Skip to content

T
test
Commit 0e28035b authored by 雍欢's avatar 雍欢
Browse files
Options

使用策略模式重构平台的csrf token检验规则,使业务系统扩展自己的检验规则

parent 585114f6
Hide whitespace changes
Inline Side-by-side
Showing with 377 additions and 237 deletions
huigou-common/pom.xml
View file @ 0e28035b
......@@ -6,7 +6,7 @@
<parent>
<groupId>com.huigou</groupId>
<artifactId>root</artifactId>
<version>1.2.9-SNAPSHOT</version>
<version>1.2.9</version>
</parent>
<artifactId>huigou-common</artifactId>
<name>huigou-common</name>
......
huigou-core-api/pom.xml
View file @ 0e28035b
......@@ -6,7 +6,7 @@
<parent>
<groupId>com.huigou</groupId>
<artifactId>root</artifactId>
<version>1.2.9-SNAPSHOT</version>
<version>1.2.9</version>
</parent>
<artifactId>huigou-core-api</artifactId>
<name>huigou-core-api</name>
......
huigou-core-impl/pom.xml
View file @ 0e28035b
......@@ -6,7 +6,7 @@
<parent>
<groupId>com.huigou</groupId>
<artifactId>root</artifactId>
<version>1.2.9-SNAPSHOT</version>
<version>1.2.9</version>
</parent>
<artifactId>huigou-core-impl</artifactId>
<name>huigou-core-impl</name>
......
huigou-core-proxy/pom.xml
View file @ 0e28035b
......@@ -6,7 +6,7 @@
<parent>
<groupId>com.huigou</groupId>
<artifactId>root</artifactId>
<version>1.2.9-SNAPSHOT</version>
<version>1.2.9</version>
</parent>
<artifactId>huigou-core-proxy</artifactId>
<name>huigou-core-proxy</name>
......
huigou-data/pom.xml
View file @ 0e28035b
......@@ -6,7 +6,7 @@
<parent>
<groupId>com.huigou</groupId>
<artifactId>root</artifactId>
<version>1.2.9-SNAPSHOT</version>
<version>1.2.9</version>
</parent>
<artifactId>huigou-data</artifactId>
<name>huigou-data</name>
......
huigou-loader/pom.xml
View file @ 0e28035b
......@@ -5,7 +5,7 @@
<parent>
<groupId>com.huigou</groupId>
<artifactId>root</artifactId>
<version>1.2.9-SNAPSHOT</version>
<version>1.2.9</version>
</parent>
<artifactId>huigou-loader</artifactId>
<packaging>jar</packaging>
......
huigou-system-common/pom.xml
View file @ 0e28035b
......@@ -5,7 +5,7 @@
<parent>
<groupId>com.huigou</groupId>
<artifactId>root</artifactId>
<version>1.2.9-SNAPSHOT</version>
<version>1.2.9</version>
</parent>
<artifactId>huigou-system-common</artifactId>
......
huigou-uasp/pom.xml
View file @ 0e28035b
......@@ -4,7 +4,7 @@
<parent>
<groupId>com.huigou</groupId>
<artifactId>root</artifactId>
<version>1.2.9-SNAPSHOT</version>
<version>1.2.9</version>
</parent>
<artifactId>huigou-uasp</artifactId>
<name>huigou-uasp</name>
......@@ -348,7 +348,7 @@
<dependency>
<groupId>com.topsunit</groupId>
<artifactId>query-spring</artifactId>
<version>1.2.9-SNAPSHOT</version>
<version>1.2.9</version>
</dependency>
<dependency>
<groupId>net.sf.cssbox</groupId>
......
