潘钊 / bsth_control · Commits

Commit c6b5d9688bac5fcd43932a0f179f49fed9e62ce2

Authored by 王通
1 parent 283c54a3
build: skipped

1.CSP变更

Inline Side-by-side
Showing 1 changed file with 105 additions and 105 deletions
src/main/java/com/bsth/filter/AccessLogFilter.java
  View file @c6b5d96
1   -package com.bsth.filter;
2   -
3   -import com.alibaba.fastjson.JSON;
4   -import com.bsth.entity.sys.SysUser;
5   -import com.bsth.security.util.SecurityUtils;
6   -import com.bsth.util.IpUtils;
7   -import com.google.common.collect.Lists;
8   -import com.google.common.collect.Maps;
9   -import org.slf4j.Logger;
10   -import org.slf4j.LoggerFactory;
11   -import org.springframework.stereotype.Component;
12   -
13   -import javax.servlet.FilterChain;
14   -import javax.servlet.ServletException;
15   -import javax.servlet.http.HttpServletRequest;
16   -import javax.servlet.http.HttpServletResponse;
17   -import java.io.IOException;
18   -import java.util.Enumeration;
19   -import java.util.List;
20   -import java.util.Map;
21   -
22   -/**
23   - *
24   - * @ClassName: AccessLogFilter
25   - * @Description: TODO(记录访问日志)
26   - * @author PanZhao
27   - * @date 2016年3月17日 下午4:28:31
28   - *
29   - */
30   -@Component
31   -public class AccessLogFilter extends BaseFilter {
32   -
33   - Logger logger = LoggerFactory.getLogger(this.getClass());
34   -
35   - @Override
36   - public void doFilter(HttpServletRequest request,
37   - HttpServletResponse response, FilterChain chain)
38   - throws IOException, ServletException {
39   -
40   - response.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
41   - response.setHeader("Content-Security-Policy", "script-src * 'unsafe-inline' 'unsafe-eval'");
42   - response.setHeader("X-Download-Options", "noopen");
43   - response.setHeader("X-Permitted-Cross-Domain-Policies", "none");
44   - response.setHeader("X-Frame-Options", "sameorigin");
45   - SysUser user = null;
46   - if (request.getParameter("token") != null) {
47   - user = new SysUser();
48   - user.setUserName("admin");
49   - } else {
50   - user = SecurityUtils.getCurrentUser();
51   - }
52   - String username = user.getUserName();
53   - String name = user.getName();
54   - String jsessionId = request.getRequestedSessionId();
55   - String ip = IpUtils.getIpAddr(request);
56   - String userAgent = request.getHeader("User-Agent");
57   - String url = request.getRequestURI();
58   - String params = getParams(request);
59   - String headers = getHeaders(request);
60   - String method = request.getMethod();
61   -
62   - StringBuilder s = new StringBuilder();
63   - s.append(getBlock(username + " -" + name));
64   - s.append(getBlock(jsessionId));
65   - s.append(getBlock(ip));
66   - s.append(getBlock(userAgent));
67   - s.append(getBlock(url));
68   - s.append(getBlock(method));
69   - s.append(getBlock(params));
70   - s.append(getBlock(headers));
71   - s.append(getBlock(request.getHeader("Referer")));
72   -
73   - long now = System.currentTimeMillis();
74   - chain.doFilter(request, response);
75   - s.append("<cost time:").append(System.currentTimeMillis() - now).append(">");
76   - logger.info(s.toString());
77   - }
78   -
79   - private static String getParams(HttpServletRequest request) {
80   - Map<String, String[]> params = request.getParameterMap();
81   - return JSON.toJSONString(params);
82   - }
83   -
84   - private static String getHeaders(HttpServletRequest request) {
85   - Map<String, List<String>> headers = Maps.newHashMap();
86   - Enumeration<String> namesEnumeration = request.getHeaderNames();
87   - while (namesEnumeration.hasMoreElements()) {
88   - String name = namesEnumeration.nextElement();
89   - Enumeration<String> valueEnumeration = request.getHeaders(name);
90   - List<String> values = Lists.newArrayList();
91   - while (valueEnumeration.hasMoreElements()) {
92   - values.add(valueEnumeration.nextElement());
93   - }
94   - headers.put(name, values);
95   - }
96   - return JSON.toJSONString(headers);
97   - }
98   -
99   - public static String getBlock(Object msg) {
