liuyiliang
/
ccic-backend
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

exam工程演示代码提交

Browse Source
main
liuyiliang 5 months ago
parent 26b103987a
commit fd366b2f1e
18 changed files with 1788 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      ccic-exam/.gitignore
  2. 190
      ccic-exam/pom.xml
  3. 13
      ccic-exam/src/main/java/com/ccic/safeliab/ExamApplication.java
  4. 9
      ccic-exam/src/main/java/com/ccic/safeliab/dao/DemoMapper.java
  5. 102
      ccic-exam/src/main/java/com/ccic/safeliab/filter/RedisConfiguration.java
  6. 588
      ccic-exam/src/main/java/com/ccic/safeliab/filter/RedisUtil.java
  7. 69
      ccic-exam/src/main/java/com/ccic/safeliab/filter/TokenAuthenticationFilter.java
  8. 21
      ccic-exam/src/main/java/com/ccic/safeliab/service/DemoService.java
  9. 26
      ccic-exam/src/main/java/com/ccic/safeliab/service/DemoServiceImpl.java
  10. 13
      ccic-exam/src/main/java/com/ccic/safeliab/support/Condition.java
  11. 6
      ccic-exam/src/main/java/com/ccic/safeliab/vo/InsDemoVO.java
  12. 31
      ccic-exam/src/main/java/com/ccic/safeliab/web/DemoController.java
  13. 539
      ccic-exam/src/main/resources/ESAPI.properties
  14. 40
      ccic-exam/src/main/resources/META-INF/MANIFEST.MF
  15. 41
      ccic-exam/src/main/resources/application.yml.txt
  16. 58
      ccic-exam/src/main/resources/bootstrap.yml
  17. 4
      ccic-exam/src/main/resources/mappers/DemoMapper.xml
  18. 28
      ccic-exam/src/main/resources/validation.properties

10
ccic-exam/.gitignore vendored
Unescape View File

@ -0,0 +1,10 @@
#windows
.idea
target
ccic-exam.iml
*.log
#屏蔽配置文件
src/test/java/demo/CodeGenerator.java
src/main/resources/dev.application.yml
#mac
.DS_Store

190
ccic-exam/pom.xml
Unescape View File

@ -0,0 +1,190 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<artifactId>ccic-emam</artifactId>
<version>1.0-SNAPSHOT</version>
<parent>
<groupId>com.ccic.safeliab</groupId>
<artifactId>cloud-dependencies</artifactId>
<version>1.0</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<dependencies>
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>2.3-ccic</version>
</dependency>
<!--nacos-config-->
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId>
</dependency>
<!--nacos-discovery-->
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
</dependency>
<dependency>
<groupId>com.ccic.safeliab</groupId>
<artifactId>cloud-starter</artifactId>
<version>1.0</version>
</dependency>
<dependency>
<groupId>com.ccic.safeliab</groupId>
<artifactId>ccic-entity</artifactId>
<version>1.0-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-undertow</artifactId>
</dependency>
<dependency>
<groupId>io.undertow</groupId>
<artifactId>undertow-servlet</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
</dependency>
<!--base项目依赖-->
<!--<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>1.1.1</version>
</dependency>-->
<!--<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
</dependency>-->
<!-- velocity 模板引擎, Mybatis Plus 代码生成器需要 -->
<dependency>
<groupId>org.apache.velocity</groupId>
<artifactId>velocity-engine-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>com.zaxxer</groupId>
<artifactId>HikariCP</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.kingbase8</groupId>
<artifactId>kingbase8</artifactId>
<version>8.6.0</version>
</dependency>
<dependency>
<groupId>org.owasp.esapi</groupId>
<artifactId>esapi</artifactId>
<version>2.2.0.0</version>
</dependency>
<dependency>
<groupId>org.jsoup</groupId>
<artifactId>jsoup</artifactId>
<version>1.9.2</version>
</dependency>
<dependency>
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
<version>1.4.01</version>
</dependency>
<dependency>
<groupId>com.bes.appserv-web</groupId>
<artifactId>bes-lite-spring-boot-2.x-starter</artifactId>
<version>9.5.2.008</version>
</dependency>
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-all</artifactId>
<version>5.7.16</version>
</dependency>
<!--redis 一主二从哨兵模式需要 连接池依赖-->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>

13
ccic-exam/src/main/java/com/ccic/safeliab/ExamApplication.java
Unescape View File

@ -0,0 +1,13 @@
package com.ccic.safeliab;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class ExamApplication {
public static void main(String[] args) {
SpringApplication.run(ExamApplication.class, args);
}
}

9
ccic-exam/src/main/java/com/ccic/safeliab/dao/DemoMapper.java
Unescape View File

@ -0,0 +1,9 @@
package com.ccic.safeliab.dao;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import com.ccic.safeliab.entity.InsDemo;
import org.apache.ibatis.annotations.Mapper;
@Mapper
public interface DemoMapper extends BaseMapper<InsDemo> {
}

102
ccic-exam/src/main/java/com/ccic/safeliab/filter/RedisConfiguration.java
Unescape View File

