|
@@ -110,6 +110,14 @@ public class SecurityInterceptor implements HandlerInterceptor, ApplicationEvent |
|
@@ -110,6 +110,14 @@ public class SecurityInterceptor implements HandlerInterceptor, ApplicationEvent |
|
110
|
String businessLine = params.get("business_line");
|
110
|
String businessLine = params.get("business_line");
|
|
111
|
//==============以下是完全不校验的场景=========================
|
111
|
//==============以下是完全不校验的场景=========================
|
|
112
|
|
112
|
|
|
|
|
113
|
+ //1 后门, 不需要校验, (1)检查请求参数是否有预留的后门参数_sncp, 并且_sncp的值是有效的. 放行 _sncp的值再5.6版本会去掉
|
|
|
|
114
|
+ String temporaryValueQeq = params.get("_sncp"); //请求的预留后门的值
|
|
|
|
115
|
+ String temporaryValue = configReader.getString("gateway.client.secret.h5", "");
|
|
|
|
116
|
+ if (!StringUtils.isEmpty(temporaryValueQeq) && !StringUtils.isEmpty(temporaryValue) && temporaryValueQeq.trim().equals(temporaryValue.trim()) && isInnerIp(httpServletRequest)){
|
|
|
|
117
|
+ return ;
|
|
|
|
118
|
+ }
|
|
|
|
119
|
+
|
|
|
|
120
|
+
|
|
113
|
//2 是否校验全部接口,开关-true:校验全部接口(除去@IgnoreSession注解接口) 开关-false:只校验核心接口
|
121
|
//2 是否校验全部接口,开关-true:校验全部接口(除去@IgnoreSession注解接口) 开关-false:只校验核心接口
|
|
114
|
boolean isVerifyAllMethod = configReader.getBoolean("gateway.session.isVerifyAllMethod", true);
|
122
|
boolean isVerifyAllMethod = configReader.getBoolean("gateway.session.isVerifyAllMethod", true);
|
|
115
|
if(!isVerifyAllMethod){
|
123
|
if(!isVerifyAllMethod){
|
|
@@ -479,4 +487,48 @@ public class SecurityInterceptor implements HandlerInterceptor, ApplicationEvent |
|
@@ -479,4 +487,48 @@ public class SecurityInterceptor implements HandlerInterceptor, ApplicationEvent |
|
479
|
return false;
|
487
|
return false;
|
|
480
|
}
|
488
|
}
|
|
481
|
}
|
489
|
}
|
|
|
|
490
|
+
|
|
|
|
491
|
+ /**
|
|
|
|
492
|
+ * 是否内网ip
|
|
|
|
493
|
+ * @param request
|
|
|
|
494
|
+ * @return
|
|
|
|
495
|
+ */
|
|
|
|
496
|
+ public boolean isInnerIp(HttpServletRequest request){
|
|
|
|
497
|
+ //增加内网ip验证开关,供压测时使用
|
|
|
|
498
|
+ boolean isInnerIpVerifyEnable = configReader.getBoolean("gateway.security.isInnerIpVerifyEnable", true);
|
|
|
|
499
|
+ if(!isInnerIpVerifyEnable){
|
|
|
|
500
|
+ return true;
|
|
|
|
501
|
+ }
|
|
|
|
502
|
+ String ip = getRemoteIP(request);
|
|
|
|
503
|
+ String[] ipArr = ip.split(",");
|
|
|
|
504
|
+ InetAddress inetAddress = null;
|
|
|
|
505
|
+ try {
|
|
|
|
506
|
+ inetAddress = InetAddress.getByName( ipArr[ ipArr.length - 1 ].trim() );
|
|
|
|
507
|
+ } catch (UnknownHostException e) {
|
|
|
|
508
|
+ logger.warn("isInnerIp error is {}", e);
|
|
|
|
509
|
+ }
|
|
|
|
510
|
+ if ( inetAddress.isSiteLocalAddress() ) {
|
|
|
|
511
|
+ // 是内网IP
|
|
|
|
512
|
+ return true;
|
|
|
|
513
|
+ } else {
|
|
|
|
514
|
+ // 不是内网接口
|
|
|
|
515
|
+ logger.info( "handler inner api interceptor, {} can not run inner api.", ip );
|
|
|
|
516
|
+ return false;
|
|
|
|
517
|
+ }
|
|
|
|
518
|
+ }
|
|
|
|
519
|
+
|
|
|
|
520
|
+
|
|
|
|
521
|
+ /**
|
|
|
|
522
|
+ * 获取用户IP
|
|
|
|
523
|
+ *
|
|
|
|
524
|
+ * @param httpServletRequest 1) x-forwarded-for 2).getRemoteAddr()
|
|
|
|
525
|
+ * @return 用户IP
|
|
|
|
526
|
+ */
|
|
|
|
527
|
+ private String getRemoteIP(final HttpServletRequest httpServletRequest) {
|
|
|
|
528
|
+ String ip = httpServletRequest.getHeader("X-Forwarded-For");
|
|
|
|
529
|
+ if (StringUtils.isEmpty(ip)) {
|
|
|
|
530
|
+ ip = httpServletRequest.getRemoteAddr();
|
|
|
|
531
|
+ }
|
|
|
|
532
|
+ return ip;
|
|
|
|
533
|
+ }
|
|
482
|
} |
534
|
} |
