8x48/KnowStreaming
1
0
Fork 0
mirror of https://github.com/didi/KnowStreaming.git synced 2026-01-06 13:51:08 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

接口过滤策略由接口黑名单转成接口白名单

Browse Source
This commit is contained in:
zengqiao
2021-03-29 21:21:23 +08:00
parent ed13e0d2c2
commit 648af61116
3 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java
View File

@@ -64,16 +64,16 @@ public class LoginServiceImpl implements LoginService {
@Override
public boolean checkLogin(HttpServletRequest request, HttpServletResponse response) {
String uri = request.getRequestURI();
if (uri.contains("..")) {
LOGGER.error("class=LoginServiceImpl||method=checkLogin||msg=uri illegal||uri={}", uri);
String uri = request.getRequestURI().replace("//", "/");
if (uri.contains("/../") || uri.contains("/./")) {
LOGGER.error("class=LoginServiceImpl||method=checkLogin||msg=uri illegal, contains /../ or /./||uri={}", uri);
return false;
}
if (!(uri.contains(ApiPrefix.API_V1_NORMAL_PREFIX)
|| uri.contains(ApiPrefix.API_V1_RD_PREFIX)
|| uri.contains(ApiPrefix.API_V1_OP_PREFIX))) {
// 白名单接口, 直接忽略登录
if (uri.startsWith(ApiPrefix.API_V1_SSO_PREFIX)
|| uri.startsWith(ApiPrefix.API_V1_THIRD_PART_PREFIX)
|| uri.startsWith(ApiPrefix.GATEWAY_API_V1_PREFIX)) {
// 白名单接口直接true
return true;
}