huigou-uasp/src/main/java/com/huigou/uasp/bmp/intercept/AuthenticationInterceptor.java
View file @ 0e28035b
package com.huigou.uasp.bmp.intercept;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.huigou.context.ApplicationProperties;
import com.huigou.context.ContextUtil;
import com.huigou.context.MessageSourceContext;
import com.huigou.context.Operator;
import com.huigou.context.ThreadLocalUtil;
import com.huigou.context.*;
import com.huigou.exception.ApplicationException;
import com.huigou.shiro.token.CasServiceToken;
import com.huigou.uasp.annotation.SkipAuth;
......@@ -34,19 +13,31 @@ import com.huigou.uasp.exception.AuthException;
import com.huigou.uasp.exception.VisitErrorException;
import com.huigou.uasp.log.application.LoginLogApplication;
import com.huigou.util.Constants;
import com.huigou.util.Md5Builder;
import com.huigou.util.SDO;
import com.huigou.util.StringUtil;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
/**
* 认证拦截器 检查用户是否登录,csrf防御
*
*
* @author xx
*/
public class AuthenticationInterceptor extends HandlerInterceptorAdapter {
private final PathMatcher pathMatcher = new AntPathMatcher();
private final String SPLIT_PATTERN = "[, ;\r\n]";// 逗号 空格 分号 换行
......@@ -61,11 +52,13 @@ public class AuthenticationInterceptor extends HandlerInterceptorAdapter {
private ActApplication actApplication;
// csrf验证白名单
@Deprecated
private List<String> csrfWhiteListURL = null;
@Deprecated
private List<String> ssoCsfWhiteListUrls = null;
// 单点登录情况下csrf验证白名单
@Deprecated
private String ssoCsfWhiteListMethodName;
// 需要验证任务状态的方法名
......@@ -73,10 +66,12 @@ public class AuthenticationInterceptor extends HandlerInterceptorAdapter {
private List<String> taskStatusChekedMethoUrls = null;
private CsrfTokenVerifyStrategy csrfTokenVerifyStrategy;
@Deprecated
public void setCsrfWhiteListURL(List<String> csrfWhiteListURL) {
this.csrfWhiteListURL = csrfWhiteListURL;
}
@Deprecated
public void setSsoCsfWhiteListMethodName(String ssoCsfWhiteListMethodName) {
this.ssoCsfWhiteListMethodName = ssoCsfWhiteListMethodName;
}
......@@ -84,28 +79,12 @@ public class AuthenticationInterceptor extends HandlerInterceptorAdapter {
public String getTaskStatusChekedMethodName() {
return taskStatusChekedMethodName;
}
public void setTaskStatusChekedMethodName(String taskStatusChekedMethodName) {
this.taskStatusChekedMethodName = taskStatusChekedMethodName;
}
public List<String> getSsoCsfWhiteListUrls() {
if (ssoCsfWhiteListUrls == null) {
// 解析字符串为可用于匹配的路径
ssoCsfWhiteListUrls = new ArrayList<String>();
if (StringUtil.isNotBlank(ssoCsfWhiteListMethodName)) {
String[] nameArray = ssoCsfWhiteListMethodName.split(SPLIT_PATTERN);
for (String name : nameArray) {
name = name.trim();
if (name.length() == 0) {
continue;
}
// 如字符串为 load 匹配路径为/**/load*
ssoCsfWhiteListUrls.add(String.format("/**/%s*", name));
}
}
}
return ssoCsfWhiteListUrls;
public void setCsrfTokenVerifyStrategy(CsrfTokenVerifyStrategy csrfTokenVerifyStrategy) {
this.csrfTokenVerifyStrategy = csrfTokenVerifyStrategy;
}
public List<String> getTaskStatusChekedMethoUrls() {
......@@ -160,45 +139,8 @@ public class AuthenticationInterceptor extends HandlerInterceptorAdapter {
private boolean intercept(HttpServletRequest request, HttpServletResponse response, TaskStatusCheck taskStatusCheck) throws Exception {
Operator operator = this.getAuthOperator(request, response);
Subject subject = SecurityUtils.getSubject();
// operator 为空判断是否存在单点登录
if (operator == null) {
// ajax 请求全部需要登录后执行
if (ContextUtil.isAjaxRequest()) {
throw new AuthException();
}
if (isCas()) {
// 系统使用cas单点登录认证
if (!this.casLogin(subject, request, response)) {
return false;
}
}
// 重新获取operator
operator = (Operator) subject.getSession().getAttribute(Constants.SESSION_OPERATOR_ATTRIBUTE);
}
// 全部判断处理完成后operator还是为空抛出异常
if (operator == null) {
throw new AuthException();
}
// 处理跨站请求伪造
boolean verifyCSRF = this.verifyCSRFToken(request);
// 跨站请求伪造校验失败
if (!verifyCSRF) {
// 全部ajax请求抛出异常
if (ContextUtil.isAjaxRequest()) {
throw new VisitErrorException();
}
// CAS中 处理可以直接产生数据改变的服务
if (isCas()) {
// 只有 ssoCsfWhiteListMethodName 中开头的方法放行
verifyCSRF = this.isSSOCSRFWhiteURL(request.getServletPath());
if (verifyCSRF) {
this.verifySSOAsBizId(request, operator);
}
}
}
// 全部判断处理完后
if (!verifyCSRF) {
if (!csrfTokenVerifyStrategy.verify(request, operator)) {
throw new VisitErrorException();
}
// 验证任务状态
......@@ -214,7 +156,7 @@ public class AuthenticationInterceptor extends HandlerInterceptorAdapter {
/**
* 是否存在cas ticket
*
*
* @param request
* @return
*/
......@@ -225,7 +167,7 @@ public class AuthenticationInterceptor extends HandlerInterceptorAdapter {
/**
* CAS登录验证
*
*
* @param subject
* @param request
* @param response
......@@ -270,114 +212,9 @@ public class AuthenticationInterceptor extends HandlerInterceptorAdapter {
}
}
/**
* 处理跨站请求伪造
* 针对需要登录后才能处理的请求,验证CSRFToken校验
*
* @param request
*/
protected boolean verifyCSRFToken(HttpServletRequest request) {
// 白名单中的url不进行CSRFToken校验
if (this.isCSRFWhiteURL(request.getServletPath())) {
return true;
}
if (ContextUtil.isAppRequest()){
return true;
}
// 从 head中取 ajax 操作可获取
String csrfToken = request.getHeader(Constants.CSRF_TOKEN);
// 读取请求中参数
if (StringUtil.isBlank(csrfToken)) {
csrfToken = request.getParameter(Constants.CSRF_TOKEN);
}
if (StringUtil.isBlank(csrfToken)) {
return false;
}
Subject subject = SecurityUtils.getSubject();
String sessionCSRFToken = (String) subject.getSession().getAttribute(Constants.CSRF_TOKEN);
if (StringUtil.isBlank(sessionCSRFToken)) {
return false;
}
String checkCSRFToken = sessionCSRFToken;
String bizId = request.getParameter(Constants.BIZID);
if (StringUtil.isNotBlank(bizId)) {// 存在bizId
if (!ContextUtil.isAjaxRequest()) {// 不是ajax请求
// 存在bizId校验则使用bizId与token加密后传输
checkCSRFToken = Md5Builder.getMd5(bizId + sessionCSRFToken);
}
}
if (csrfToken.equalsIgnoreCase(checkCSRFToken)) {
return true;
} else {
// 存在csrfToken的不相同强制报错
throw new VisitErrorException(String.format("存在csrfToken的不相同, csrfToken=[%s],sessionCSRFToken=[%s]", csrfToken, checkCSRFToken));
}
}
/**
* csrf白名单验证
*
* @param currentURL
