Commit ce14cec6 by 钟明宏

增加上传权限验证

parent 0a5601db
......@@ -5,7 +5,7 @@
<parent>
<artifactId>maven-document-upload-parent</artifactId>
<groupId>cn.yunmaozj.tools</groupId>
<version>1.0.7</version>
<version>1.0.8</version>
</parent>
<modelVersion>4.0.0</modelVersion>
......
package cn.yunmaozj.configuration;
import cn.yunmaozj.common.SystemFile;
import cn.yunmaozj.security.Developer;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.AsyncHandlerInterceptor;
import org.springframework.web.servlet.HandlerInterceptor;
......@@ -10,6 +14,8 @@ import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import static javax.servlet.http.HttpServletResponse.SC_FORBIDDEN;
/**
* 文档上传拦截器,这里会对判断是否是登录的用户
*
......@@ -20,16 +26,34 @@ import javax.servlet.http.HttpServletResponse;
@Component
public class DocumentUploadInterceptor implements HandlerInterceptor {
private final Logger logger = LoggerFactory.getLogger(DocumentUploadInterceptor.class);
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
logger.info("DocumentUploadInterceptor.postHandle[{}]",request.getRequestURL());
private SystemFile systemFile;
public DocumentUploadInterceptor(SystemFile systemFile) {
this.systemFile = systemFile;
}
private final Logger logger = LoggerFactory.getLogger(DocumentUploadInterceptor.class);
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
logger.info("DocumentUploadInterceptor.postHandle[{}]",request.getRequestURL());
String user = request.getParameter("user");
String password = request.getParameter("password");
logger.info("DocumentUploadInterceptor.preHandle[{}] user[{}] password:[{}]", request.getRequestURL(), user, password);
if (StringUtils.isAnyEmpty(user, password)) {
response.sendError(SC_FORBIDDEN,"您需要输入正确的用户名和密码");
return false;
}
if (Developer.exits(systemFile, user)) {
Developer developer = new Developer(systemFile, user);
if (!password.equals(developer.getPassword())) {
response.sendError(403,"您需要输入正确的用户名和密码");
return false;
}
} else {
response.sendError(403,"您需要输入正确的用户名和密码");
return false;
}
return true;
}
}
......@@ -81,6 +81,19 @@ public class Developer {
return userFile;
}
/**
* 判断是否存在用户
*
* @return
*/
public static boolean existUser(SystemFile systemFile, String id) {
if (id.endsWith(".xml")) {
File userFile = new File(systemFile.getUserDir(), id);
return userFile.exists();
}
File userFile = new File(systemFile.getUserDir(), id + ".xml");
return userFile.exists();
}
public List<String> roles() {
return getChildNodeText(TAG_ROLES, TAG_ROLE);
......
......@@ -5,7 +5,7 @@
<parent>
<artifactId>maven-document-upload-parent</artifactId>
<groupId>cn.yunmaozj.tools</groupId>
<version>1.0.7</version>
<version>1.0.8</version>
</parent>
<modelVersion>4.0.0</modelVersion>
......
......@@ -11,6 +11,7 @@ import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugins.annotations.*;
import org.apache.maven.project.MavenProject;
import org.apache.maven.settings.Server;
import org.apache.maven.settings.Settings;
import org.codehaus.plexus.util.StringUtils;
import org.dom4j.Element;
......@@ -58,8 +59,10 @@ public class DocumentUploadMojo extends AbstractMojo {
private String siteServerUserName;
@Parameter(property = "siteServerPassword")
private String siteServerPassword;
@Parameter(property = "securityToken", defaultValue = "上传到服务器的token")
private String securityToken;
@Parameter(property = "uploadUser", required = true)
private String uploadUser;
@Parameter(property = "uploadPassword", required = true)
private String uploadPassword;
@Parameter(defaultValue = "${project}", readonly = true, required = true)
private MavenProject project;
@Parameter(defaultValue = "${settings}", readonly = true, required = true)
......@@ -69,7 +72,7 @@ public class DocumentUploadMojo extends AbstractMojo {
public void execute() throws MojoExecutionException, MojoFailureException {
if (skip) {
getLog().info("skip site-upload");
getLog().info("skip document-upload");
return;
}
for (Directory directory : directories.getFileList()) {
......@@ -107,6 +110,8 @@ public class DocumentUploadMojo extends AbstractMojo {
MultipartBody body = new MultipartBody.Builder()
.setType(MultipartBody.FORM)
.addFormDataPart("file", name, fileBody)
.addFormDataPart("user", uploadUser)
.addFormDataPart("password", uploadPassword)
.build();
HttpUrl.Builder httpUrlBuilder = new HttpUrl.Builder();
......@@ -124,7 +129,8 @@ public class DocumentUploadMojo extends AbstractMojo {
.post(body).build();
Response response = getClient().newCall(request).execute();
getLog().info("Uploading file:[" + outFile + "] to [" + request.url() + "]");
getLog().info(response.toString());
if (!response.isSuccessful())
getLog().info("Response Body[" + response.body().string() + "]");
}
/**
......
......@@ -11,7 +11,7 @@
<groupId>cn.yunmaozj.tools</groupId>
<artifactId>maven-document-upload-parent</artifactId>
<version>1.0.7</version>
<version>1.0.8</version>
<description>站点上传插件</description>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment