admin/lx-admin-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix 修复 CryptoFilter 代码逻辑问题

Browse Source
This commit is contained in:
疯狂的狮子Li 2023-12-23 23:06:47 +08:00
parent 82c62091aa
commit a1f404d548
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/filter/CryptoFilter.java
View File

@ -18,6 +18,7 @@ import org.springframework.web.servlet.HandlerExecutionChain;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping; import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
import java.io.IOException; import java.io.IOException;
import java.io.PrintWriter;
/** /**
@ -37,7 +38,7 @@ public class CryptoFilter implements Filter {
HttpServletRequest servletRequest = (HttpServletRequest) request; HttpServletRequest servletRequest = (HttpServletRequest) request;
HttpServletResponse servletResponse = (HttpServletResponse) response; HttpServletResponse servletResponse = (HttpServletResponse) response;
boolean encryptFlag = false; boolean responseFlag = false;
ServletRequest requestWrapper = null; ServletRequest requestWrapper = null;
ServletResponse responseWrapper = null; ServletResponse responseWrapper = null;
EncryptResponseBodyWrapper responseBodyWrapper = null; EncryptResponseBodyWrapper responseBodyWrapper = null;
@ -48,24 +49,24 @@ public class CryptoFilter implements Filter {
if (HttpMethod.PUT.matches(servletRequest.getMethod()) || HttpMethod.POST.matches(servletRequest.getMethod())) { if (HttpMethod.PUT.matches(servletRequest.getMethod()) || HttpMethod.POST.matches(servletRequest.getMethod())) {
// 是否存在加密标头 // 是否存在加密标头
String headerValue = servletRequest.getHeader(properties.getHeaderFlag()); String headerValue = servletRequest.getHeader(properties.getHeaderFlag());
// 获取加密注解
ApiEncrypt apiEncrypt = this.getApiEncryptAnnotation(servletRequest);
responseFlag = apiEncrypt != null && apiEncrypt.response();
if (StringUtils.isNotBlank(headerValue)) { if (StringUtils.isNotBlank(headerValue)) {
// 请求解密 // 请求解密
requestWrapper = new DecryptRequestBodyWrapper(servletRequest, properties.getPrivateKey(), properties.getHeaderFlag()); requestWrapper = new DecryptRequestBodyWrapper(servletRequest, properties.getPrivateKey(), properties.getHeaderFlag());
// 获取加密注解
ApiEncrypt apiEncrypt = this.getApiEncryptAnnotation(servletRequest);
if (ObjectUtil.isNotNull(apiEncrypt)) {
// 响应加密标志
encryptFlag = apiEncrypt.response();
} else { } else {
// 是否有注解有就报错没有放行 // 是否有注解有就报错没有放行
HandlerExceptionResolver exceptionResolver = SpringUtils.getBean(HandlerExceptionResolver.class); if (ObjectUtil.isNotNull(apiEncrypt)) {
HandlerExceptionResolver exceptionResolver = SpringUtils.getBean("handlerExceptionResolver", HandlerExceptionResolver.class);
exceptionResolver.resolveException( exceptionResolver.resolveException(
servletRequest, servletResponse, null, servletRequest, servletResponse, null,
new ServiceException("没有访问权限,请联系管理员授权", HttpStatus.FORBIDDEN)); new ServiceException("没有访问权限,请联系管理员授权", HttpStatus.FORBIDDEN));
return;
} }
} }
// 判断是否响应加密 // 判断是否响应加密
if (encryptFlag) { if (responseFlag) {
responseBodyWrapper = new EncryptResponseBodyWrapper(servletResponse); responseBodyWrapper = new EncryptResponseBodyWrapper(servletResponse);
responseWrapper = responseBodyWrapper; responseWrapper = responseBodyWrapper;
} }
@ -76,7 +77,7 @@ public class CryptoFilter implements Filter {
ObjectUtil.defaultIfNull(requestWrapper, request), ObjectUtil.defaultIfNull(requestWrapper, request),
ObjectUtil.defaultIfNull(responseWrapper, response)); ObjectUtil.defaultIfNull(responseWrapper, response));
if (encryptFlag) { if (responseFlag) {
servletResponse.reset(); servletResponse.reset();
// 对原始内容加密 // 对原始内容加密
String encryptContent = responseBodyWrapper.getEncryptContent( String encryptContent = responseBodyWrapper.getEncryptContent(