Commit d7e1c51c4a267b8e4e0054265cf658b419950711
1 parent
bec3ed60
update...
Showing
2 changed files
with
12 additions
and
0 deletions
src/main/java/com/bsth/server_rs/AuthorizeInterceptor_IN.java
| @@ -34,6 +34,7 @@ public class AuthorizeInterceptor_IN extends AbstractPhaseInterceptor<Message> i | @@ -34,6 +34,7 @@ public class AuthorizeInterceptor_IN extends AbstractPhaseInterceptor<Message> i | ||
| 34 | private static final String NONCE = "nonce"; | 34 | private static final String NONCE = "nonce"; |
| 35 | private static final String PASSWORD = "password"; | 35 | private static final String PASSWORD = "password"; |
| 36 | private static final int MAX_TIME_DIFF = 1000 * 60 * 10; | 36 | private static final int MAX_TIME_DIFF = 1000 * 60 * 10; |
| 37 | + private static Map<String, String> pwd2nonceMap; | ||
| 37 | 38 | ||
| 38 | static UserService userService; | 39 | static UserService userService; |
| 39 | 40 | ||
| @@ -43,6 +44,10 @@ public class AuthorizeInterceptor_IN extends AbstractPhaseInterceptor<Message> i | @@ -43,6 +44,10 @@ public class AuthorizeInterceptor_IN extends AbstractPhaseInterceptor<Message> i | ||
| 43 | super(Phase.RECEIVE); | 44 | super(Phase.RECEIVE); |
| 44 | } | 45 | } |
| 45 | 46 | ||
| 47 | + static { | ||
| 48 | + pwd2nonceMap = new HashMap<>(); | ||
| 49 | + } | ||
| 50 | + | ||
| 46 | @Override | 51 | @Override |
| 47 | public void handleMessage(Message message) throws Fault { | 52 | public void handleMessage(Message message) throws Fault { |
| 48 | 53 | ||
| @@ -86,6 +91,10 @@ public class AuthorizeInterceptor_IN extends AbstractPhaseInterceptor<Message> i | @@ -86,6 +91,10 @@ public class AuthorizeInterceptor_IN extends AbstractPhaseInterceptor<Message> i | ||
| 86 | throw new AesException(AesException.MISS_PWD); | 91 | throw new AesException(AesException.MISS_PWD); |
| 87 | } | 92 | } |
| 88 | 93 | ||
| 94 | + String prevNonce = pwd2nonceMap.get(map.get(PASSWORD)); | ||
| 95 | + if(prevNonce != null && prevNonce.equals(map.get(NONCE))) | ||
| 96 | + throw new AesException(AesException.NO_RANDOM_NONCE); | ||
| 97 | + | ||
| 89 | if (userService.get(map.get(PASSWORD)) == null) { | 98 | if (userService.get(map.get(PASSWORD)) == null) { |
| 90 | throw new AesException(AesException.INVALID_PWD); | 99 | throw new AesException(AesException.INVALID_PWD); |
| 91 | } | 100 | } |
src/main/java/com/bsth/server_rs/exception/AesException.java
| @@ -9,6 +9,7 @@ public class AesException extends RuntimeException { | @@ -9,6 +9,7 @@ public class AesException extends RuntimeException { | ||
| 9 | public final static int MISS_SIGN = -30001; | 9 | public final static int MISS_SIGN = -30001; |
| 10 | public final static int MISS_TIMESTAMP = -30002; | 10 | public final static int MISS_TIMESTAMP = -30002; |
| 11 | public final static int MISS_NONCE = -30003; | 11 | public final static int MISS_NONCE = -30003; |
| 12 | + public final static int NO_RANDOM_NONCE = -30005; | ||
| 12 | public final static int MISS_PWD = -30004; | 13 | public final static int MISS_PWD = -30004; |
| 13 | public final static int SIGN_CHECK_ERROR = -40001; | 14 | public final static int SIGN_CHECK_ERROR = -40001; |
| 14 | public final static int SIGN_CHECK_FAIL = -40002; | 15 | public final static int SIGN_CHECK_FAIL = -40002; |
| @@ -25,6 +26,8 @@ public class AesException extends RuntimeException { | @@ -25,6 +26,8 @@ public class AesException extends RuntimeException { | ||
| 25 | return "timestamp参数丢失"; | 26 | return "timestamp参数丢失"; |
| 26 | case MISS_NONCE: | 27 | case MISS_NONCE: |
| 27 | return "nonce参数丢失"; | 28 | return "nonce参数丢失"; |
| 29 | + case NO_RANDOM_NONCE: | ||
| 30 | + return "nonce参数异常"; | ||
| 28 | case MISS_PWD: | 31 | case MISS_PWD: |
| 29 | return "密码参数丢失"; | 32 | return "密码参数丢失"; |
| 30 | case INVALID_PWD: | 33 | case INVALID_PWD: |