From 9e7450c012c9ab8eb86e8c76b290d833f5451a5b Mon Sep 17 00:00:00 2001 From: zengqiao Date: Wed, 31 Mar 2021 19:45:18 +0800 Subject: [PATCH 1/5] =?UTF-8?q?=E6=8B=92=E7=BB=9D=E5=8C=85=E5=90=AB./?= =?UTF-8?q?=E6=88=96/=E8=BF=9E=E7=BB=AD=E8=BF=87=E5=A4=9A=E7=9A=84?= =?UTF-8?q?=E6=8E=A5=E5=8F=A3=E8=AF=B7=E6=B1=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../kafka/manager/account/impl/LoginServiceImpl.java | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java index b168b754..91af67b3 100644 --- a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java +++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java @@ -64,11 +64,13 @@ public class LoginServiceImpl implements LoginService { @Override public boolean checkLogin(HttpServletRequest request, HttpServletResponse response) { - String uri = request.getRequestURI().replace("//", "/"); - if (uri.contains("/../") || uri.contains("/./")) { - LOGGER.error("class=LoginServiceImpl||method=checkLogin||msg=uri illegal, contains /../ or /./||uri={}", uri); + String uri = request.getRequestURI(); + if (uri.contains("./") || uri.contains("///")) { + LOGGER.error("class=LoginServiceImpl||method=checkLogin||msg=uri illegal, contains ../ or ./ or ///||uri={}", uri); + singleSignOn.setRedirectToLoginPage(response); return false; } + uri = uri.replaceAll("//", "/"); if (uri.startsWith(ApiPrefix.API_V1_SSO_PREFIX) || uri.startsWith(ApiPrefix.API_V1_THIRD_PART_PREFIX) From 1059b7376b5e5562fea26dd7cfb2e4a21469185a Mon Sep 17 00:00:00 2001 From: zengqiao Date: Tue, 6 Apr 2021 10:01:29 +0800 Subject: [PATCH 2/5] forbiden request when uri contain .. --- .../kafka/manager/account/impl/LoginServiceImpl.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java index 91af67b3..92ccce58 100644 --- a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java +++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java @@ -65,8 +65,8 @@ public class LoginServiceImpl implements LoginService { @Override public boolean checkLogin(HttpServletRequest request, HttpServletResponse response) { String uri = request.getRequestURI(); - if (uri.contains("./") || uri.contains("///")) { - LOGGER.error("class=LoginServiceImpl||method=checkLogin||msg=uri illegal, contains ../ or ./ or ///||uri={}", uri); + if (uri.contains("..") || uri.contains("./") || uri.contains("///")) { + LOGGER.error("class=LoginServiceImpl||method=checkLogin||msg=uri illegal, contains .. or ./ or ///||uri={}", uri); singleSignOn.setRedirectToLoginPage(response); return false; } From b9bb1c775dd093e1ad8cf77178bd758eb9b55469 Mon Sep 17 00:00:00 2001 From: zengqiao Date: Tue, 6 Apr 2021 10:26:21 +0800 Subject: [PATCH 3/5] change uri filter rule --- .../kafka/manager/common/constant/ApiPrefix.java | 7 +++++-- .../kafka/manager/account/impl/LoginServiceImpl.java | 3 ++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/constant/ApiPrefix.java b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/constant/ApiPrefix.java index a6784204..f193f39d 100644 --- a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/constant/ApiPrefix.java +++ b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/constant/ApiPrefix.java @@ -8,10 +8,13 @@ package com.xiaojukeji.kafka.manager.common.constant; public class ApiPrefix { public static final String API_PREFIX = "/api/"; private static final String API_V1_PREFIX = API_PREFIX + "v1/"; - private static final String API_V2_PREFIX = API_PREFIX + "v2/"; + + // login + public static final String API_V1_SSO_PREFIX = API_V1_PREFIX + "sso/"; + public static final String API_V1_SSO_LOGIN = API_V1_SSO_PREFIX + "login"; + public static final String API_V1_SSO_LOGOUT = API_V1_SSO_PREFIX + "logout"; // console - public static final String API_V1_SSO_PREFIX = API_V1_PREFIX + "sso/"; public static final String API_V1_NORMAL_PREFIX = API_V1_PREFIX + "normal/"; public static final String API_V1_RD_PREFIX = API_V1_PREFIX + "rd/"; public static final String API_V1_OP_PREFIX = API_V1_PREFIX + "op/"; diff --git a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java index 92ccce58..e0919f54 100644 --- a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java +++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java @@ -72,7 +72,8 @@ public class LoginServiceImpl implements LoginService { } uri = uri.replaceAll("//", "/"); - if (uri.startsWith(ApiPrefix.API_V1_SSO_PREFIX) + if (uri.equals(ApiPrefix.API_V1_SSO_LOGIN) + || uri.equals(ApiPrefix.API_V1_SSO_LOGOUT) || uri.startsWith(ApiPrefix.API_V1_THIRD_PART_PREFIX) || uri.startsWith(ApiPrefix.GATEWAY_API_V1_PREFIX)) { // 白名单接口直接true From 0f4082031522f04f3cac793d27a21c032e28c874 Mon Sep 17 00:00:00 2001 From: zwOvO <9742263582@qq.com> Date: Fri, 9 Apr 2021 11:41:06 +0800 Subject: [PATCH 4/5] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=97=A0=E7=94=A8import?