22222

backend/src/main/java/com/jiayue/ssi/config/WebSecurityConfig.java

@@ -4,7 +4,11 @@ import com.jiayue.ssi.filter.*;
 import com.jiayue.ssi.handler.*;
 import com.jiayue.ssi.service.impl.UserServiceImpl;
 import com.jiayue.ssi.util.JwtTokenUtil;
+import org.apache.catalina.connector.Connector;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.web.embedded.tomcat.TomcatConnectorCustomizer;
+import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
+import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
@@ -19,6 +23,8 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.authentication.logout.LogoutFilter;
+import org.springframework.security.web.firewall.DefaultHttpFirewall;
+import org.springframework.security.web.firewall.HttpFirewall;
 import org.springframework.web.filter.CorsFilter;
 
 
@@ -58,6 +64,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
         // 明文+随机盐值》加密存储
         return new BCryptPasswordEncoder();
     }
+    @Bean
+    public HttpFirewall allowUrlEncodedSlashHttpFirewall(){
+        return new DefaultHttpFirewall();
+    }
 
 //    @Override
 //    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@@ -74,7 +84,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
         httpSecurity.addFilterBefore(new VerifyCodeFilter(), LogoutFilter.class);
         httpSecurity.addFilterBefore(new MailCodeFilter(), LogoutFilter.class);
         httpSecurity.addFilterBefore(new JwtAuthenticationTokenFilter(userServiceImpl, jwtTokenUtil), LogoutFilter.class);
-        httpSecurity.headers().frameOptions().sameOrigin();
+        httpSecurity.headers().frameOptions().disable();
+//        httpSecurity.headers().httpStrictTransportSecurity().includeSubDomains(true).preload(true).maxAgeInSeconds(31536000);
         httpSecurity
                 // 由于使用的是JWT，我们这里不需要csrf
                 .csrf().disable()
@@ -97,6 +108,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     //针对静态资源放行
     @Override
     public void configure(WebSecurity web) throws Exception {
+        web.httpFirewall(allowUrlEncodedSlashHttpFirewall());
         /*super.configure(web);*/
         web.ignoring().antMatchers("/static/**", "/assets/**","/getVerifyCode","/getMailCode","/sysParameterController/getUseSendMail", "/");
     }

backend/src/main/java/com/jiayue/ssi/controller/IpBlacklistController.java

@@ -61,16 +61,17 @@ public class IpBlacklistController {
     @OperateLog(title = "黑名单管理", businessType = BusinessType.INSERT, auditType = AuditType.SYS)
     @PreAuthorize("@ss.hasPermi('system:ipblacklist:add')")
     public ResponseVO addIp(String ip) throws CustomException {
-        if (!IPUtils.isIP(ip)) {
-            return ResponseVO.fail("ip不合法,不能添加！");
-        }
-        SysBlacklist sysBlacklist = new SysBlacklist();
-        sysBlacklist.setIp(ip);
-        sysBlacklist.setIpTime(new Date());
-        sysBlacklist.setAddBy(SecurityContextUtil.getSysUser().getUsername());
         try {
+            if (!IPUtils.isIP(ip)) {
+                return ResponseVO.fail("ip不合法,不能添加！");
+            }
+            SysBlacklist sysBlacklist = new SysBlacklist();
+            sysBlacklist.setIp(ip);
+            sysBlacklist.setIpTime(new Date());
+            sysBlacklist.setAddBy(SecurityContextUtil.getSysUser().getUsername());
             boolean bo = sysBlacklistService.save(sysBlacklist);
             if (bo) {
+                CacheConstants.blacklistMap.put(sysBlacklist.getIp(),sysBlacklist.getId());
                 return ResponseVO.success("添加ip成功");
             } else {
                 log.error("添加ip失败");

backend/src/main/java/com/jiayue/ssi/controller/SysRoleController.java

@@ -199,6 +199,9 @@ public class SysRoleController {
             if (StringUtils.isEmpty(roleId)) {
                 return ResponseVO.fail("id不能为空!");
             }
+            if (roleService.countUserRoleByRoleId(Long.parseLong(roleId))>0) {
+                return ResponseVO.fail("菜单已分配,不允许删除");
+            }
             int bo = roleService.deleteRoleById(Long.parseLong(roleId));
             if (bo > 0) {
                 return ResponseVO.success("删除角色信息成功");

