 192.168.0.24
    port: 6379
    # Redis服务器连接密码（默认为空）
    password: 
    # 连接池最大连接数（使用负值表示没有限制）
    pool.max-active: 200
    # 连接池最大阻塞等待时间（使用负值表示没有限制）
    pool.max-wait: -1
    # 连接池中的最大空闲连接
    pool.max-idle: 10
    # 连接池中的最小空闲连接
    pool.min-idle: 0
    # 连接超时时间（毫秒）
    timeout: 1000

mybatis:
  mapper-locations: classpath:mapping/*.xml
  type-aliases-package: com.uqiauto.user.model

mapper:
  mappers:  com.uqiauto.user.dao
  mappers:  com.ks.tool.dao.mapper
  not-empty: false
  identity: MYSQL

			@@ -22,12 +22,21 @@
			<dependencies>
			<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
			</dependency>
			<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-security</artifactId>
			</dependency>
			<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-data-mongodb</artifactId>
			</dependency>
			<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-data-redis</artifactId>
			</dependency>

			<dependency>
			<groupId>org.mybatis.spring.boot</groupId>
			<artifactId>mybatis-spring-boot-starter</artifactId>
			@@ -77,9 +86,9 @@
			<version>1.10</version>
			</dependency>
			<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-web</artifactId>
			<version>4.3.0.RELEASE</version>
			<groupId>org.aspectj</groupId>
			<artifactId>aspectjrt</artifactId>
			<version>1.8.5</version>
			</dependency>

New file
			@@ -0,0 +1,37 @@
			package com.ks.tool.bkz;

			import org.springframework.context.annotation.Configuration;
			import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
			import org.springframework.security.config.annotation.web.builders.HttpSecurity;
			import org.springframework.security.config.annotation.web.builders.WebSecurity;
			import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
			import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

			@Configuration
			@EnableWebSecurity
			public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

			@Override
			protected void configure(HttpSecurity http) throws Exception {
			super.configure(http);
			http.authorizeRequests()
			.antMatchers("/").permitAll() //主路径允许访问
			.anyRequest().authenticated() //验证
			.and()
			.logout().permitAll() //注销也是运行访问
			.and()
			.formLogin();
			http.csrf().disable(); //关闭csrf() 认证
			}

			@Override
			public void configure(WebSecurity web) throws Exception {
			super.configure(web);
			web.ignoring().antMatchers("/js/", "/css/", "/images/**");
			}

			@Override
			protected void configure(AuthenticationManagerBuilder auth) throws Exception {
			super.configure(auth);
			}
			}

New file
			@@ -0,0 +1,28 @@
			package com.ks.tool.bkz.aspact;

			import com.yeshi.fanli.util.Constant;
			import org.aspectj.lang.ProceedingJoinPoint;
			import org.aspectj.lang.annotation.Around;
			import org.aspectj.lang.annotation.Aspect;
			import org.springframework.core.annotation.Order;
			import org.springframework.stereotype.Component;

			//权限检测
			@Component
			@Aspect
			@Order(2)
			public class PermissionValidateAspect {
			public static final String EDP = "execution(* com.ks.tool.bkz.controller.user...*(..))";

			public static String KEY = "";

			static {
			KEY = Constant.systemCommonConfig.getSignKey();
			}

			@Around(EDP)
			public Object around(ProceedingJoinPoint joinPoint) throws Throwable {

			}

			}

New file
			@@ -0,0 +1,232 @@
			package com.ks.tool.bkz.aspact;

			import org.aspectj.lang.ProceedingJoinPoint;
			import org.aspectj.lang.annotation.Around;
			import org.aspectj.lang.annotation.Aspect;
			import org.springframework.core.annotation.Order;
			import org.springframework.stereotype.Component;
			import org.springframework.web.context.request.RequestContextHolder;
			import org.springframework.web.context.request.ServletRequestAttributes;

			import javax.servlet.http.HttpServletRequest;
			import java.io.PrintWriter;
			import java.util.*;

