Accueil Explorer Aide
S'inscrire Connexion
depot-shanxi
/
depot-agent-shanxi
Suivre 7
Voter 0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

高危漏洞修复

lvzhikai il y a 4 ans
Parent
a98ab53ea0
commit
5307d5d7da
2 fichiers modifiés avec 99 ajouts et 0 suppressions
Vue séparée Afficher les stats Diff
  1. 38 0
      src/main/java/com/chinaitop/depot/utils/CustomFilter.java
  2. 61 0
      src/main/java/com/chinaitop/depot/utils/DataPolicyEngine.java

+ 38 - 0
src/main/java/com/chinaitop/depot/utils/CustomFilter.java
Voir le fichier 

@@ -0,0 +1,38 @@
1 
+package com.chinaitop.depot.utils;
2 
+
3 
+import org.apache.commons.lang.ObjectUtils;
4 
+
5 
+import javax.servlet.*;
6 
+import javax.servlet.http.HttpServletRequest;
7 
+import javax.servlet.http.HttpSession;
8 
+import java.io.IOException;
9 
+
10 
+public class CustomFilter implements Filter {
11 
+
12 
+	@Override
13 
+    public void init(FilterConfig filterConfig) throws ServletException {
14 
+
15 
+    }
16 
+
17 
+	@Override
18 
+	public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
19 
+			throws IOException, ServletException {
20 
+		HttpServletRequest request = (HttpServletRequest) arg0;
21 
+		HttpSession session = request.getSession();
22 
+		String orgId = "";
23 
+		if (session != null){
24 
+			orgId = ObjectUtils.toString(session.getAttribute("orgId"),"");
25 
+		}
26 
+		if (!orgId.isEmpty()) {
27 
+			DataPolicyEngine.set(orgId);
28 
+			arg2.doFilter(arg0, arg1);//放行,通过了当前过滤器,递交给下一个filter进行过滤
29 
+		}
30 
+		DataPolicyEngine.remove();
31 
+	}
32 
+
33 
+	@Override
34 
+    public void destroy() {
35 
+
36 
+    }
37 
+
38 
+}

+ 61 - 0
src/main/java/com/chinaitop/depot/utils/DataPolicyEngine.java
Voir le fichier 

@@ -0,0 +1,61 @@
1 
+package com.chinaitop.depot.utils;
2 
+
3 
+import org.apache.commons.logging.Log;
4 
+import org.apache.commons.logging.LogFactory;
5 
+
6 
+
7 
+/**
8 
+ *
9 
+ * @author hf
10 
+ *
11 
+ * @description 数据策略(数据权限控制使用)
12 
+ *
13 
+ *
14 
+ */
15 
+public class DataPolicyEngine {
16 
+	//log信息输出对象
17 
+	protected static final Log log = LogFactory.getLog(DataPolicyEngine.class);
18 
+
19 
+	//本地线程,用于存储线程公共对象
20 
+	private static ThreadLocal threadLocalSession = new ThreadLocal();
21 
+
22 
+
23 
+	/**
24 
+	 * @description 获取本地执行线程
25 
+	 *
26 
+	 * @return ThreadLocal
27 
+	 *
28 
+	 */
29 
+	public static ThreadLocal getThreadLocalSession() {
30 
+		return threadLocalSession;
31 
+	}
32 
+
33 
+	/**
34 
+	 * @description 在线程内设置存储对象
35 
+	 *
36 
+	 */
37 
+	public static void set(Object obj) {
38 
+		threadLocalSession.set(obj);
39 
+
40 
+	}
41 
+
42 
+	/**
43 
+	 * @description 获取在线程内设置存储的对象
44 
+	 *
45 
+	 */
46 
+	public static Object get() {
47 
+		return threadLocalSession.get();
48 
+
49 
+	}
50 
+
51 
+	/**
52 
+	 * @description 移除在线程内设置存储的对象
53 
+	 *
54 
+	 */
55 
+	public static void remove() {
56 
+		threadLocalSession.remove();
57 
+
58 
+	}
59 
+
60 
+
61 
+}