* @return
*/
private boolean isCSRFWhiteURL(String currentURL) {
if (csrfWhiteListURL == null || csrfWhiteListURL.size() == 0) {
return false;
}
for (String whiteURL : csrfWhiteListURL) {
if (pathMatcher.match(whiteURL, currentURL)) {
return true;
}
}
return false;
}
/**
* 单点登录情况下 csrf白名单验证
*
* @param currentURL
* @return
*/
private boolean isSSOCSRFWhiteURL(String currentURL) {
List<String> whiteList = this.getSsoCsfWhiteListUrls();
if (whiteList == null || whiteList.size() == 0) {
return false;
}
for (String whiteURL : whiteList) {
if (pathMatcher.match(whiteURL, currentURL)) {
return true;
}
}
return false;
}
/**
* 是否cas单点登录
*
* @return
*/
private boolean isCas() {
return applicationProperties.isCas();
}
/**
* 单点登录链接校验
*/
private void verifySSOAsBizId(HttpServletRequest request, Operator operator) {
String bizId = request.getParameter(Constants.BIZID);
if (StringUtil.isBlank(bizId)) {
return;
}
// 存在bizId 需要根据当前人员判断是否允许查看任务单据
boolean flag = actApplication.checkVisitTaskByBizIdAndPersonId(bizId, operator.getUserId());
if (!flag) {
throw new AuthorizationException();
}
}
/**
* 判断是否需要验证任务状态
*
*
* @param currentURL
* @return
*/
......@@ -427,8 +264,7 @@ public class AuthenticationInterceptor extends HandlerInterceptorAdapter {
/**
* 获取session中的用户信息
*
* @param request
* 请求
* @param request 请求
* @return 操作员
*/
private Operator getAuthOperator(HttpServletRequest request, HttpServletResponse response) {
......
huigou-uasp/src/main/java/com/huigou/uasp/bmp/intercept/CompositeCsrfTokenVerifyStrategy.java 0 → 100644
View file @ 0e28035b
package com.huigou.uasp.bmp.intercept;
import com.huigou.context.Operator;
import javax.servlet.http.HttpServletRequest;
import java.util.List;
/**
* @author yonghuan
*/
public final class CompositeCsrfTokenVerifyStrategy implements CsrfTokenVerifyStrategy {
/**
* 代理的校验策略。
*/
private final List<CsrfTokenVerifyStrategy> delegateStrategies;
public CompositeCsrfTokenVerifyStrategy(List<CsrfTokenVerifyStrategy> delegateStrategies) {
this.delegateStrategies = delegateStrategies;
}
@Override
public boolean verify(HttpServletRequest request, Operator operator) {
return delegateStrategies.stream().filter(delegateStrategy -> delegateStrategy.verify(request, operator))
.findFirst()
.isPresent();
}
}
huigou-uasp/src/main/java/com/huigou/uasp/bmp/intercept/CsrfTokenVerifyStrategy.java 0 → 100644
View file @ 0e28035b
package com.huigou.uasp.bmp.intercept;
import com.huigou.context.Operator;
import javax.servlet.http.HttpServletRequest;
/**
* 跨站请求伪造Token校验策略。
*
* @author yonghuan
*/
public interface CsrfTokenVerifyStrategy {
/**
* 校验请求是否合法。
*
* @param request http 请求
* @param operator 当前操作者
* @return 如果合法就返回true,否则返回false
*/
boolean verify(HttpServletRequest request, Operator operator);
}
huigou-uasp/src/main/java/com/huigou/uasp/bmp/intercept/DefaultCsrfTokenVerifyStrategy.java 0 → 100644
View file @ 0e28035b
package com.huigou.uasp.bmp.intercept;
import com.huigou.context.ApplicationProperties;
import com.huigou.context.ContextUtil;
import com.huigou.context.Operator;
