增加登录表单的refer验证
This commit is contained in:
parent
8c8b8b8037
commit
8726fb38ce
@ -1,6 +1,7 @@
|
||||
package ink.wgink.login.base.authentication;
|
||||
|
||||
import ink.wgink.interfaces.consts.ISystemConstant;
|
||||
import ink.wgink.login.base.consts.IUserCenterConst;
|
||||
import ink.wgink.login.base.exceptions.UserAuthenticationException;
|
||||
import ink.wgink.login.base.manager.ConfigManager;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
@ -65,4 +66,24 @@ public abstract class BaseAuthenticationProcessingFilter extends AbstractAuthent
|
||||
throw new UserAuthenticationException("登录方法必须是POST");
|
||||
}
|
||||
}
|
||||
|
||||
protected void checkReferToken(HttpServletRequest request) {
|
||||
Object referToken = request.getSession().getAttribute(IUserCenterConst.REFER_TOKEN);
|
||||
if(referToken == null) {
|
||||
throw new UserAuthenticationException("refer参数为空,请重新刷新页面");
|
||||
}
|
||||
String sessionReferToken = referToken.toString();
|
||||
if(StringUtils.isBlank(sessionReferToken)) {
|
||||
throw new UserAuthenticationException("refer参数为空,请重新刷新页面");
|
||||
}
|
||||
String pageReferToken = request.getParameter(IUserCenterConst.REFER_TOKEN);
|
||||
if(StringUtils.isBlank(pageReferToken)) {
|
||||
throw new UserAuthenticationException("请求头中缺少refer参数");
|
||||
}
|
||||
if(!StringUtils.equals(sessionReferToken, pageReferToken)) {
|
||||
throw new UserAuthenticationException("refer不匹配");
|
||||
}
|
||||
// 校验成功删除session中的refer
|
||||
request.getSession().removeAttribute(IUserCenterConst.REFER_TOKEN);
|
||||
}
|
||||
}
|
||||
|
||||
@ -32,6 +32,7 @@ public class UserAuthenticationFilter extends BaseAuthenticationProcessingFilter
|
||||
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
|
||||
checkVerificationCode(request);
|
||||
checkPostMethod(request);
|
||||
checkReferToken(request);
|
||||
|
||||
String username = request.getParameter(KEY_USERNAME);
|
||||
String password = request.getParameter(KEY_PASSWORD);
|
||||
|
||||
@ -103,4 +103,9 @@ public interface IUserCenterConst {
|
||||
*/
|
||||
String CUSTOM_LOGIN_FORM = "customLoginForm";
|
||||
|
||||
/**
|
||||
* refer验证token
|
||||
*/
|
||||
String REFER_TOKEN = "referToken";
|
||||
|
||||
}
|
||||
|
||||
@ -6,6 +6,7 @@ import ink.wgink.login.base.manager.ConfigManager;
|
||||
import ink.wgink.login.base.service.IOAuthService;
|
||||
import ink.wgink.properties.BaseProperties;
|
||||
import ink.wgink.properties.ServerProperties;
|
||||
import ink.wgink.util.UUIDUtil;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
@ -30,8 +31,14 @@ public class OAuthServiceImpl implements IOAuthService {
|
||||
|
||||
@Override
|
||||
public Map<String, String> getPageParams(HttpServletRequest request) {
|
||||
// session中设置refer验证token
|
||||
String referHeaderToken = UUIDUtil.getUUID();
|
||||
request.getSession().setAttribute(IUserCenterConst.REFER_TOKEN, referHeaderToken);
|
||||
|
||||
Map<String, String> config = ConfigManager.getInstance().getConfig();
|
||||
Map<String, String> pageParams = new HashMap<>(16);
|
||||
pageParams.put(IUserCenterConst.REFER_TOKEN, referHeaderToken);
|
||||
|
||||
Object errorMessage = request.getSession().getAttribute(IUserCenterConst.ERROR_MESSAGE);
|
||||
Object loginUsername = request.getSession().getAttribute(IUserCenterConst.LOGIN_USERNAME);
|
||||
pageParams.put(IUserCenterConst.ERROR_MESSAGE, errorMessage == null ? null : errorMessage.toString());
|
||||
|
||||
@ -50,6 +50,7 @@
|
||||
</div>
|
||||
<div id="loginFormBox" class="layadmin-user-login-box layadmin-user-login-body layui-form">
|
||||
<form id="loginForm" :action="pageParams.loginFormAction" method="post" @submit.prevent="submitForm">
|
||||
<input type="hidden" name="referToken" v-model="formData.referToken"/>
|
||||
<div class="layui-form-item">
|
||||
<label class="layadmin-user-login-icon layui-icon layui-icon-username" for="username"></label>
|
||||