@ -0,0 +1,102 @@
package com.ccic.safeliab.filter;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.annotation.PropertyAccessor;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.jsontype.impl.LaissezFaireSubTypeValidator;
import io.lettuce.core.ReadFrom;
import org.springframework.boot.autoconfigure.data.redis.RedisProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.connection.RedisSentinelConfiguration;
import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
import org.springframework.data.redis.connection.lettuce.LettucePoolingClientConfiguration;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
import org.springframework.data.redis.serializer.StringRedisSerializer;
import java.text.SimpleDateFormat;
import java.util.HashSet;
/**
* @author 89524
* @ClassName RedisConfiguration
* @description: TODO redis哨兵配置
* @date 2023年09月18日
* @version: 1.0
*/
@Configuration
public class RedisConfiguration {
/**
* 配置redis序列化json
*
* @param redisConnectionFactory
* @return
*/
@Bean
@Primary //若有相同类型的Bean时,优先使用此注解标注的Bean
public RedisTemplate<String, Object> redisTemplate(RedisConnectionFactory redisConnectionFactory) {
// 为了开发方便,一般直接使用<String, Object>
RedisTemplate<String, Object> template = new RedisTemplate<>();
template.setConnectionFactory(redisConnectionFactory);
// 配置具体的序列化方式
// JSON解析任意对象
Jackson2JsonRedisSerializer jackson2JsonRedisSerializer = new Jackson2JsonRedisSerializer(Object.class);
ObjectMapper om = new ObjectMapper();
// 指定要序列化的域,field,get和set,以及修饰符范围,ANY是都有包括private和public
om.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.ANY);
// 指定序列化输入的类型,类必须是非final修饰的,final修饰的类,比如String,Integer等会跑出异常
om.activateDefaultTyping(LaissezFaireSubTypeValidator.instance, ObjectMapper.DefaultTyping.NON_FINAL);
// 设置日期格式
om.setDateFormat(new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"));
jackson2JsonRedisSerializer.setObjectMapper(om);
// String的序列化
StringRedisSerializer stringRedisSerializer = new StringRedisSerializer();
//key采用String的序列化
template.setKeySerializer(stringRedisSerializer);
//hash的key也采用String的序列化
template.setHashKeySerializer(stringRedisSerializer);
//value的序列化方式采用jackson
template.setValueSerializer(jackson2JsonRedisSerializer);
//hash的value序列化方式采用jackson
template.setHashValueSerializer(jackson2JsonRedisSerializer);
//设置所有配置
template.afterPropertiesSet();
return template;
}
/**
* 配置读写分离 redis没有放开集群配置没用会报错!
* @param redisProperties
* @return
*/
/*@Bean
public RedisConnectionFactory lettuceConnectionFactory(RedisProperties redisProperties) {
// 配置哨兵节点以及主节点
RedisSentinelConfiguration redisSentinelConfiguration = new RedisSentinelConfiguration(
redisProperties.getSentinel().getMaster(), new HashSet<>(redisProperties.getSentinel().getNodes())
);
// 配置读写分离
LettucePoolingClientConfiguration lettuceClientConfiguration = LettucePoolingClientConfiguration.builder()
// 读写分离,这里的ReadFrom是配置Redis的读取策略,是一个枚举,包括下面选择
// MASTER 仅读取主节点
// MASTER_PREFERRED 优先读取主节点,如果主节点不可用,则读取从节点
// REPLICA_PREFERRED 优先读取从节点,如果从节点不可用,则读取主节点
// REPLICA 仅读取从节点
// NEAREST 从最近节点读取
// ANY 从任意一个从节点读取
.readFrom(ReadFrom.REPLICA_PREFERRED)
.build();
return new LettuceConnectionFactory(redisSentinelConfiguration, lettuceClientConfiguration);
}*/
}

588
ccic-exam/src/main/java/com/ccic/safeliab/filter/RedisUtil.java
Unescape View File