import com.huigou.uasp.bpm.engine.application.ActApplication;
import com.huigou.uasp.exception.VisitErrorException;
import com.huigou.util.Constants;
import com.huigou.util.Md5Builder;
import com.huigou.util.StringUtil;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;
import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
/**
* @author yonghuan
*/
public class DefaultCsrfTokenVerifyStrategy implements CsrfTokenVerifyStrategy {
private final static Logger LOG = LoggerFactory.getLogger(DefaultCsrfTokenVerifyStrategy.class);
private final String SPLIT_PATTERN = "[, ;\r\n]";// 逗号 空格 分号 换行
// csrf验证白名单
private List<String> csrfWhiteListURL = Collections.emptyList();
private List<String> ssoCsfWhiteListUrls = Collections.emptyList();
// 单点登录情况下csrf验证白名单
private String ssoCsfWhiteListMethodName;
private final PathMatcher pathMatcher = new AntPathMatcher();
private ApplicationProperties applicationProperties;
private ActApplication actApplication;
public void setCsrfWhiteListURL(List<String> csrfWhiteListURL) {
this.csrfWhiteListURL = csrfWhiteListURL;
}
public void setSsoCsfWhiteListUrls(List<String> ssoCsfWhiteListUrls) {
this.ssoCsfWhiteListUrls = ssoCsfWhiteListUrls;
}
public void setSsoCsfWhiteListMethodName(String ssoCsfWhiteListMethodName) {
this.ssoCsfWhiteListMethodName = ssoCsfWhiteListMethodName;
}
public void setApplicationProperties(ApplicationProperties applicationProperties) {
this.applicationProperties = applicationProperties;
}
public void setActApplication(ActApplication actApplication) {
this.actApplication = actApplication;
}
@Override
public boolean verify(HttpServletRequest request, Operator operator) {
// 处理跨站请求伪造
boolean verifyCSRF = this.verifyCSRFToken(request);
// 跨站请求伪造校验失败
if (!verifyCSRF) {
// 全部ajax请求抛出异常
if (ContextUtil.isAjaxRequest()) {
throw new VisitErrorException();
}
// CAS中 处理可以直接产生数据改变的服务
if (isCas()) {
// 只有 ssoCsfWhiteListMethodName 中开头的方法放行
verifyCSRF = this.isSSOCSRFWhiteURL(request.getServletPath());
if (verifyCSRF) {
this.verifySSOAsBizId(request, operator);
}
}
}
return verifyCSRF;
}
private boolean verifyCSRFToken(HttpServletRequest request) {
// 白名单中的url不进行CSRFToken校验
if (this.isCSRFWhiteURL(request.getServletPath())) {
return true;
}
if (ContextUtil.isAppRequest()) {
return true;
}
// 从 head中取 ajax 操作可获取
String csrfToken = request.getHeader(Constants.CSRF_TOKEN);
// 读取请求中参数
if (StringUtil.isBlank(csrfToken)) {
csrfToken = request.getParameter(Constants.CSRF_TOKEN);
}
if (StringUtil.isBlank(csrfToken)) {
return false;
}
Subject subject = SecurityUtils.getSubject();
String sessionCSRFToken = (String) subject.getSession().getAttribute(Constants.CSRF_TOKEN);
if (StringUtil.isBlank(sessionCSRFToken)) {
return false;
}
String checkCSRFToken = sessionCSRFToken;
String bizId = request.getParameter(Constants.BIZID);
if (StringUtil.isNotBlank(bizId)) {// 存在bizId
if (!ContextUtil.isAjaxRequest()) {// 不是ajax请求
// 存在bizId校验则使用bizId与token加密后传输
checkCSRFToken = Md5Builder.getMd5(bizId + sessionCSRFToken);
}
}
if (csrfToken.equalsIgnoreCase(checkCSRFToken)) {
return true;
} else {
LOG.error("存在csrfToken的不相同, csrfToken={},sessionCSRFToken={}", csrfToken, checkCSRFToken);
return false;
}
}
/**
* csrf白名单验证
*
* @param currentURL
* @return
*/
private boolean isCSRFWhiteURL(String currentURL) {
if (csrfWhiteListURL == null || csrfWhiteListURL.size() == 0) {
return false;
}
for (String whiteURL : csrfWhiteListURL) {
if (pathMatcher.match(whiteURL, currentURL)) {
return true;
}
}
return false;
}
/**
* 单点登录情况下 csrf白名单验证
*
* @param currentURL
* @return
*/
private boolean isSSOCSRFWhiteURL(String currentURL) {
List<String> whiteList = this.getSsoCsfWhiteListUrls();
if (whiteList == null || whiteList.size() == 0) {
return false;
}
for (String whiteURL : whiteList) {
if (pathMatcher.match(whiteURL, currentURL)) {
return true;
}
}
return false;
}
private List<String> getSsoCsfWhiteListUrls() {
if (ssoCsfWhiteListUrls == null) {
// 解析字符串为可用于匹配的路径
ssoCsfWhiteListUrls = new ArrayList<String>();
if (StringUtil.isNotBlank(ssoCsfWhiteListMethodName)) {
String[] nameArray = ssoCsfWhiteListMethodName.split(SPLIT_PATTERN);
for (String name : nameArray) {
name = name.trim();
if (name.length() == 0) {
continue;
}
// 如字符串为 load 匹配路径为/**/load*
ssoCsfWhiteListUrls.add(String.format("/**/%s*", name));
}
}
}
return ssoCsfWhiteListUrls;
}
/**
* 单点登录链接校验
*/
private void verifySSOAsBizId(HttpServletRequest request, Operator operator) {
String bizId = request.getParameter(Constants.BIZID);
if (StringUtil.isBlank(bizId)) {
return;
}
// 存在bizId 需要根据当前人员判断是否允许查看任务单据
boolean flag = actApplication.checkVisitTaskByBizIdAndPersonId(bizId, operator.getUserId());
if (!flag) {
throw new AuthorizationException();
}
}
private boolean isCas() {
return applicationProperties.isCas();
}
}
huigou-uasp/src/main/java/com/huigou/uasp/bmp/intercept/RefererHeaderCsrfTokenVerifyStrategy.java 0 → 100644
View file @ 0e28035b
package com.huigou.uasp.bmp.intercept;
import com.huigou.context.Operator;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;
import org.springframework.util.StringUtils;
import javax.servlet.http.HttpServletRequest;
import java.util.Arrays;
/**
* @author yonghuan
*/
public class RefererHeaderCsrfTokenVerifyStrategy implements CsrfTokenVerifyStrategy {
private String[] whiteListUrls;
private final PathMatcher pathMatcher = new AntPathMatcher();
public void setWhiteListUrl(String whiteListUrl) {
this.whiteListUrls = StringUtils.tokenizeToStringArray(whiteListUrl, ",");
}
@Override
public boolean verify(HttpServletRequest request, Operator operator) {
String referer = request.getHeader("Referer");
if (referer == null) {
return false;
}
return Arrays.stream(whiteListUrls)
.filter(whiteListUrl -> pathMatcher.match(whiteListUrl, referer))
.findAny()
.isPresent();
}
}
huigou-xt/pom.xml
View file @ 0e28035b
......@@ -4,7 +4,7 @@
<parent>
<groupId>com.huigou</groupId>
<artifactId>root</artifactId>
<version>1.2.9-SNAPSHOT</version>
<version>1.2.9</version>
</parent>
<artifactId>huigou-xt</artifactId>
<name>huigou-xt</name>
......