<input type="text" v-model="formData.username" id="username" name="username" lay-verify="username" placeholder="用户名" class="layui-input">
|
||||
@ -103,6 +104,7 @@
|
||||
var cookie = layui.cookie;
|
||||
var md5 = layui.md5;
|
||||
var base64 = layui.base64;
|
||||
var restAjax = layui.restajax;
|
||||
|
||||
var pageParams = [[${pageParams}]];
|
||||
new Vue({
|
||||
@ -110,6 +112,7 @@
|
||||
data: {
|
||||
pageParams: pageParams,
|
||||
formData: {
|
||||
referToken: pageParams.referToken,
|
||||
verificationCode: '',
|
||||
username: pageParams.loginUsername,
|
||||
password: '',
|
||||
@ -202,7 +205,6 @@
|
||||
form.on('checkbox(rememberFilter)', function(data) {
|
||||
self.formData.remember = data.elem.checked;
|
||||
});
|
||||
$('#')
|
||||
// 保单验证
|
||||
form.verify({
|
||||
username: function(value, item) {
|
||||
|
||||
@ -122,10 +122,11 @@
|
||||
</div>
|
||||
<blockquote class="layui-elem-quote">
|
||||
<ul>
|
||||
<li>1. form表单代码:表单的HTML代码。</li>
|
||||
<li>2. form表单样式:表单的CSS代码。</li>
|
||||
<li>3. dom节点的条件判断使用vue判断,根据<b>pageParams</b>中的属性动态判断dom元素的展示方式。</li>
|
||||
<li>4. pageParams 属性说明:</li>
|
||||
<li>1. form表单的ID为:<b>loginForm</b></li>
|
||||
<li>2. form表单代码:表单的HTML代码。</li>
|
||||
<li>3. form表单样式:表单的CSS代码。</li>
|
||||
<li>4. dom节点的条件判断使用vue判断,根据<b>pageParams</b>中的属性动态判断dom元素的展示方式。</li>
|
||||
<li>5. pageParams 属性说明:</li>
|
||||
<li>
|
||||
<table class="layui-table">
|
||||
<colgroup>
|
||||
@ -232,9 +233,9 @@
|
||||
</tbody>
|
||||
</table>
|
||||
</li>
|
||||
<li>5. 表单提交method为<b>POST</b></li>
|
||||
<li>6. form表单上添加<b>@submit.prevent="submitForm"</b>用于控制表单提交</li>
|
||||
<li>7. 表单具体内容如下表所示</li>
|
||||
<li>6. 表单提交method为<b>POST</b></li>
|
||||
<li>7. form表单上添加<b>@submit.prevent="submitForm"</b>用于控制表单提交</li>
|
||||
<li>8. 表单具体内容如下表所示</li>
|
||||
<li>
|
||||
<table class="layui-table">
|
||||
<colgroup>
|
||||
@ -285,10 +286,13 @@
|
||||
</tbody>
|
||||
</table>
|
||||
</li>
|
||||
<li>8. 图形验证码的地址为:<b>oauth/verification-code/png</b></li>
|
||||
<li>9. 提交按钮固定写法
|
||||
<li>9. 图形验证码的地址为:<b>oauth/verification-code/png</b></li>
|
||||
<li>10. 提交按钮固定写法
|
||||
<xmp><button type="submit" lay-submit>登 录</button></xmp>
|
||||
</li>
|
||||
<li>11. 表单中必须添加隐藏验证参数,否则将无法登录系统
|
||||
<xmp><input type="hidden" name="referToken" v-model="formData.referToken"/></xmp>
|
||||
</li>
|
||||
</ul>
|
||||
</blockquote>
|
||||
<div class="layui-row layui-col-space15">
|
||||
|
||||
@ -122,10 +122,11 @@
|
||||
</div>
|
||||
<blockquote class="layui-elem-quote">
|
||||
<ul>
|
||||
<li>1. form表单代码:表单的HTML代码。</li>
|
||||
<li>2. form表单样式:表单的CSS代码。</li>
|
||||
<li>3. dom节点的条件判断使用vue判断,根据<b>pageParams</b>中的属性动态判断dom元素的展示方式。</li>
|
||||
<li>4. pageParams 属性说明:</li>
|
||||
<li>1. form表单的ID为:<b>loginForm</b></li>
|
||||
<li>2. form表单代码:表单的HTML代码。</li>
|
||||
<li>3. form表单样式:表单的CSS代码。</li>
|
||||
<li>4. dom节点的条件判断使用vue判断,根据<b>pageParams</b>中的属性动态判断dom元素的展示方式。</li>
|
||||
<li>5. pageParams 属性说明:</li>
|
||||
<li>
|
||||
<table class="layui-table">
|
||||
<colgroup>
|
||||
@ -232,9 +233,9 @@
|
||||
</tbody>
|
||||
</table>
|
||||
</li>
|
||||
<li>5. 表单提交method为<b>POST</b></li>
|
||||
<li>6. form表单上添加<b>@submit.prevent="submitForm"</b>用于控制表单提交</li>
|
||||
<li>7. 表单具体内容如下表所示</li>
|
||||
<li>6. 表单提交method为<b>POST</b></li>
|
||||
<li>7. form表单上添加<b>@submit.prevent="submitForm"</b>用于控制表单提交</li>
|
||||
<li>8. 表单具体内容如下表所示</li>
|
||||
<li>
|
||||
<table class="layui-table">
|
||||
<colgroup>
|
||||
@ -285,10 +286,13 @@
|
||||
</tbody>
|
||||
</table>
|
||||
</li>
|
||||
<li>8. 图形验证码的地址为:<b>oauth/verification-code/png</b></li>
|
||||
<li>9. 提交按钮固定写法
|
||||
<li>9. 图形验证码的地址为:<b>oauth/verification-code/png</b></li>
|
||||
<li>10. 提交按钮固定写法
|
||||
<xmp><button type="submit" lay-submit>登 录</button></xmp>
|
||||
</li>
|
||||
<li>11. 表单中必须添加隐藏验证参数,否则将无法登录系统
|
||||
<xmp><input type="hidden" name="referToken" v-model="formData.referToken"/></xmp>
|
||||
</li>
|
||||
</ul>
|
||||
</blockquote>
|
||||
<div class="layui-row layui-col-space15">
|
||||
|
||||
Loading…
Reference in New Issue
Block a user