@ -0,0 +1,588 @@
package com.ccic.safeliab.filter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
@Component
public final class RedisUtil {
@Autowired
private RedisTemplate<String, Object> redisTemplate;
// =============================common============================
/**
* 指定缓存失效时间
*
* @param key
* @param time 时间()
*/
public boolean expire(String key, long time) {
try {
if (time > 0) {
redisTemplate.expire(key, time, TimeUnit.SECONDS);
}
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
/**
* 根据key 获取过期时间
*
* @param key 不能为null
* @return 时间() 返回0代表为永久有效
*/
public long getExpire(String key) {
return redisTemplate.getExpire(key, TimeUnit.SECONDS);
}
/**
* 判断key是否存在
*
* @param key
* @return true 存在 false不存在
*/
public boolean hasKey(String key) {
try {
return redisTemplate.hasKey(key);
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
/**
* 删除缓存
*
* @param key 可以传一个值 或多个
*/
@SuppressWarnings("unchecked")
public void del(String... key) {
if (key != null && key.length > 0) {
if (key.length == 1) {
redisTemplate.delete(key[0]);
} else {
redisTemplate.delete(CollectionUtils.arrayToList(key));
}
}
}
// ============================String=============================
/**
* 普通缓存获取
*
* @param key
* @return
*/
public Object get(String key) {
return key == null ? null : redisTemplate.opsForValue().get(key);
}
/**
* 普通缓存放入
*
* @param key
* @param value
* @return true成功 false失败
*/
public boolean set(String key, Object value) {
try {
redisTemplate.opsForValue().set(key, value);
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
/**
* 普通缓存放入并设置时间
*
* @param key
* @param value
* @param time 时间() time要大于0 如果time小于等于0 将设置无限期
* @return true成功 false 失败
*/
public boolean set(String key, Object value, long time) {
try {
if (time > 0) {
redisTemplate.opsForValue().set(key, value, time, TimeUnit.SECONDS);
} else {
set(key, value);
}
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
/**
* 递增
*
* @param key
* @param delta 要增加几(大于0)
*/
public long incr(String key, long delta) {
if (delta < 0) {
throw new RuntimeException("递增因子必须大于0");
}
return redisTemplate.opsForValue().increment(key, delta);
}
/**
* 递减
*
* @param key
* @param delta 要减少几(小于0)
*/
public long decr(String key, long delta) {
if (delta < 0) {
throw new RuntimeException("递减因子必须大于0");
}
return redisTemplate.opsForValue().increment(key, -delta);
}
// ================================Map=================================
/**
* HashGet
*
* @param key 不能为null
* @param item 不能为null
*/
public Object hget(String key, String item) {
return redisTemplate.opsForHash().get(key, item);
}
/**
* 获取hashKey对应的所有键值
*
* @param key
* @return 对应的多个键值
*/
public Map<Object, Object> hmget(String key) {
return redisTemplate.opsForHash().entries(key);
}
/**
* HashSet
*
* @param key
* @param map 对应多个键值
*/
public boolean hmset(String key, Map<String, Object> map) {
try {
redisTemplate.opsForHash().putAll(key, map);
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
/**
* HashSet 并设置时间
*
* @param key
* @param map 对应多个键值
* @param time 时间()
* @return true成功 false失败
*/
public boolean hmset(String key, Map<String, Object> map, long time) {
try {
redisTemplate.opsForHash().putAll(key, map);
if (time > 0) {
expire(key, time);
}
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
/**
* 向一张hash表中放入数据,如果不存在将创建
*
* @param key
* @param item
* @param value
* @return true 成功 false失败
*/
public boolean hset(String key, String item, Object value) {
try {
redisTemplate.opsForHash().put(key, item, value);
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
/**
* 向一张hash表中放入数据,如果不存在将创建
*
* @param key
* @param item
* @param value
* @param time 时间() 注意:如果已存在的hash表有时间,这里将会替换原有的时间
* @return true 成功 false失败
*/
public boolean hset(String key, String item, Object value, long time) {
try {
redisTemplate.opsForHash().put(key, item, value);
if (time > 0) {
expire(key, time);
}
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
/**
* 删除hash表中的值
*
* @param key 不能为null
* @param item 可以使多个 不能为null
*/
public void hdel(String key, Object... item) {
redisTemplate.opsForHash().delete(key, item);
}
/**
* 判断hash表中是否有该项的值
*
* @param key 不能为null
* @param item 不能为null
* @return true 存在 false不存在
*/
public boolean hHasKey(String key, String item) {
return redisTemplate.opsForHash().hasKey(key, item);
}
/**
* hash递增 如果不存在,就会创建一个 并把新增后的值返回
*
* @param key
* @param item
* @param by 要增加几(大于0)
*/
public double hincr(String key, String item, double by) {
return redisTemplate.opsForHash().increment(key, item, by);
}
/**
* hash递减
*
* @param key
* @param item
* @param by 要减少记(小于0)
*/
public double hdecr(String key, String item, double by) {
return redisTemplate.opsForHash().increment(key, item, -by);
}
// ============================set=============================
/**
* 根据key获取Set中的所有值
*
* @param key
*/
public Set<Object> sGet(String key) {
try {
return redisTemplate.opsForSet().members(key);
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
/**
* 根据value从一个set中查询,是否存在
*
* @param key
* @param value
* @return true 存在 false不存在
*/
public boolean sHasKey(String key, Object value) {
try {
return redisTemplate.opsForSet().isMember(key, value);
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
/**
* 将数据放入set缓存
*
* @param key
* @param values 可以是多个
* @return 成功个数
*/
public long sSet(String key, Object... values) {
try {
return redisTemplate.opsForSet().add(key, values);
} catch (Exception e) {
e.printStackTrace();
return 0;
}
}
/**
* 将set数据放入缓存
*
* @param key
* @param time 时间()
* @param values 可以是多个
* @return 成功个数
*/
public long sSetAndTime(String key, long time, Object... values) {
try {
Long count = redisTemplate.opsForSet().add(key, values);
if (time > 0)
expire(key, time);
return count;
} catch (Exception e) {
e.printStackTrace();
return 0;
}
}
/**
* 获取set缓存的长度
*
* @param key
*/
public long sGetSetSize(String key) {
try {
return redisTemplate.opsForSet().size(key);
} catch (Exception e) {
e.printStackTrace();
return 0;
}
}
/**
* 移除值为value的
*
* @param key
* @param values 可以是多个
* @return 移除的个数
*/
public long setRemove(String key, Object... values) {
try {
Long count = redisTemplate.opsForSet().remove(key, values);
return count;
} catch (Exception e) {
e.printStackTrace();
return 0;
}
}
// ===============================list=================================
/**
* 获取list缓存的内容
*
* @param key
* @param start 开始
* @param end 结束 0 -1代表所有值
*/
public List<Object> lGet(String key, long start, long end) {
try {
return redisTemplate.opsForList().range(key, start, end);
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
/**
* 获取list缓存的长度
*
* @param key
*/
public long lGetListSize(String key) {
try {
return redisTemplate.opsForList().size(key);
} catch (Exception e) {
e.printStackTrace();
return 0;
}
}
/**
* 通过索引 获取list中的值
*
* @param key
* @param index 索引 index>=0时 0 表头1 第二个元素依次类推index<0时-1表尾-2倒数第二个元素依次类推
*/
public Object lGetIndex(String key, long index) {
try {
return redisTemplate.opsForList().index(key, index);
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
/**
* 将list放入缓存
*
* @param key
* @param value
*/
public boolean lSet(String key, Object value) {
try {
redisTemplate.opsForList().rightPush(key, value);
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
/**
* 将list放入缓存
*
* @param key
* @param value
* @param time 时间()
*/
public boolean lSet(String key, Object value, long time) {
try {
redisTemplate.opsForList().rightPush(key, value);
if (time > 0)
expire(key, time);
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
/**
* 将list放入缓存
*
* @param key
* @param value
* @return
*/
public boolean lSet(String key, List<Object> value) {
try {
redisTemplate.opsForList().rightPushAll(key, value);
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
/**
* 将list放入缓存
*
* @param key
* @param value
* @param time 时间()
* @return
*/
public boolean lSet(String key, List<Object> value, long time) {
try {
redisTemplate.opsForList().rightPushAll(key, value);
if (time > 0)
expire(key, time);
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
/**
* 根据索引修改list中的某条数据
*
* @param key
* @param index 索引
* @param value
* @return
*/
public boolean lUpdateIndex(String key, long index, Object value) {
try {
redisTemplate.opsForList().set(key, index, value);
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
/**
* 移除N个值为value
*
* @param key
* @param count 移除多少个
* @param value
* @return 移除的个数
*/
public long lRemove(String key, long count, Object value) {
try {
Long remove = redisTemplate.opsForList().remove(key, count, value);
return remove;
} catch (Exception e) {
e.printStackTrace();
return 0;
}
}
}

69
ccic-exam/src/main/java/com/ccic/safeliab/filter/TokenAuthenticationFilter.java
Unescape View File

@ -0,0 +1,69 @@
package com.ccic.safeliab.filter;
import com.ccic.safeliab.util.JwtUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class TokenAuthenticationFilter extends OncePerRequestFilter {
@Autowired
private RedisUtil redisUtil;
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
//加入支持token的请求头
/*HeaderMapRequestWrapper requestWrapper = new HeaderMapRequestWrapper(httpServletRequest);
requestWrapper.addHeader("Access-Control-Allow-Headers", "content-type,token");*/
//System.out.println("经过了此过滤器");
String uri = httpServletRequest.getRequestURI();
if (uri.indexOf("login") > 0 || uri.indexOf("getWorkId") > 0 || uri.indexOf("userLogin") > 0
|| uri.indexOf("userWxLogin") > 0 || uri.indexOf("demo") > 0) {
filterChain.doFilter(httpServletRequest, httpServletResponse);
return;
}
// String token = httpServletRequest.getHeader("token");
// if (token == null || token == "") {
// httpServletResponse.sendError(5000);
// return;
// }
// if (!JwtUtils.checkToken(token)) {
// httpServletResponse.sendError(5001);
// return;
// }
// filterChain.doFilter(httpServletRequest, httpServletResponse);
String token = httpServletRequest.getHeader("token");
if (token == null || token == "") {
httpServletResponse.sendError(5000);
return;
}
//判断token是否失效
if (!JwtUtils.checkToken(token)) {
httpServletResponse.sendError(5001);
return;
}
//判断token是否注销
String organType = JwtUtils.getMemberIdByJwtToken(httpServletRequest, "organType");
if (!StringUtils.isEmpty(organType) && "1".equals(organType)) {
String userId = JwtUtils.getMemberIdByJwtToken(httpServletRequest, "id");
if (!redisUtil.hasKey(userId)) {
httpServletResponse.sendError(5001);
return;
}
}
filterChain.doFilter(httpServletRequest, httpServletResponse);
}
}