huigou-xt/src/main/resources/spring-mvc.xml
View file @ 0e28035b
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
......@@ -12,42 +13,63 @@
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<context:property-placeholder location="classpath:application.properties"/>
<aop:aspectj-autoproxy></aop:aspectj-autoproxy>
<context:property-placeholder location="classpath:application.properties"/>
<aop:aspectj-autoproxy></aop:aspectj-autoproxy>
<!--
<context:annotation-config />
-->
<!--注解扫描包 需要扫描的标注了@Controller的类 -->
<context:component-scan base-package="com.**.controller" use-default-filters="false">
<context:include-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
</context:component-scan>
<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter"></bean>
<bean name="handlerMapping" class="com.huigou.uasp.handlerMapping.UaspRequestMappingHandlerMapping"></bean>
<bean id="exceptionHandler" class="com.huigou.uasp.exception.ExceptionHandler"/>
<mvc:interceptors>
<bean id="authenticationInterceptor" class="com.huigou.uasp.bmp.intercept.AuthenticationInterceptor">
<property name="csrfWhiteListURL">
<list>
<value>/attachment/downFileBySavePath.ajax</value>
</list>
</property>
<property name="ssoCsfWhiteListMethodName">
<value>forward,show,load</value>
</property>
<property name="taskStatusChekedMethodName">
<value>insert,remove,save,update,delete,advance</value>
</property>
</bean>
<bean id="executeContextInterceptor" class="com.huigou.uasp.bmp.intercept.ExecuteContextInterceptor">
<property name="operatorUIElementPermissionBuilder" ref="operatorUIElementPermissionBuilder"/>
</bean>
<context:include-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
</context:component-scan>
<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter"></bean>
<bean name="handlerMapping" class="com.huigou.uasp.handlerMapping.UaspRequestMappingHandlerMapping"></bean>
<bean id="exceptionHandler" class="com.huigou.uasp.exception.ExceptionHandler"/>
<bean id="csrfTokenVerifyStrategy" class="com.huigou.uasp.bmp.intercept.CompositeCsrfTokenVerifyStrategy">
<constructor-arg>
<list>
<ref bean="defaultCsrfTokenVerifyStrategy"/>
</list>
</constructor-arg>
</bean>
<bean id="defaultCsrfTokenVerifyStrategy"
class="com.huigou.uasp.bmp.intercept.DefaultCsrfTokenVerifyStrategy">
<property name="csrfWhiteListURL">
<list>
<value>/attachment/downFileBySavePath.ajax</value>
</list>
</property>
<property name="ssoCsfWhiteListMethodName">
<value>forward,show,load</value>
</property>
</bean>
<mvc:interceptors>
<bean id="authenticationInterceptor" class="com.huigou.uasp.bmp.intercept.AuthenticationInterceptor">
<property name="csrfWhiteListURL">
<list>
<value>/attachment/downFileBySavePath.ajax</value>
</list>
</property>
<property name="ssoCsfWhiteListMethodName">
<value>forward,show,load</value>
</property>
<property name="taskStatusChekedMethodName">
<value>insert,remove,save,update,delete,advance</value>
</property>
<property name="csrfTokenVerifyStrategy" ref="csrfTokenVerifyStrategy"/>
</bean>
<bean id="executeContextInterceptor" class="com.huigou.uasp.bmp.intercept.ExecuteContextInterceptor">
<property name="operatorUIElementPermissionBuilder" ref="operatorUIElementPermissionBuilder"/>
</bean>
<!-- 国际化操作拦截器 如果采用基于(请求/Session/Cookie)则必需配置 -->
<bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor"/>
</mvc:interceptors>
</mvc:interceptors>
<!-- 视图解析器 -->
<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/"></property>
<property name="suffix" value=".jsp"></property>
</bean>
<property name="prefix" value="/"></property>
<property name="suffix" value=".jsp"></property>
</bean>
</beans>
\ No newline at end of file
pom.xml
View file @ 0e28035b
......@@ -6,7 +6,7 @@
<groupId>com.huigou</groupId>
<artifactId>root</artifactId>
<version>1.2.9-SNAPSHOT</version>
<version>1.2.9</version>
<packaging>pom</packaging>
<modules>
......@@ -158,7 +158,7 @@
<!-- test -->
<junit.version>4.13</junit.version>
<spring-data-mongodb.version>1.9.3.RELEASE</spring-data-mongodb.version>
<huigou.uasp.version>1.2.9-SNAPSHOT</huigou.uasp.version>
<huigou.uasp.version>1.2.9</huigou.uasp.version>
<classgraph.version>4.8.43</classgraph.version>
<fastjson.version>1.2.59</fastjson.version>
<jstyleparser.version>3.5</jstyleparser.version>
......
query-spring/pom.xml
View file @ 0e28035b
......@@ -7,7 +7,7 @@
<parent>
<groupId>com.huigou</groupId>
<artifactId>root</artifactId>
<version>1.2.9-SNAPSHOT</version>
<version>1.2.9</version>
</parent>
<groupId>com.topsunit</groupId>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment