Search in sources :

Example 1 with ModifyParamMapRequestWrapper

use of com.hccake.ballcat.common.core.request.wrapper.ModifyParamMapRequestWrapper in project ballcat by ballcat-projects.

the class LoginPasswordDecoderFilter method doFilterInternal.

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    // 未配置密码密钥时,直接跳过
    if (passwordSecretKey == null) {
        log.warn("passwordSecretKey not configured, skip password decoder");
        filterChain.doFilter(request, response);
        return;
    }
    // 测试客户端 跳过密码解密(swagger 或 postman测试时使用)
    if (SecurityUtils.isTestClient()) {
        filterChain.doFilter(request, response);
        return;
    }
    // 解密前台加密后的密码
    Map<String, String[]> parameterMap = new HashMap<>(request.getParameterMap());
    String passwordAes = request.getParameter(PASSWORD);
    try {
        if (request.getParameter(GRANT_TYPE).equals(PASSWORD)) {
            String password = PasswordUtils.decodeAES(passwordAes, passwordSecretKey);
            parameterMap.put(PASSWORD, new String[] { password });
        }
    } catch (Exception e) {
        log.error("[doFilterInternal] password decode aes error,passwordAes: {},passwordSecretKey: {}", passwordAes, passwordSecretKey, e);
        response.setHeader("Content-Type", MediaType.APPLICATION_JSON.toString());
        response.setHeader("Accept-Charset", StandardCharsets.UTF_8.toString());
        response.setStatus(HttpStatus.BAD_REQUEST.value());
        R<String> r = R.failed(SystemResultCode.UNAUTHORIZED, "用户名或密码错误!");
        response.getWriter().write(JsonUtils.toJson(r));
        return;
    }
    // SpringSecurity 默认从ParameterMap中获取密码参数
    // 由于原生的request中对parameter加锁了,无法修改,所以使用包装类
    filterChain.doFilter(new ModifyParamMapRequestWrapper(request, parameterMap), response);
}
Also used : R(com.hccake.ballcat.common.model.result.R) HashMap(java.util.HashMap) ModifyParamMapRequestWrapper(com.hccake.ballcat.common.core.request.wrapper.ModifyParamMapRequestWrapper) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Aggregations

ModifyParamMapRequestWrapper (com.hccake.ballcat.common.core.request.wrapper.ModifyParamMapRequestWrapper)1 R (com.hccake.ballcat.common.model.result.R)1 IOException (java.io.IOException)1 HashMap (java.util.HashMap)1 ServletException (javax.servlet.ServletException)1