21
ccic-exam/src/main/java/com/ccic/safeliab/service/DemoService.java
Unescape View File

@ -0,0 +1,21 @@
package com.ccic.safeliab.service;
import com.baomidou.mybatisplus.extension.service.IService;
import com.ccic.safeliab.entity.*;
import com.ccic.safeliab.vo.InsDemoVO;
import java.util.List;
import java.util.Map;
/**
* <p>
* </p>
*
* @author testjava
* @since 2022-11-03
*/
public interface DemoService extends IService<InsDemo> {
// List<InsDemo> find(InsDemoVO insDemoVO);
}

26
ccic-exam/src/main/java/com/ccic/safeliab/service/DemoServiceImpl.java
Unescape View File

@ -0,0 +1,26 @@
package com.ccic.safeliab.service;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.ccic.safeliab.dao.DemoMapper;
import com.ccic.safeliab.entity.*;
import com.ccic.safeliab.support.Condition;
import com.ccic.safeliab.vo.InsDemoVO;
import org.springframework.stereotype.Service;
import java.util.List;
/**
* <p>
* </p>
*
* @author testjava
* @since 2022-11-03
*/
@Service
public class DemoServiceImpl extends ServiceImpl<DemoMapper, InsDemo> implements DemoService {
// @Override
// public List<InsDemo> find(InsDemoVO insDemoVO) {
// return baseMapper.selectList(Condition.getQueryWrapper(insDemoVO));
// }
}

13
ccic-exam/src/main/java/com/ccic/safeliab/support/Condition.java
Unescape View File

@ -0,0 +1,13 @@
package com.ccic.safeliab.support;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
public class Condition {
public Condition() {
}
public static <T> QueryWrapper<T> getQueryWrapper(T entity) {
return new QueryWrapper(entity);
}
}

6
ccic-exam/src/main/java/com/ccic/safeliab/vo/InsDemoVO.java
Unescape View File

@ -0,0 +1,6 @@
package com.ccic.safeliab.vo;
import com.ccic.safeliab.entity.InsDemo;
public class InsDemoVO extends InsDemo {
}

31
ccic-exam/src/main/java/com/ccic/safeliab/web/DemoController.java
Unescape View File

@ -0,0 +1,31 @@
package com.ccic.safeliab.web;
import com.ccic.safeliab.service.DemoService;
import com.ccic.safeliab.support.Condition;
import com.ccic.safeliab.util.R;
import com.ccic.safeliab.vo.InsDemoVO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/demo")
public class DemoController {
@Autowired
private DemoService service;
@GetMapping("/test")
public R test() {
return R.ok().data("success.");
}
@GetMapping("/list")
public R findList() {
InsDemoVO insDemoVO = new InsDemoVO();
return R.ok().data(service.list(Condition.getQueryWrapper(insDemoVO)));
}
}