backend/src/main/java/com/jiayue/ssi/filter/VerifySmFilter.java

@@ -47,7 +47,7 @@ public class VerifySmFilter extends OncePerRequestFilter {
                 if (StringUtils.isNotEmpty(tokenStr)) {
                     // 解密token
                     String decryptTokenStr = SM2CryptUtils.decrypt(tokenStr, SecretKeyConstants.SERVER_PRIVATE_KEY);
-                    String tokenSign = request.getHeader("TokenSign");
+                    String tokenSign = request.getHeader("JySign");
                     // 验证签名
                     boolean verifySign =
                         SM2CryptUtils.verifySign(SecretKeyConstants.CLIENT_PUBLIC_KEY, decryptTokenStr, tokenSign);

backend/src/main/java/com/jiayue/ssi/handler/CustomAuthenticationSuccessHandler.java

@@ -118,7 +118,7 @@ public class CustomAuthenticationSuccessHandler extends SavedRequestAwareAuthent
         String encrypt = SM2CryptUtils.encrypt(obj, SecretKeyConstants.CLIENT_PUBLIC_KEY);
         // token签名
         String signStr = SM2CryptUtils.sign(SecretKeyConstants.SERVER_PRIVATE_KEY,obj);
-        String secretResult = "token="+encrypt+"&tokenSign="+signStr;
+        String secretResult = "jy="+encrypt+"&jySign="+signStr;
         response.addHeader("Access-Control-Allow-Origin", "*");
         response.setStatus(200);
         response.setContentType("text/html;charset=UTF-8");

backend/src/main/java/com/jiayue/ssi/service/SysRoleService.java

@@ -87,14 +87,14 @@ public interface SysRoleService extends IService<SysRole> {
 //     */
 //    public void checkRoleDataScope(Long roleId);
 //
-//    /**
-//     * 通过角色ID查询角色使用数量
-//     *
-//     * @param roleId 角色ID
-//     * @return 结果
-//     */
-//    public int countUserRoleByRoleId(Long roleId);
-//
+    /**
+     * 通过角色ID查询角色使用数量
+     *
+     * @param roleId 角色ID
+     * @return 结果
+     */
+    public int countUserRoleByRoleId(Long roleId);
+
     /**
      * 新增保存角色信息
      *
@@ -102,7 +102,7 @@ public interface SysRoleService extends IService<SysRole> {
      * @return 结果
      */
     public int insertRole(SysRole role);
-//
+
     /**
      * 修改保存角色信息
      *

backend/src/main/java/com/jiayue/ssi/service/impl/SysRoleServiceImpl.java

@@ -10,6 +10,7 @@ import com.jiayue.ssi.entity.SysUser;
 import com.jiayue.ssi.mapper.SysRoleMapper;
 
 import com.jiayue.ssi.mapper.SysRoleMenuMapper;
+import com.jiayue.ssi.mapper.SysUserRoleMapper;
 import com.jiayue.ssi.service.SysRoleService;
 
 import com.jiayue.ssi.util.RyStringUtils;
@@ -35,7 +36,8 @@ public class SysRoleServiceImpl extends ServiceImpl<SysRoleMapper, SysRole> impl
     SysRoleMapper roleMapper;
     @Autowired
     SysRoleMenuMapper roleMenuMapper;
-
+    @Autowired
+    SysUserRoleMapper sysUserRoleMapper;
 
     /**
      * 新增保存角色信息
@@ -189,4 +191,16 @@ public class SysRoleServiceImpl extends ServiceImpl<SysRoleMapper, SysRole> impl
         SysRole sysRole = roleMapper.selectRoleListByUserId(userId);
         return sysRole;
     }
+
+    /**
+     * 通过角色ID查询角色使用数量
+     *
+     * @param roleId 角色ID
+     * @return 结果
+     */
+    @Override
+    public int countUserRoleByRoleId(Long roleId)
+    {
+        return sysUserRoleMapper.countUserRoleByRoleId(roleId);
+    }
 }

backend/src/main/resources/mapper/system/SysUserRoleMapper.xml

@@ -20,7 +20,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
 	</delete>
 
 	<select id="countUserRoleByRoleId" resultType="Integer">
-	    select count(1) from sys_user_role where role_id=#{roleId}
+	    select count(1) from sys_user_role where role_id=#{roleId}  and del_flag=0
 	</select>
 
 	<delete id="deleteUserRole" parameterType="Long">