			//客户端接口签名验证
			@Component
			@Aspect
			@Order(1)
			public class SignValidateAspect {
			public static final String EDP = "execution(* com.ks.tool.bkz.controller...*(..))";

			public static String KEY = "";

			static {
			KEY = Constant.systemCommonConfig.getSignKey();
			}

			@Around(EDP)
			public Object testAround(ProceedingJoinPoint joinPoint) throws Throwable {
			Object[] args = joinPoint.getArgs();
			PrintWriter out = null;
			ServletRequestAttributes servletContainer = (ServletRequestAttributes) RequestContextHolder
			.getRequestAttributes();

			out = servletContainer.getResponse().getWriter();
			HttpServletRequest request = servletContainer.getRequest();

			AcceptData acceptData = null;
			for (Object obj : args) {
			if (obj instanceof AcceptData) {
			acceptData = (AcceptData) obj;
			} else if (obj instanceof HttpServletRequest) {
			request = (HttpServletRequest) obj;
			}
			}
			boolean isRight = true;
			if (acceptData == null) {
			out.print(JsonUtil.loadFalseResult(-1, "签名错误"));
			return null;
			}

			isRight = false;

			if ((acceptData.getPlatform() != null && acceptData.getPlatform().equalsIgnoreCase("android")
			&& acceptData.getVersion() != null && Integer.parseInt(acceptData.getVersion()) > 21)
			\|\| (acceptData.getPlatform() != null && acceptData.getPlatform().equalsIgnoreCase("ios")
			&& acceptData.getVersion() != null && Integer.parseInt(acceptData.getVersion()) > 24)) {
			isRight = signIsRight(request);
			} else if (acceptData.getPackages().startsWith("com.haicaojie")) {
			isRight = signIsRight(request);
			} else {
			isRight = signIsRight(acceptData);
			}
			// if (Integer.parseInt(acceptData.getVersion()) > 21) {
			// isRight = signIsRight(request);
			// } else {
			// isRight = signIsRight(acceptData);
			// }

			// 签名是否正确
			if (isRight) {
			// 判断签名超时
			if (Math.abs((Long.parseLong(acceptData.getTime()) - System.currentTimeMillis())) > 1000 * 60 * 10) {
			JSONObject data = new JSONObject();
			data.put("code", -2);
			data.put("msg", "时间错误");
			out.print(data);
			out.close();
			return null;
			}

			final String url = request.getRequestURI();
			@SuppressWarnings("unchecked")
			final Map<String, Object> params = request.getParameterMap();
			ThreadUtil.run(new Runnable() {
			@Override
			public void run() {
			// 记录请求日志
			LogHelper.requestInfo(url, params);
			}
			});

			Object obj = null;
			try {
			long startTime = System.currentTimeMillis();
			obj = joinPoint.proceed(args);
			final long responseTime = System.currentTimeMillis() - startTime;
			// 记录大于2s的请求
			if (responseTime >= 2000) {
			ThreadUtil.run(new Runnable() {

			@Override
			public void run() {
			LogHelper.requestTime(url, params, responseTime);
			}
			});

			}

			} catch (Throwable e) {
			LogHelper.errorDetailInfo(e, getHttpServletParams(request), request.getRequestURI().toString());
			if (!Constant.IS_TEST)
			out.print(JsonUtil.loadFalseResult(90009, "服务器内部错误"));
			else
			throw e;
			}
			return obj;
			} else {
			JSONObject data = new JSONObject();
			data.put("code", -1);
			data.put("msg", "签名错误");
			out.print(data);
			out.close();
			LogHelper.error("签名错误:" + request.getRequestURI() + "-" + getHttpServletParams(request));
			return null;
			}
			}

			private String getHttpServletParams(HttpServletRequest request) {
			if (request == null) {
			return "";
			}
			Map map = request.getParameterMap();
			if (map != null) {
			Iterator<String> its = map.keySet().iterator();
			JSONObject json = new JSONObject();
			while (its.hasNext()) {
			String next = its.next();
			if (map.get(next) != null) {
			Object[] objects = (Object[]) map.get(next);
			if (objects != null && objects.length > 0) {
			json.put(next, objects[0].toString());
			}
			}
			}
			return json.toString();
			}
			return "";
			}