= =?UTF-8?q?=E3=80=81=E5=88=A0=E9=99=A4=E6=97=A0=E7=94=A8=E4=BB=A3=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../kafka/manager/service/service/ClusterService.java | 1 - .../kafka/manager/service/service/RegionService.java | 1 - .../kafka/manager/service/service/impl/AdminServiceImpl.java | 4 ---- .../manager/service/service/impl/ConsumerServiceImpl.java | 1 - .../web/api/versionone/normal/NormalAccountController.java | 3 +-- .../api/versionone/thirdpart/ThirdPartClusterController.java | 3 +-- 6 files changed, 2 insertions(+), 11 deletions(-) diff --git a/kafka-manager-core/src/main/java/com/xiaojukeji/kafka/manager/service/service/ClusterService.java b/kafka-manager-core/src/main/java/com/xiaojukeji/kafka/manager/service/service/ClusterService.java index 2feb321b..35c4be8d 100644 --- a/kafka-manager-core/src/main/java/com/xiaojukeji/kafka/manager/service/service/ClusterService.java +++ b/kafka-manager-core/src/main/java/com/xiaojukeji/kafka/manager/service/service/ClusterService.java @@ -4,7 +4,6 @@ import com.xiaojukeji.kafka.manager.common.entity.Result; import com.xiaojukeji.kafka.manager.common.entity.ResultStatus; import com.xiaojukeji.kafka.manager.common.entity.ao.ClusterDetailDTO; import com.xiaojukeji.kafka.manager.common.entity.ao.cluster.ControllerPreferredCandidate; -import com.xiaojukeji.kafka.manager.common.entity.dto.op.ControllerPreferredCandidateDTO; import com.xiaojukeji.kafka.manager.common.entity.vo.normal.cluster.ClusterNameDTO; import com.xiaojukeji.kafka.manager.common.entity.pojo.ClusterDO; import com.xiaojukeji.kafka.manager.common.entity.pojo.ClusterMetricsDO; diff --git a/kafka-manager-core/src/main/java/com/xiaojukeji/kafka/manager/service/service/RegionService.java b/kafka-manager-core/src/main/java/com/xiaojukeji/kafka/manager/service/service/RegionService.java index 8ab072fe..40c92a5c 100644 --- a/kafka-manager-core/src/main/java/com/xiaojukeji/kafka/manager/service/service/RegionService.java +++ b/kafka-manager-core/src/main/java/com/xiaojukeji/kafka/manager/service/service/RegionService.java @@ -1,7 +1,6 @@ package com.xiaojukeji.kafka.manager.service.service; import com.xiaojukeji.kafka.manager.common.entity.ResultStatus; -import com.xiaojukeji.kafka.manager.common.entity.dto.rd.RegionDTO; import com.xiaojukeji.kafka.manager.common.entity.pojo.RegionDO; import java.util.List; diff --git a/kafka-manager-core/src/main/java/com/xiaojukeji/kafka/manager/service/service/impl/AdminServiceImpl.java b/kafka-manager-core/src/main/java/com/xiaojukeji/kafka/manager/service/service/impl/AdminServiceImpl.java index b49e41a3..26d7ef4d 100644 --- a/kafka-manager-core/src/main/java/com/xiaojukeji/kafka/manager/service/service/impl/AdminServiceImpl.java +++ b/kafka-manager-core/src/main/java/com/xiaojukeji/kafka/manager/service/service/impl/AdminServiceImpl.java @@ -340,10 +340,6 @@ public class AdminServiceImpl implements AdminService { @Override public ResultStatus modifyTopicConfig(ClusterDO clusterDO, String topicName, Properties properties, String operator) { ResultStatus rs = TopicCommands.modifyTopicConfig(clusterDO, topicName, properties); - if (!ResultStatus.SUCCESS.equals(rs)) { - return rs; - } - return rs; } } diff --git a/kafka-manager-core/src/main/java/com/xiaojukeji/kafka/manager/service/service/impl/ConsumerServiceImpl.java b/kafka-manager-core/src/main/java/com/xiaojukeji/kafka/manager/service/service/impl/ConsumerServiceImpl.java index 0d60d828..913316ef 100644 --- a/kafka-manager-core/src/main/java/com/xiaojukeji/kafka/manager/service/service/impl/ConsumerServiceImpl.java +++ b/kafka-manager-core/src/main/java/com/xiaojukeji/kafka/manager/service/service/impl/ConsumerServiceImpl.java @@ -8,7 +8,6 @@ import com.xiaojukeji.kafka.manager.common.entity.ao.consumer.ConsumeDetailDTO; import com.xiaojukeji.kafka.manager.common.entity.ao.consumer.ConsumerGroup; import