潘钊 / bsth_control · Commits

Commit c6b5d9688bac5fcd43932a0f179f49fed9e62ce2

Authored by 王通
1 parent 283c54a3
build: skipped

1.CSP变更

Inline Side-by-side
Showing 1 changed file with 105 additions and 105 deletions
src/main/java/com/bsth/filter/AccessLogFilter.java
  View file @c6b5d96
1 -package com.bsth.filter;  
2 -  
3 -import com.alibaba.fastjson.JSON;  
4 -import com.bsth.entity.sys.SysUser;  
5 -import com.bsth.security.util.SecurityUtils;  
6 -import com.bsth.util.IpUtils;  
7 -import com.google.common.collect.Lists;  
8 -import com.google.common.collect.Maps;  
9 -import org.slf4j.Logger;  
10 -import org.slf4j.LoggerFactory;  
11 -import org.springframework.stereotype.Component;  
12 -  
13 -import javax.servlet.FilterChain;  
14 -import javax.servlet.ServletException;  
15 -import javax.servlet.http.HttpServletRequest;  
16 -import javax.servlet.http.HttpServletResponse;  
17 -import java.io.IOException;  
18 -import java.util.Enumeration;  
19 -import java.util.List;  
20 -import java.util.Map;  
21 -  
22 -/**  
23 - *  
24 - * @ClassName: AccessLogFilter  
25 - * @Description: TODO(记录访问日志)  
26 - * @author PanZhao  
27 - * @date 2016年3月17日 下午4:28:31  
28 - *  
29 - */  
30 -@Component  
31 -public class AccessLogFilter extends BaseFilter {  
32 -  
33 - Logger logger = LoggerFactory.getLogger(this.getClass());  
34 -  
35 - @Override  
36 - public void doFilter(HttpServletRequest request,  
37 - HttpServletResponse response, FilterChain chain)  
38 - throws IOException, ServletException {  
39 -  
40 - response.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");  
41 - response.setHeader("Content-Security-Policy", "script-src * 'unsafe-inline' 'unsafe-eval'");  
42 - response.setHeader("X-Download-Options", "noopen");  
43 - response.setHeader("X-Permitted-Cross-Domain-Policies", "none");  
44 - response.setHeader("X-Frame-Options", "sameorigin");  
45 - SysUser user = null;  
46 - if (request.getParameter("token") != null) {  
47 - user = new SysUser();  
48 - user.setUserName("admin");  
49 - } else {  
50 - user = SecurityUtils.getCurrentUser();  
51 - }  
52 - String username = user.getUserName();  
53 - String name = user.getName();  
54 - String jsessionId = request.getRequestedSessionId();  
55 - String ip = IpUtils.getIpAddr(request);  
56 - String userAgent = request.getHeader("User-Agent");  
57 - String url = request.getRequestURI();  
58 - String params = getParams(request);  
59 - String headers = getHeaders(request);  
60 - String method = request.getMethod();  
61 -  
62 - StringBuilder s = new StringBuilder();  
63 - s.append(getBlock(username + " -" + name));  
64 - s.append(getBlock(jsessionId));  
65 - s.append(getBlock(ip));  
66 - s.append(getBlock(userAgent));  
67 - s.append(getBlock(url));  
68 - s.append(getBlock(method));  
69 - s.append(getBlock(params));  
70 - s.append(getBlock(headers));  
71 - s.append(getBlock(request.getHeader("Referer")));  
72 -  
73 - long now = System.currentTimeMillis();  
74 - chain.doFilter(request, response);  
75 - s.append("<cost time:").append(System.currentTimeMillis() - now).append(">");  
76 - logger.info(s.toString());  
77 - }  
78 -  
79 - private static String getParams(HttpServletRequest request) {  
80 - Map<String, String[]> params = request.getParameterMap();  
81 - return JSON.toJSONString(params);  
82 - }  
83 -  
84 - private static String getHeaders(HttpServletRequest request) {  
85 - Map<String, List<String>> headers = Maps.newHashMap();  
86 - Enumeration<String> namesEnumeration = request.getHeaderNames();  
87 - while (namesEnumeration.hasMoreElements()) {  
88 - String name = namesEnumeration.nextElement();  
89 - Enumeration<String> valueEnumeration = request.getHeaders(name);  
90 - List<String> values = Lists.newArrayList();  
91 - while (valueEnumeration.hasMoreElements()) {  
92 - values.add(valueEnumeration.nextElement());  
93 - }  
94 - headers.put(name, values);  
95 - }  
96 - return JSON.toJSONString(headers);  
97 - }  
98 -  
