Examples with ModifyParamMapRequestWrapper com.hccake.ballcat.common.core.request.wrapper.ModifyParamMapRequestWrapper used on opensource projects

Example 1 with ModifyParamMapRequestWrapper

use of com.hccake.ballcat.common.core.request.wrapper.ModifyParamMapRequestWrapper in project ballcat by ballcat-projects.

the class LoginPasswordDecoderFilter method doFilterInternal.

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    // 未配置密码密钥时，直接跳过
    if (passwordSecretKey == null) {
        log.warn("passwordSecretKey not configured, skip password decoder");
        filterChain.doFilter(request, response);
        return;
    }
    // 测试客户端 跳过密码解密（swagger 或 postman测试时使用）
    if (SecurityUtils.isTestClient()) {
        filterChain.doFilter(request, response);
        return;
    }
    // 解密前台加密后的密码
    Map<String, String[]> parameterMap = new HashMap<>(request.getParameterMap());
    String passwordAes = request.getParameter(PASSWORD);
    try {
        if (request.getParameter(GRANT_TYPE).equals(PASSWORD)) {
            String password = PasswordUtils.decodeAES(passwordAes, passwordSecretKey);
            parameterMap.put(PASSWORD, new String[] { password });
        }
    } catch (Exception e) {
        log.error("[doFilterInternal] password decode aes error，passwordAes: {}，passwordSecretKey: {}", passwordAes, passwordSecretKey, e);
        response.setHeader("Content-Type", MediaType.APPLICATION_JSON.toString());
        response.setHeader("Accept-Charset", StandardCharsets.UTF_8.toString());
        response.setStatus(HttpStatus.BAD_REQUEST.value());
        R<String> r = R.failed(SystemResultCode.UNAUTHORIZED, "用户名或密码错误！");
        response.getWriter().write(JsonUtils.toJson(r));
        return;
    }
    // SpringSecurity 默认从ParameterMap中获取密码参数
    // 由于原生的request中对parameter加锁了，无法修改，所以使用包装类
    filterChain.doFilter(new ModifyParamMapRequestWrapper(request, parameterMap), response);
}