539
ccic-exam/src/main/resources/ESAPI.properties
Unescape View File

@ -0,0 +1,539 @@
#
# OWASP Enterprise Security API (ESAPI) Properties file -- PRODUCTION Version
#
# This file is part of the Open Web Application Security Project (OWASP)
# Enterprise Security API (ESAPI) project. For details, please see
# https://owasp.org/www-project-enterprise-security-api/
#
# Copyright (c) 2008,2009 - The OWASP Foundation
#
# DISCUSS: This may cause a major backwards compatibility issue, etc. but
# from a name space perspective, we probably should have prefaced
# all the property names with ESAPI or at least OWASP. Otherwise
# there could be problems is someone loads this properties file into
# the System properties. We could also put this file into the
# esapi.jar file (perhaps as a ResourceBundle) and then allow an external
# ESAPI properties be defined that would overwrite these defaults.
# That keeps the application's properties relatively simple as usually
# they will only want to override a few properties. If looks like we
# already support multiple override levels of this in the
# DefaultSecurityConfiguration class, but I'm suggesting placing the
# defaults in the esapi.jar itself. That way, if the jar is signed,
# we could detect if those properties had been tampered with. (The
# code to check the jar signatures is pretty simple... maybe 70-90 LOC,
# but off course there is an execution penalty (similar to the way
# that the separate sunjce.jar used to be when a class from it was
# first loaded). Thoughts?
###############################################################################
#
# WARNING: Operating system protection should be used to lock down the .esapi
# resources directory and all the files inside and all the directories all the
# way up to the root directory of the file system. Note that if you are using
# file-based implementations, that some files may need to be read-write as they
# get updated dynamically.
#
#===========================================================================
# ESAPI Configuration
#
# If true, then print all the ESAPI properties set here when they are loaded.
# If false, they are not printed. Useful to reduce output when running JUnit tests.
# If you need to troubleshoot a properties related problem, turning this on may help.
# This is 'false' in the src/test/resources/.esapi version. It is 'true' by
# default for reasons of backward compatibility with earlier ESAPI versions.
ESAPI.printProperties=true
# ESAPI is designed to be easily extensible. You can use the reference implementation
# or implement your own providers to take advantage of your enterprise's security
# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
#
# String ciphertext =
# ESAPI.encryptor().encrypt("Secret message"); // Deprecated in 2.0
# CipherText cipherText =
# ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
#
# Below you can specify the classname for the provider that you wish to use in your
# application. The only requirement is that it implement the appropriate ESAPI interface.
# This allows you to switch security implementations in the future without rewriting the
# entire application.
#
# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
# FileBasedAuthenticator requires users.txt file in .esapi directory
ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
# Note that this is now considered deprecated!
#ESAPI.Logger=org.owasp.esapi.logging.log4j.Log4JLogFactory
ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory
# To use the new SLF4J logger in ESAPI (see GitHub issue #129), set
# ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory
# and do whatever other normal SLF4J configuration that you normally would do for your application.
ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
#===========================================================================
# ESAPI Authenticator
#
Authenticator.AllowedLoginAttempts=3
#Authenticator.MaxOldPasswordHashes=13
Authenticator.UsernameParameterName=username
#Authenticator.PasswordParameterName=password
# RememberTokenDuration (in days)
Authenticator.RememberTokenDuration=14
# Session Timeouts (in minutes)
Authenticator.IdleTimeoutDuration=20
Authenticator.AbsoluteTimeoutDuration=120
#===========================================================================
# ESAPI Encoder
#
# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
# Failure to canonicalize input is a very common mistake when implementing validation schemes.
# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
# following code to canonicalize data.
#
# ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
#
# Multiple encoding is when a single encoding format is applied multiple times. Allowing
# multiple encoding is strongly discouraged.
Encoder.AllowMultipleEncoding=false
# Mixed encoding is when multiple different encoding formats are applied, or when
# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
Encoder.AllowMixedEncoding=false
# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
#===========================================================================
# ESAPI Encryption
#
# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
# There is not currently any support for key rotation, so be careful when changing your key and salt as it
# will invalidate all signed, encrypted, and hashed data.
#
# WARNING: Not all combinations of algorithms and key lengths are supported.
# If you choose to use a key length greater than 128, you MUST download the
# unlimited strength policy files and install in the lib directory of your JRE/JDK.
# See http://java.sun.com/javase/downloads/index.jsp for more information.
#
# ***** IMPORTANT: Do NOT forget to replace these with your own values! *****
# To calculate these values, you can run:
# java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
#
#Encryptor.MasterKey=
#Encryptor.MasterSalt=
# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
# encryption and hashing. (That is it will look to this provider first, but it
# will defer to other providers if the requested algorithm is not implemented
# by this provider.) If left unset, ESAPI will just use your Java VM's current
# preferred JCE provider, which is generally set in the file
# "$JAVA_HOME/jre/lib/security/java.security".
#
# The main intent of this is to allow ESAPI symmetric encryption to be
# used with a FIPS 140-2 compliant crypto-module. For details, see the section
# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
# the ESAPI 2.0 Symmetric Encryption User Guide, at:
# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
# However, this property also allows you to easily use an alternate JCE provider
# such as "Bouncy Castle" without having to make changes to "java.security".
# See Javadoc for SecurityProviderLoader for further details. If you wish to use
# a provider that is not known to SecurityProviderLoader, you may specify the
# fully-qualified class name of the JCE provider class that implements
# java.security.Provider. If the name contains a '.', this is interpreted as
# a fully-qualified class name that implements java.security.Provider.
#
# NOTE: Setting this property has the side-effect of changing it in your application
# as well, so if you are using JCE in your application directly rather than
# through ESAPI (you wouldn't do that, would you? ;-), it will change the
# preferred JCE provider there as well.
#
# Default: Keeps the JCE provider set to whatever JVM sets it to.
Encryptor.PreferredJCEProvider=
# AES is the most widely used and strongest encryption algorithm. This
# should agree with your Encryptor.CipherTransformation property.
# Warning: This property does not control the default reference implementation for
# ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
# in the future.
# @deprecated
Encryptor.EncryptionAlgorithm=AES