100   - if (msg == null) {
101   - msg = "";
102   - }
103   - return "[" + msg.toString() + "]";
104   - }
105   -}
  1 +package com.bsth.filter;
  2 +
  3 +import com.alibaba.fastjson.JSON;
  4 +import com.bsth.entity.sys.SysUser;
  5 +import com.bsth.security.util.SecurityUtils;
  6 +import com.bsth.util.IpUtils;
  7 +import com.google.common.collect.Lists;
  8 +import com.google.common.collect.Maps;
  9 +import org.slf4j.Logger;
  10 +import org.slf4j.LoggerFactory;
  11 +import org.springframework.stereotype.Component;
  12 +
  13 +import javax.servlet.FilterChain;
  14 +import javax.servlet.ServletException;
  15 +import javax.servlet.http.HttpServletRequest;
  16 +import javax.servlet.http.HttpServletResponse;
  17 +import java.io.IOException;
  18 +import java.util.Enumeration;
  19 +import java.util.List;
  20 +import java.util.Map;
  21 +
  22 +/**
  23 + *
  24 + * @ClassName: AccessLogFilter
  25 + * @Description: TODO(记录访问日志)
  26 + * @author PanZhao
  27 + * @date 2016年3月17日 下午4:28:31
  28 + *
  29 + */
  30 +@Component
  31 +public class AccessLogFilter extends BaseFilter {
  32 +
  33 + Logger logger = LoggerFactory.getLogger(this.getClass());
  34 +
  35 + @Override
  36 + public void doFilter(HttpServletRequest request,
  37 + HttpServletResponse response, FilterChain chain)
  38 + throws IOException, ServletException {
  39 +
  40 + response.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
  41 + //response.setHeader("Content-Security-Policy", "script-src * 'unsafe-inline' 'unsafe-eval'");
  42 + response.setHeader("X-Download-Options", "noopen");
  43 + response.setHeader("X-Permitted-Cross-Domain-Policies", "none");
  44 + response.setHeader("X-Frame-Options", "sameorigin");
  45 + SysUser user = null;
  46 + if (request.getParameter("token") != null) {
  47 + user = new SysUser();
  48 + user.setUserName("admin");
  49 + } else {
  50 + user = SecurityUtils.getCurrentUser();
  51 + }
  52 + String username = user.getUserName();
  53 + String name = user.getName();
  54 + String jsessionId = request.getRequestedSessionId();
  55 + String ip = IpUtils.getIpAddr(request);
  56 + String userAgent = request.getHeader("User-Agent");
  57 + String url = request.getRequestURI();
  58 + String params = getParams(request);
  59 + String headers = getHeaders(request);
  60 + String method = request.getMethod();
  61 +
  62 + StringBuilder s = new StringBuilder();
  63 + s.append(getBlock(username + " -" + name));
  64 + s.append(getBlock(jsessionId));
  65 + s.append(getBlock(ip));
  66 + s.append(getBlock(userAgent));
  67 + s.append(getBlock(url));
  68 + s.append(getBlock(method));
  69 + s.append(getBlock(params));
  70 + s.append(getBlock(headers));
  71 + s.append(getBlock(request.getHeader("Referer")));
  72 +
  73 + long now = System.currentTimeMillis();
  74 + chain.doFilter(request, response);
  75 + s.append("<cost time:").append(System.currentTimeMillis() - now).append(">");
  76 + logger.info(s.toString());
  77 + }
  78 +
  79 + private static String getParams(HttpServletRequest request) {
  80 + Map<String, String[]> params = request.getParameterMap();
  81 + return JSON.toJSONString(params);
  82 + }
  83 +
  84 + private static String getHeaders(HttpServletRequest request) {
  85 + Map<String, List<String>> headers = Maps.newHashMap();
  86 + Enumeration<String> namesEnumeration = request.getHeaderNames();
  87 + while (namesEnumeration.hasMoreElements()) {
  88 + String name = namesEnumeration.nextElement();
  89 + Enumeration<String> valueEnumeration = request.getHeaders(name);
  90 + List<String> values = Lists.newArrayList();
  91 + while (valueEnumeration.hasMoreElements()) {
  92 + values.add(valueEnumeration.nextElement());
  93 + }
  94 + headers.put(name, values);
  95 + }
  96 + return JSON.toJSONString(headers);
  97 + }
  98 +
  99 + public static String getBlock(Object msg) {
  100 + if (msg == null) {
  101 + msg = "";
  102 + }
  103 + return "[" + msg.toString() + "]";
  104 + }
  105 +}
... ...