com.xiaojukeji.kafka.manager.common.entity.ao.consumer.ConsumerGroupSummary; import com.xiaojukeji.kafka.manager.common.entity.pojo.ClusterDO; -import com.xiaojukeji.kafka.manager.common.utils.ListUtils; import com.xiaojukeji.kafka.manager.common.zookeeper.znode.brokers.TopicMetadata; import com.xiaojukeji.kafka.manager.common.entity.ao.PartitionOffsetDTO; import com.xiaojukeji.kafka.manager.common.exception.ConfigException; diff --git a/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/api/versionone/normal/NormalAccountController.java b/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/api/versionone/normal/NormalAccountController.java index 9b35ec87..455bd460 100644 --- a/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/api/versionone/normal/NormalAccountController.java +++ b/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/api/versionone/normal/NormalAccountController.java @@ -9,7 +9,6 @@ import com.xiaojukeji.kafka.manager.common.entity.vo.common.AccountSummaryVO; import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils; import com.xiaojukeji.kafka.manager.common.utils.SpringTool; import com.xiaojukeji.kafka.manager.common.constant.ApiPrefix; -import com.xiaojukeji.kafka.manager.web.api.versionone.gateway.GatewayHeartbeatController; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import org.slf4j.Logger; @@ -62,4 +61,4 @@ public class NormalAccountController { AccountRoleEnum accountRoleEnum = accountService.getAccountRoleFromCache(username); return new Result<>(new AccountRoleVO(username, accountRoleEnum.getRole())); } -} \ No newline at end of file +} diff --git a/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/api/versionone/thirdpart/ThirdPartClusterController.java b/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/api/versionone/thirdpart/ThirdPartClusterController.java index e379256f..58c4f1b0 100644 --- a/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/api/versionone/thirdpart/ThirdPartClusterController.java +++ b/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/api/versionone/thirdpart/ThirdPartClusterController.java @@ -7,7 +7,6 @@ import com.xiaojukeji.kafka.manager.common.entity.ResultStatus; import com.xiaojukeji.kafka.manager.common.entity.metrics.BrokerMetrics; import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils; import com.xiaojukeji.kafka.manager.common.zookeeper.znode.brokers.BrokerMetadata; -import com.xiaojukeji.kafka.manager.openapi.common.vo.ThirdPartBrokerOverviewVO; import com.xiaojukeji.kafka.manager.service.cache.PhysicalClusterMetadataManager; import com.xiaojukeji.kafka.manager.service.service.BrokerService; import io.swagger.annotations.Api; @@ -52,4 +51,4 @@ public class ThirdPartClusterController { return new Result<>(underReplicated.equals(0)); } -} \ No newline at end of file +} From 2a57c260cc2c9a878ce9a58841cbdb2d1191777d Mon Sep 17 00:00:00 2001 From: zengqiao Date: Wed, 14 Apr 2021 19:40:19 +0800 Subject: [PATCH 5/5] =?UTF-8?q?=E9=80=9A=E8=BF=87=E8=8E=B7=E5=8F=96?= =?UTF-8?q?=E7=B1=BB=E7=9A=84RequestMapping=E6=B3=A8=E8=A7=A3=E6=9D=A5?= =?UTF-8?q?=E5=88=A4=E6=96=AD=E5=BD=93=E5=89=8D=E8=AF=B7=E6=B1=82=E6=98=AF?= =?UTF-8?q?=E5=90=A6=E9=9C=80=E8=A6=81=E7=99=BB=E5=BD=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../manager/common/constant/ApiPrefix.java | 2 -- .../kafka/manager/account/LoginService.java | 2 +- .../account/impl/LoginServiceImpl.java | 15 ++++---- .../web/inteceptor/PermissionInterceptor.java | 34 ++++++++++++++++++- 4 files changed, 40 insertions(+), 13 deletions(-) diff --git a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/constant/ApiPrefix.java b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/constant/ApiPrefix.java index f193f39d..b90918eb 100644 --- a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/constant/ApiPrefix.java +++ b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/constant/ApiPrefix.java @@ -11,8 +11,6 @@ public class ApiPrefix { // login public static final String API_V1_SSO_PREFIX = API_V1_PREFIX + "sso/"; - public static final String API_V1_SSO_LOGIN = API_V1_SSO_PREFIX + "login"; - public static final String API_V1_SSO_LOGOUT = API_V1_SSO_PREFIX + "logout"; // console public static final String API_V1_NORMAL_PREFIX = API_V1_PREFIX + "normal/"; diff --git a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/LoginService.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/LoginService.java index 98e8bab1..707d4908 100644 --- a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/LoginService.java +++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/LoginService.java @@ -16,5 +16,5 @@ public interface LoginService { void logout(HttpServletRequest request, HttpServletResponse response, Boolean needJump2LoginPage); - boolean checkLogin(HttpServletRequest request, HttpServletResponse response); + boolean checkLogin(HttpServletRequest request, HttpServletResponse response, String classRequestMappingValue); } \ No newline at end of file diff --git a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java index e0919f54..7c82053f 100644 --- a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java +++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java @@ -63,19 +63,16 @@ public class LoginServiceImpl implements LoginService { } @Override - public boolean checkLogin(HttpServletRequest request, HttpServletResponse response) { - String uri = request.getRequestURI(); - if (uri.contains("..") || uri.contains("./") || uri.contains("///")) { - LOGGER.error("class=LoginServiceImpl||method=checkLogin||msg=uri illegal, contains .. or ./ or ///||uri={}", uri); + public boolean checkLogin(HttpServletRequest request, HttpServletResponse response, String classRequestMappingValue) { + if (ValidateUtils.isNull(classRequestMappingValue)) { + LOGGER.error("class=LoginServiceImpl||method=checkLogin||msg=uri illegal||uri={}", request.getRequestURI()); singleSignOn.setRedirectToLoginPage(response); return false; } - uri = uri.replaceAll("//", "/"); - if (uri.equals(ApiPrefix.API_V1_SSO_LOGIN) - || uri.equals(ApiPrefix.API_V1_SSO_LOGOUT) - || uri.startsWith(ApiPrefix.API_V1_THIRD_PART_PREFIX) - || uri.startsWith(ApiPrefix.GATEWAY_API_V1_PREFIX)) { + if (classRequestMappingValue.equals(ApiPrefix.API_V1_SSO_PREFIX) + || classRequestMappingValue.equals(ApiPrefix.API_V1_THIRD_PART_PREFIX) + || classRequestMappingValue.equals(ApiPrefix.GATEWAY_API_V1_PREFIX)) { // 白名单接口直接true return true; } diff --git a/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/inteceptor/PermissionInterceptor.java b/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/inteceptor/PermissionInterceptor.java index 6286cace..bf4b88d8 100644 --- a/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/inteceptor/PermissionInterceptor.java +++ b/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/inteceptor/PermissionInterceptor.java @@ -1,8 +1,13 @@ package com.xiaojukeji.kafka.manager.web.inteceptor; import com.xiaojukeji.kafka.manager.account.LoginService; +import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.HandlerInterceptor; import javax.servlet.http.HttpServletRequest; @@ -15,6 +20,8 @@ import javax.servlet.http.HttpServletResponse; */ @Component public class PermissionInterceptor implements HandlerInterceptor { + private static final Logger LOGGER = LoggerFactory.getLogger(PermissionInterceptor.class); + @Autowired private LoginService loginService; @@ -28,6 +35,31 @@ public class PermissionInterceptor implements HandlerInterceptor { public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - return loginService.checkLogin(request, response); + + String classRequestMappingValue = null; + try { + classRequestMappingValue = getClassRequestMappingValue(handler); + } catch (Exception e) { + LOGGER.error("class=PermissionInterceptor||method=preHandle||uri={}||msg=parse class request-mapping failed", request.getRequestURI(), e); + } + return loginService.checkLogin(request, response, classRequestMappingValue); + } + + private String getClassRequestMappingValue(Object handler) { + RequestMapping classRM = null; + if(handler instanceof HandlerMethod) { + HandlerMethod hm = (HandlerMethod)handler; + classRM = hm.getMethod().getDeclaringClass().getAnnotation(RequestMapping.class); + } else if(handler instanceof org.springframework.web.servlet.mvc.Controller) { + org.springframework.web.servlet.mvc.Controller hm = (org.springframework.web.servlet.mvc.Controller)handler; + Class hmClass = hm.getClass(); + classRM = hmClass.getAnnotation(RequestMapping.class); + } else { + classRM = handler.getClass().getAnnotation(RequestMapping.class); + } + if (ValidateUtils.isNull(classRM) || classRM.value().length < 0) { + return null; + } + return classRM.value()[0]; } }