# For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
# Applies to ESAPI 2.0 and later only!
# Comma-separated list of cipher modes that provide *BOTH*
# confidentiality *AND* message authenticity. (NIST refers to such cipher
# modes as "combined modes" so that's what we shall call them.) If any of these
# cipher modes are used then no MAC is calculated and stored
# in the CipherText upon encryption. Likewise, if one of these
# cipher modes is used with decryption, no attempt will be made
# to validate the MAC contained in the CipherText object regardless
# of whether it contains one or not. Since the expectation is that
# these cipher modes support support message authenticity already,
# injecting a MAC in the CipherText object would be at best redundant.
#
# Note that as of JDK 1.5, the SunJCE provider does not support *any*
# of these cipher modes. Of these listed, only GCM and CCM are currently
# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
# padding modes.
Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
# Applies to ESAPI 2.0 and later only!
# Additional cipher modes allowed for ESAPI 2.0 encryption. These
# cipher modes are in _addition_ to those specified by the property
# 'Encryptor.cipher_modes.combined_modes'.
# Note: We will add support for streaming modes like CFB & OFB once
# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
# (probably in ESAPI 2.1).
# DISCUSS: Better name?
Encryptor.cipher_modes.additional_allowed=CBC
# Default key size to use for cipher specified by Encryptor.EncryptionAlgorithm.
# Note that this MUST be a valid key size for the algorithm being used
# (as specified by Encryptor.EncryptionAlgorithm). So for example, if AES is used,
# it must be 128, 192, or 256. If DESede is chosen, then it must be either 112 or 168.
#
# Note that 128-bits is almost always sufficient and for AES it appears to be more
# somewhat more resistant to related key attacks than is 256-bit AES.)
#
# Defaults to 128-bits if left blank.
#
# NOTE: If you use a key size > 128-bits, then you MUST have the JCE Unlimited
# Strength Jurisdiction Policy files installed!!!
#
Encryptor.EncryptionKeyLength=128
# This is the _minimum_ key size (in bits) that we allow with ANY symmetric
# cipher for doing encryption. (There is no minimum for decryption.)
#
# Generally, if you only use one algorithm, this should be set the same as
# the Encryptor.EncryptionKeyLength property.
Encryptor.MinEncryptionKeyLength=128
# Because 2.x uses CBC mode by default, it requires an initialization vector (IV).
# (All cipher modes except ECB require an IV.) There are two choices: we can either
# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
# the IV does not need to be hidden from adversaries, it is important that the
# adversary not be allowed to choose it. Also, random IVs are generally much more
# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
# such as CFB and OFB use a different IV for each encryption with a given key so
# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
# uncomment the Encryptor.fixedIV.
#
# Valid values: random|fixed|specified 'specified' not yet implemented; planned for 2.3
# 'fixed' is deprecated as of 2.2
# and will be removed in 2.3.
Encryptor.ChooseIVMethod=random
# If you choose to use a fixed IV, then you must place a fixed IV here that
# is known to all others who are sharing your secret key. The format should
# be a hex string that is the same length as the cipher block size for the
# cipher algorithm that you are using. The following is an *example* for AES
# from an AES test vector for AES-128/CBC as described in:
# NIST Special Publication 800-38A (2001 Edition)
# "Recommendation for Block Cipher Modes of Operation".
# (Note that the block size for AES is 16 bytes == 128 bits.)
#
# @Deprecated -- fixed IVs are deprecated as of the 2.2 release and support
# will be removed in the next release (tentatively, 2.3).
# If you MUST use this, at least replace this IV with one
# that your legacy application was using.
Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
# Whether or not CipherText should use a message authentication code (MAC) with it.
# This prevents an adversary from altering the IV as well as allowing a more
# fool-proof way of determining the decryption failed because of an incorrect
# key being supplied. This refers to the "separate" MAC calculated and stored
# in CipherText, not part of any MAC that is calculated as a result of a
# "combined mode" cipher mode.
#
# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
# set this property to false. That is because ESAPI takes the master key and
# derives 2 keys from it--a key for the MAC and a key for encryption--and
# because ESAPI is not itself FIPS 140-2 verified such intermediary aterations
# to keys from FIPS approved sources would have the effect of making your FIPS
# approved key generation and thus your FIPS approved JCE provider unapproved!
# More details in
# documentation/esapi4java-core-2.0-readme-crypto-changes.html
# documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
# You have been warned.
Encryptor.CipherText.useMAC=true
# Whether or not the PlainText object may be overwritten and then marked
# eligible for garbage collection. If not set, this is still treated as 'true'.
Encryptor.PlainText.overwrite=true
# Do not use DES except in a legacy situations. 56-bit is way too small key size.
#Encryptor.EncryptionKeyLength=56
#Encryptor.MinEncryptionKeyLength=56
#Encryptor.EncryptionAlgorithm=DES
# TripleDES is considered strong enough for most purposes.
# Note: There is also a 112-bit version of DESede. Using the 168-bit version
# requires downloading the special jurisdiction policy from Sun.
#Encryptor.EncryptionKeyLength=168
#Encryptor.MinEncryptionKeyLength=112
#Encryptor.EncryptionAlgorithm=DESede
Encryptor.HashAlgorithm=SHA-512
Encryptor.HashIterations=1024
Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
Encryptor.DigitalSignatureKeyLength=1024
Encryptor.RandomAlgorithm=SHA1PRNG
Encryptor.CharacterEncoding=UTF-8
# This is the Pseudo Random Function (PRF) that ESAPI's Key Derivation Function
# (KDF) normally uses. Note this is *only* the PRF used for ESAPI's KDF and
# *not* what is used for ESAPI's MAC. (Currently, HmacSHA1 is always used for
# the MAC, mostly to keep the overall size at a minimum.)
#
# Currently supported choices for JDK 1.5 and 1.6 are:
# HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
# HmacSHA512 (512 bits).
# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
# the JDKs support it. See the ESAPI 2.0 Symmetric Encryption User Guide
# further details.
Encryptor.KDF.PRF=HmacSHA256
#===========================================================================
# ESAPI HttpUtilties
#
# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods
# protect against malicious data from attackers, such as unprintable characters, escaped characters,
# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
# headers, and CSRF tokens.
#
# Default file upload location (remember to escape backslashes with \)
HttpUtilities.UploadDir=C:\ESAPI\testUpload
HttpUtilities.UploadTempDir=C:\temp
# Force flags on cookies, if you use HttpUtilities to set cookies
HttpUtilities.ForceHttpOnlySession=false
HttpUtilities.ForceSecureSession=false
HttpUtilities.ForceHttpOnlyCookies=true
HttpUtilities.ForceSecureCookies=true
# Maximum size of HTTP header key--the validator regex may have additional values.
HttpUtilities.MaxHeaderNameSize=256
# Maximum size of HTTP header value--the validator regex may have additional values.
HttpUtilities.MaxHeaderValueSize=4096
# Maximum size of JSESSIONID for the application--the validator regex may have additional values.
HttpUtilities.HTTPJSESSIONIDLENGTH=50
# Maximum length of a URL (see https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers)
HttpUtilities.URILENGTH=2000
# Maximum length of a redirect
HttpUtilities.maxRedirectLength=512
# Maximum length for an http scheme
HttpUtilities.HTTPSCHEMELENGTH=10
# Maximum length for an http host
HttpUtilities.HTTPHOSTLENGTH=100
# Maximum length for an http path
HttpUtilities.HTTPPATHLENGTH=150
#Maximum length for a context path
HttpUtilities.contextPathLength=150
#Maximum length for an httpServletPath
HttpUtilities.HTTPSERVLETPATHLENGTH=100
#Maximum length for an http query parameter name
HttpUtilities.httpQueryParamNameLength=100
#Maximum length for an http query parameter -- old default was 2000, but that's the max length for a URL...
HttpUtilities.httpQueryParamValueLength=500
# File upload configuration
HttpUtilities.ApprovedUploadExtensions=.pdf,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.rtf,.txt,.jpg,.png