99 - public static String getBlock(Object msg) {  
100 - if (msg == null) {  
101 - msg = "";  
102 - }  
103 - return "[" + msg.toString() + "]";  
104 - }  
105 -} 1 +package com.bsth.filter;
  2 +
  3 +import com.alibaba.fastjson.JSON;
  4 +import com.bsth.entity.sys.SysUser;
  5 +import com.bsth.security.util.SecurityUtils;
  6 +import com.bsth.util.IpUtils;
  7 +import com.google.common.collect.Lists;
  8 +import com.google.common.collect.Maps;
  9 +import org.slf4j.Logger;
  10 +import org.slf4j.LoggerFactory;
  11 +import org.springframework.stereotype.Component;
  12 +
  13 +import javax.servlet.FilterChain;
  14 +import javax.servlet.ServletException;
  15 +import javax.servlet.http.HttpServletRequest;
  16 +import javax.servlet.http.HttpServletResponse;
  17 +import java.io.IOException;
  18 +import java.util.Enumeration;
  19 +import java.util.List;
  20 +import java.util.Map;
  21 +
  22 +/**
  23 + *
  24 + * @ClassName: AccessLogFilter
  25 + * @Description: TODO(记录访问日志)
  26 + * @author PanZhao
  27 + * @date 2016年3月17日 下午4:28:31
  28 + *
  29 + */
  30 +@Component
  31 +public class AccessLogFilter extends BaseFilter {
  32 +
  33 + Logger logger = LoggerFactory.getLogger(this.getClass());
  34 +
  35 + @Override
  36 + public void doFilter(HttpServletRequest request,
  37 + HttpServletResponse response, FilterChain chain)
  38 + throws IOException, ServletException {
  39 +
  40 + response.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
  41 + //response.setHeader("Content-Security-Policy", "script-src * 'unsafe-inline' 'unsafe-eval'");
  42 + response.setHeader("X-Download-Options", "noopen");
  43 + response.setHeader("X-Permitted-Cross-Domain-Policies", "none");
  44 + response.setHeader("X-Frame-Options", "sameorigin");
  45 + SysUser user = null;
  46 + if (request.getParameter("token") != null) {
  47 + user = new SysUser();
  48 + user.setUserName("admin");
  49 + } else {
  50 + user = SecurityUtils.getCurrentUser();
  51 + }
  52 + String username = user.getUserName();
  53 + String name = user.getName();
  54 + String jsessionId = request.getRequestedSessionId();
  55 + String ip = IpUtils.getIpAddr(request);
  56 + String userAgent = request.getHeader("User-Agent");
  57 + String url = request.getRequestURI();
  58 + String params = getParams(request);
  59 + String headers = getHeaders(request);
  60 + String method = request.getMethod();
  61 +
  62 + StringBuilder s = new StringBuilder();
  63 + s.append(getBlock(username + " -" + name));
  64 + s.append(getBlock(jsessionId));
  65 + s.append(getBlock(ip));
  66 + s.append(getBlock(userAgent));
  67 + s.append(getBlock(url));
  68 + s.append(getBlock(method));
  69 + s.append(getBlock(params));
  70 + s.append(getBlock(headers));
  71 + s.append(getBlock(request.getHeader("Referer")));
  72 +
  73 + long now = System.currentTimeMillis();
  74 + chain.doFilter(request, response);
  75 + s.append("<cost time:").append(System.currentTimeMillis() - now).append(">");
  76 + logger.info(s.toString());
  77 + }
  78 +
  79 + private static String getParams(HttpServletRequest request) {
  80 + Map<String, String[]> params = request.getParameterMap();
  81 + return JSON.toJSONString(params);
  82 + }
  83 +
  84 + private static String getHeaders(HttpServletRequest request) {
  85 + Map<String, List<String>> headers = Maps.newHashMap();
  86 + Enumeration<String> namesEnumeration = request.getHeaderNames();
  87 + while (namesEnumeration.hasMoreElements()) {
  88 + String name = namesEnumeration.nextElement();
  89 + Enumeration<String> valueEnumeration = request.getHeaders(name);
  90 + List<String> values = Lists.newArrayList();
  91 + while (valueEnumeration.hasMoreElements()) {
  92 + values.add(valueEnumeration.nextElement());
  93 + }
  94 + headers.put(name, values);
  95 + }
  96 + return JSON.toJSONString(headers);
  97 + }
  98 +
  99 + public static String getBlock(Object msg) {
  100 + if (msg == null) {
  101 + msg = "";
  102 + }
  103 + return "[" + msg.toString() + "]";
  104 + }
  105 +}