Commit d7e1c51c4a267b8e4e0054265cf658b419950711
1 parent
bec3ed60
update...
Showing
2 changed files
with
12 additions
and
0 deletions
src/main/java/com/bsth/server_rs/AuthorizeInterceptor_IN.java
| ... | ... | @@ -34,6 +34,7 @@ public class AuthorizeInterceptor_IN extends AbstractPhaseInterceptor<Message> i |
| 34 | 34 | private static final String NONCE = "nonce"; |
| 35 | 35 | private static final String PASSWORD = "password"; |
| 36 | 36 | private static final int MAX_TIME_DIFF = 1000 * 60 * 10; |
| 37 | + private static Map<String, String> pwd2nonceMap; | |
| 37 | 38 | |
| 38 | 39 | static UserService userService; |
| 39 | 40 | |
| ... | ... | @@ -43,6 +44,10 @@ public class AuthorizeInterceptor_IN extends AbstractPhaseInterceptor<Message> i |
| 43 | 44 | super(Phase.RECEIVE); |
| 44 | 45 | } |
| 45 | 46 | |
| 47 | + static { | |
| 48 | + pwd2nonceMap = new HashMap<>(); | |
| 49 | + } | |
| 50 | + | |
| 46 | 51 | @Override |
| 47 | 52 | public void handleMessage(Message message) throws Fault { |
| 48 | 53 | |
| ... | ... | @@ -86,6 +91,10 @@ public class AuthorizeInterceptor_IN extends AbstractPhaseInterceptor<Message> i |
| 86 | 91 | throw new AesException(AesException.MISS_PWD); |
| 87 | 92 | } |
| 88 | 93 | |
| 94 | + String prevNonce = pwd2nonceMap.get(map.get(PASSWORD)); | |
| 95 | + if(prevNonce != null && prevNonce.equals(map.get(NONCE))) | |
| 96 | + throw new AesException(AesException.NO_RANDOM_NONCE); | |
| 97 | + | |
| 89 | 98 | if (userService.get(map.get(PASSWORD)) == null) { |
| 90 | 99 | throw new AesException(AesException.INVALID_PWD); |
| 91 | 100 | } | ... | ... |
src/main/java/com/bsth/server_rs/exception/AesException.java
| ... | ... | @@ -9,6 +9,7 @@ public class AesException extends RuntimeException { |
| 9 | 9 | public final static int MISS_SIGN = -30001; |
| 10 | 10 | public final static int MISS_TIMESTAMP = -30002; |
| 11 | 11 | public final static int MISS_NONCE = -30003; |
| 12 | + public final static int NO_RANDOM_NONCE = -30005; | |
| 12 | 13 | public final static int MISS_PWD = -30004; |
| 13 | 14 | public final static int SIGN_CHECK_ERROR = -40001; |
| 14 | 15 | public final static int SIGN_CHECK_FAIL = -40002; |
| ... | ... | @@ -25,6 +26,8 @@ public class AesException extends RuntimeException { |
| 25 | 26 | return "timestamp参数丢失"; |
| 26 | 27 | case MISS_NONCE: |
| 27 | 28 | return "nonce参数丢失"; |
| 29 | + case NO_RANDOM_NONCE: | |
| 30 | + return "nonce参数异常"; | |
| 28 | 31 | case MISS_PWD: |
| 29 | 32 | return "密码参数丢失"; |
| 30 | 33 | case INVALID_PWD: | ... | ... |