HttpUtilities.MaxUploadFileBytes=500000000
# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
# container, and any other technologies you may be using. Failure to do this may expose you
# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
HttpUtilities.ResponseContentType=text/html; charset=UTF-8
# This is the name of the cookie used to represent the HTTP session
# Typically this will be the default "JSESSIONID"
HttpUtilities.HttpSessionIdName=JSESSIONID
#Sets whether or not we will overwrite http status codes to 200.
HttpUtilities.OverwriteStatusCodes=true
#Sets the application's base character encoding. This is forked from the Java Encryptor property.
HttpUtilities.CharacterEncoding=UTF-8
#===========================================================================
# ESAPI Executor
# CHECKME - This should be made OS independent. Don't use unsafe defaults.
# # Examples only -- do NOT blindly copy!
# For Windows:
# Executor.WorkingDirectory=C:\Windows\Temp
# Executor.ApprovedExecutables=C:\Windows\System32\cmd.exe,C:\Windows\System32\runas.exe
# For *nux, MacOS:
# Executor.WorkingDirectory=/tmp
# Executor.ApprovedExecutables=/bin/bash
Executor.WorkingDirectory=
Executor.ApprovedExecutables=
#===========================================================================
# ESAPI Logging
# Set the application name if these logs are combined with other applications
Logger.ApplicationName=ExampleApplication
# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
Logger.LogEncodingRequired=false
# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
Logger.LogApplicationName=true
# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
Logger.LogServerIP=true
# Determines whether ESAPI should log the user info.
Logger.UserInfo=true
# Determines whether ESAPI should log the session id and client IP.
Logger.ClientInfo=true
#===========================================================================
# ESAPI Intrusion Detection
#
# Each event has a base to which .count, .interval, and .action are added
# The IntrusionException will fire if we receive "count" events within "interval" seconds
# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
# (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
#
# Custom Events
# Names must start with "event." as the base
# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
# You can also disable intrusion detection completely by changing
# the following parameter to true
#
IntrusionDetector.Disable=false
#
IntrusionDetector.event.test.count=2
IntrusionDetector.event.test.interval=10
IntrusionDetector.event.test.actions=disable,log
# Exception Events
# All EnterpriseSecurityExceptions are registered automatically
# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
# Use the fully qualified classname of the exception as the base
# any intrusion is an attack
IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
# for test purposes
# CHECKME: Shouldn't there be something in the property name itself that designates
# that these are for testing???
IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
# rapid validation errors indicate scans or attacks in progress
# org.owasp.esapi.errors.ValidationException.count=10
# org.owasp.esapi.errors.ValidationException.interval=10
# org.owasp.esapi.errors.ValidationException.actions=log,logout
# sessions jumping between hosts indicates session hijacking
IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
#===========================================================================
# ESAPI Validation
#
# The ESAPI Validator works on regular expressions with defined names. You can define names
# either here, or you may define application specific patterns in a separate file defined below.
# This allows enterprises to specify both organizational standards as well as application specific
# validation rules.
#
# Use 'p{L}' (without the quotes) within the character class to match
# any Unicode LETTER. You can also use a range, like: u00C0-u017F
# You can also use any of the regex flags as documented at
# https://docs.oracle.com/javase/tutorial/essential/regex/pattern.html, e.g. (?u)
#
Validator.ConfigurationFile=validation.properties
# Validators used by ESAPI
Validator.AccountName=^[a-zA-Z0-9]{3,20}$
Validator.SystemCommand=^[a-zA-Z\-\/]{1,64}$
Validator.RoleName=^[a-z]{1,20}$
#the word TEST below should be changed to your application
#name - only relative URL's are supported
Validator.Redirect=^\/test.*$
# Global HTTP Validation Rules
# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9/+=]
Validator.HTTPScheme=^(http|https)$
Validator.HTTPServerName=^[a-zA-Z0-9_.\-]*$
Validator.HTTPCookieName=^[a-zA-Z0-9\-_]{1,32}$
Validator.HTTPCookieValue=^[a-zA-Z0-9\-\/+=_ ]*$
# Note that headerName and Value length is also configured in the HTTPUtilities section
Validator.HTTPHeaderName=^[a-zA-Z0-9\-_]{1,256}$
Validator.HTTPHeaderValue=^[a-zA-Z0-9()\-=\*\.\?;,+\/:&_ ]*$
Validator.HTTPServletPath=^[a-zA-Z0-9.\-\/_]*$
Validator.HTTPPath=^[a-zA-Z0-9.\-_]*$
Validator.HTTPURL=^.*$
Validator.HTTPJSESSIONID=^[A-Z0-9]{10,32}$
# Contributed by Fraenku@gmx.ch
# Github Issue 126 https://github.com/ESAPI/esapi-java-legacy/issues/126
Validator.HTTPParameterName=^[a-zA-Z0-9_\-]{1,32}$
Validator.HTTPParameterValue=^[-\p{L}\p{N}./+=_ !$*?@]{0,1000}$
Validator.HTTPContextPath=^/[a-zA-Z0-9.\-_]*$
Validator.HTTPQueryString=^([a-zA-Z0-9_\-]{1,32}=[\p{L}\p{N}.\-/+=_ !$*?@%]*&?)*$
Validator.HTTPURI=^/([a-zA-Z0-9.\-_]*/?)*$
# Validation of file related input
Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\[\]()_+\-=,.~'` ]{1,255}$
Validator.DirectoryName=^[a-zA-Z0-9:/\\!@#$%^&{}\[\]()_+\-=,.~'` ]{1,255}$
# Validation of dates. Controls whether or not 'lenient' dates are accepted.
# See DataFormat.setLenient(boolean flag) for further details.
Validator.AcceptLenientDates=false
# ~~~~~ Important Note ~~~~~
# This is a workaround to make sure that a commit to address GitHub issue #509
# doesn't accidentally break someone's production code. So essentially what we
# are doing is to reverting back to the previous possibly buggy (by
# documentation intent at least), but, by now, expected legacy behavior.
# Prior to the code changes for issue #509, if invalid / malicious HTML input was
# observed, AntiSamy would simply attempt to sanitize (cleanse) it and it would
# only be logged. However, the code change made ESAPI comply with its
# documentation, which stated that a ValidationException should be thrown in
# such cases. Unfortunately, changing this behavior--especially when no one is
# 100% certain that the documentation was correct--could break existing code
# using ESAPI so after a lot of debate, issue #521 was created to restore the
# previous behavior, but still allow the documented behavior. (We did this
# because it wasn't really causing an security issues since AntiSamy would clean
# it up anyway and we value backward compatibility as long as it doesn't clearly
# present security vulnerabilities.)
# More defaults about this are written up under GitHub issue #521 and
# the pull request it references. Future major releases of ESAPI (e.g., ESAPI 3.x)
# will not support this previous behavior, but it will remain for ESAPI 2.x.
# Set this to 'throw' if you want the originally intended behavior of throwing
# that was fixed via issue #509. Set to 'clean' if you want want the HTML input
# sanitized instead.
#
# Possible values:
# clean -- Use the legacy behavior where unsafe HTML input is logged and the
# sanitized (i.e., clean) input as determined by AntiSamy and your
# AntiSamy rules is returned. This is the default behavior if this
# new property is not found.
# throw -- The new, presumably correct and originally intended behavior where
# a ValidationException is thrown when unsafe HTML input is
# encountered.
#
#Validator.HtmlValidationAction=clean
Validator.HtmlValidationAction=throw
# With the fix for #310 to enable loading antisamy-esapi.xml from the classpath
# also an enhancement was made to be able to use a different filename for the configuration.
# You don't have to configure the filename here, but in that case the code will keep looking for antisamy-esapi.xml.
# This is the default behaviour of ESAPI.
#
#Validator.HtmlValidationConfigurationFile=antisamy-esapi.xml