			private boolean signIsRight(AcceptData acceptData) {
			String[] arr = new String[] { acceptData.getApiversion(), acceptData.getAppkey(), acceptData.getDevice(),
			acceptData.getPackages(), acceptData.getPlatform(), acceptData.getTime(), acceptData.getVersion() };
			Arrays.sort(arr);
			StringBuffer sb = new StringBuffer();
			for (String val : arr) {
			sb.append(val);
			}
			String md5 = StringUtil.Md5(sb.toString() + KEY);
			if (!md5.equals(acceptData.getSign())) {
			return false;
			} else {
			return true;
			}
			}

			/**
			* 判断签名的正确性 Android version>50
			*
			* @param request
			* @return
			*/
			@SuppressWarnings("unchecked")
			private boolean signIsRight(HttpServletRequest request) {
			Map<String, Object> map = request.getParameterMap();
			Iterator<String> its = map.keySet().iterator();
			List<String> list = new ArrayList<>();
			boolean fromWEB = false;

			while (its.hasNext()) {
			String key = its.next();

			// if (key.equalsIgnoreCase("callback")) {
			// fromWEB = true;
			// }

			if (key.equalsIgnoreCase("sign") \|\| key.equalsIgnoreCase("callback") \|\| key.equalsIgnoreCase("_")) {
			continue;
			}
			Object value = map.get(key);
			Object[] values = (Object[]) value;
			list.add(key + "=" + values[0].toString());
			}
			Collections.sort(list);
			String str = "";
			for (String st : list) {
			str += st + "&";
			}
			String sign = null;
			if (!fromWEB)
			sign = StringUtil.Md5(str + KEY);
			else
			sign = StringUtil.Md5(str + Constant.WEBPAGE_SIGN_KEY);
			if (sign.equalsIgnoreCase(request.getParameter("sign") + "")) {
			return true;
			} else {
			return false;
			}
			}

			public static boolean signIsRight(JSONObject json) {
			List<String> list = new ArrayList<>();
			for (Iterator<String> its = json.keySet().iterator(); its.hasNext();) {
			String key = its.next();
			if (!key.equalsIgnoreCase("sign"))
			list.add(key + "=" + json.optString(key));
			}
			Collections.sort(list);
			String str = "";
			for (String st : list) {
			str += st + "&";
			}
			String sign = StringUtil.Md5(str + KEY);
			if (sign.equalsIgnoreCase(json.optString("sign"))) {
			return true;
			} else {
			return false;
			}

			}

			}

New file
			@@ -0,0 +1,12 @@
			package com.ks.tool.bkz.entity;

			import java.math.BigDecimal;
			import java.util.Date;

			public class FirstOrderSubGoods {
			private Long auctionId;//商品ID
			private BigDecimal subMoney;//首单立减的金额
			private BigDecimal zkPrice;
			private String couponInfo;
			private Date createTime;
			}

			@@ -30,13 +30,29 @@
			database: bkz
			username: admin
			password: 123456
			redis:
			database: 0
			host: 192.168.0.24
			port: 6379
			# Redis服务器连接密码（默认为空）
			password:
			# 连接池最大连接数（使用负值表示没有限制）
			pool.max-active: 200
			# 连接池最大阻塞等待时间（使用负值表示没有限制）
			pool.max-wait: -1
			# 连接池中的最大空闲连接
			pool.max-idle: 10
			# 连接池中的最小空闲连接
			pool.min-idle: 0
			# 连接超时时间（毫秒）
			timeout: 1000

			mybatis:
			mapper-locations: classpath:mapping/*.xml
			type-aliases-package: com.uqiauto.user.model

			mapper:
			mappers: com.uqiauto.user.dao
			mappers: com.ks.tool.dao.mapper
			not-empty: false
			identity: MYSQL