mirror of
https://github.com/yangzongzhuan/RuoYi.git
synced 2025-10-15 01:58:29 +00:00
新增CSRF防护功能
This commit is contained in:
@@ -33,9 +33,9 @@ public class ShiroConstants
|
||||
public static final String ERROR = "errorMsg";
|
||||
|
||||
/**
|
||||
* 编码格式
|
||||
* csrf key
|
||||
*/
|
||||
public static final String ENCODING = "UTF-8";
|
||||
public static final String CSRF_TOKEN = "csrf_token";
|
||||
|
||||
/**
|
||||
* 当前在线会话
|
||||
|
@@ -4,6 +4,8 @@ import java.io.IOException;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.net.URLDecoder;
|
||||
import java.net.URLEncoder;
|
||||
import java.security.SecureRandom;
|
||||
import java.util.Base64;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
@@ -25,6 +27,8 @@ public class ServletUtils
|
||||
*/
|
||||
private final static String[] agent = { "Android", "iPhone", "iPod", "iPad", "Windows Phone", "MQQBrowser" };
|
||||
|
||||
private static final SecureRandom secureRandom = new SecureRandom();
|
||||
|
||||
/**
|
||||
* 获取String参数
|
||||
*/
|
||||
@@ -213,4 +217,16 @@ public class ServletUtils
|
||||
return StringUtils.EMPTY;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 生成CSRF Token
|
||||
*
|
||||
* @return 解码后的内容
|
||||
*/
|
||||
public static String generateToken()
|
||||
{
|
||||
byte[] bytes = new byte[32];
|
||||
secureRandom.nextBytes(bytes);
|
||||
return Base64.getEncoder().encodeToString(bytes);
|
||||
}
|
||||
}
|
||||
|
@@ -357,6 +357,18 @@ public class StringUtils extends org.apache.commons.lang3.StringUtils
|
||||
return new HashSet<String>(str2List(str, sep, true, false));
|
||||
}
|
||||
|
||||
/**
|
||||
* 字符串转list
|
||||
*
|
||||
* @param str 字符串
|
||||
* @param sep 分隔符
|
||||
* @return list集合
|
||||
*/
|
||||
public static final List<String> str2List(String str, String sep)
|
||||
{
|
||||
return str2List(str, sep, true, false);
|
||||
}
|
||||
|
||||
/**
|
||||
* 字符串转list
|
||||
*
|
||||
|
Reference in New Issue
Block a user