新增CSRF防护功能

This commit is contained in:
RuoYi
2025-04-15 16:24:42 +08:00
parent 407f9f46d8
commit ea9976575a
11 changed files with 175 additions and 9 deletions

View File

@@ -33,9 +33,9 @@ public class ShiroConstants
public static final String ERROR = "errorMsg";
/**
* 编码格式
* csrf key
*/
public static final String ENCODING = "UTF-8";
public static final String CSRF_TOKEN = "csrf_token";
/**
* 当前在线会话

View File

@@ -4,6 +4,8 @@ import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.SecureRandom;
import java.util.Base64;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
@@ -25,6 +27,8 @@ public class ServletUtils
*/
private final static String[] agent = { "Android", "iPhone", "iPod", "iPad", "Windows Phone", "MQQBrowser" };
private static final SecureRandom secureRandom = new SecureRandom();
/**
* 获取String参数
*/
@@ -213,4 +217,16 @@ public class ServletUtils
return StringUtils.EMPTY;
}
}
/**
* 生成CSRF Token
*
* @return 解码后的内容
*/
public static String generateToken()
{
byte[] bytes = new byte[32];
secureRandom.nextBytes(bytes);
return Base64.getEncoder().encodeToString(bytes);
}
}

View File

@@ -357,6 +357,18 @@ public class StringUtils extends org.apache.commons.lang3.StringUtils
return new HashSet<String>(str2List(str, sep, true, false));
}
/**
* 字符串转list
*
* @param str 字符串
* @param sep 分隔符
* @return list集合
*/
public static final List<String> str2List(String str, String sep)
{
return str2List(str, sep, true, false);
}
/**
* 字符串转list
*