40
ccic-exam/src/main/resources/META-INF/MANIFEST.MF
Unescape View File

@ -0,0 +1,40 @@
Manifest-Version: 1.0
Class-Path: tomcat-embed-core-9.0.46.jar undertow-servlet-2.1.7.Final.
jar spring-webmvc-5.2.15.RELEASE.jar spring-boot-starter-data-redis-2
.3.12.RELEASE.jar jakarta.annotation-api-1.3.5.jar netty-common-4.1.6
5.Final.jar undertow-websockets-jsr-2.1.7.Final.jar jackson-annotatio
ns-2.11.4.jar log4j-to-slf4j-2.13.3.jar spring-boot-starter-logging-2
.3.12.RELEASE.jar jackson-core-2.11.4.jar netty-codec-4.1.65.Final.ja
r spring-data-keyvalue-2.3.9.RELEASE.jar spring-boot-autoconfigure-2.
3.12.RELEASE.jar spring-boot-starter-jdbc-2.3.12.RELEASE.jar mybatis-
spring-boot-autoconfigure-1.1.1.jar spring-web-5.2.15.RELEASE.jar jbo
ss-logging-3.4.2.Final.jar spring-core-5.2.15.RELEASE.jar spring-bean
s-5.2.15.RELEASE.jar xnio-api-3.8.0.Final.jar reactive-streams-1.0.3.
jar javax.servlet-api-4.0.1.jar spring-data-commons-2.3.9.RELEASE.jar
logback-core-1.2.3.jar jackson-databind-2.11.4.jar mybatis-spring-1.
3.0.jar jakarta.servlet-api-4.0.4.jar spring-boot-2.3.12.RELEASE.jar
xnio-nio-3.8.0.Final.jar spring-context-support-5.2.15.RELEASE.jar un
dertow-core-2.1.7.Final.jar tomcat-embed-websocket-9.0.46.jar reactor
-core-3.3.17.RELEASE.jar spring-boot-starter-2.3.12.RELEASE.jar mysql
-connector-java-8.0.25.jar spring-jdbc-5.2.15.RELEASE.jar netty-resol
ver-4.1.65.Final.jar spring-boot-starter-json-2.3.12.RELEASE.jar spri
ng-boot-starter-tomcat-2.3.12.RELEASE.jar spring-boot-starter-underto
w-2.3.12.RELEASE.jar spring-oxm-5.2.15.RELEASE.jar spring-boot-config
uration-processor-2.3.12.RELEASE.jar mybatis-3.4.0.jar spring-boot-st
arter-web-2.3.12.RELEASE.jar jakarta.el-3.0.3.jar spring-data-redis-2
.3.9.RELEASE.jar spring-aop-5.2.15.RELEASE.jar netty-buffer-4.1.65.Fi
nal.jar jboss-annotations-api_1.3_spec-2.0.1.Final.jar slf4j-api-1.7.
30.jar jul-to-slf4j-1.7.30.jar spring-context-5.2.15.RELEASE.jar myba
tis-spring-boot-starter-1.1.1.jar fastjson-1.2.7.sec06.jar jboss-serv
let-api_4.0_spec-2.0.0.Final.jar netty-transport-4.1.65.Final.jar jbo
ss-threads-3.1.0.Final.jar spring-expression-5.2.15.RELEASE.jar Hikar
iCP-3.4.5.jar jackson-module-parameter-names-2.11.4.jar spring-tx-5.2
.15.RELEASE.jar wildfly-client-config-1.0.1.Final.jar jackson-datatyp
e-jdk8-2.11.4.jar logback-classic-1.2.3.jar jackson-datatype-jsr310-2
.11.4.jar jsqlparser-0.9.5.jar spring-jcl-5.2.15.RELEASE.jar cloud-st
arter-1.0.jar jboss-websocket-api_1.1_spec-2.0.0.Final.jar log4j-api-
2.13.3.jar pagehelper-4.1.6.jar netty-handler-4.1.65.Final.jar lettuc
e-core-5.3.7.RELEASE.jar snakeyaml-1.26.jar wildfly-common-1.5.2.Fina
l.jar
Main-Class: com.ccic.safeliab.ServerApplication

41
ccic-exam/src/main/resources/application.yml.txt
Unescape View File

@ -0,0 +1,41 @@
server:
port: 8086
spring:
application:
name: ccic-service
datasource:
driver-class-name: com.kingbase8.Driver
url: jdbc:kingbase8://kingbase01.safeliab.tsccic:54321/safeliabdb_dev?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull
username: safeliabbusi_dev
password: RJRDD7nbpF_Zgt5b
#password: 111111
#driver-class-name: com.kingbase8.Driver
#url: jdbc:kingbase8://120.46.153.78:54321/ccic?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull
#username: system
#password: system
#返回json的全局时间格式
jackson:
date-format: yyyy-MM-dd HH:mm:ss
time-zone: GMT+8
#环境设置:dev、test、prod
profiles:
active: dev
mybatis-plus:
mapperLocations: classpath:mappers/*.xml
type-aliases-package: com.cs.ccic.entity
configuration:
log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
logging:
level:
org.springframework.boot.autoconfigure: error
ccic:
api: http://ccic.dev-api.jeean.cn
business: http://ccic.dev-business.jeean.cn
#exportPdf: http://10.3.0.34:8083
exportPdf: http://120.46.153.78:8083
#business: http://localhost:8086
#api: http://localhost:8079

58
ccic-exam/src/main/resources/bootstrap.yml
Unescape View File

@ -0,0 +1,58 @@
spring:
redis:
database: 1
#password: zCJaN_xPL0jCei1y
password: MftT7ucfA5Zg_LdP
# redis哨兵配置
sentinel:
# 主节点名称
master: safeliabrescls
nodes:
- 10.3.88.7:16379
- 10.3.88.8:16379
- 10.3.88.9:16379
#- 10.3.3.5:16379
#- 10.3.3.6:16379
#- 10.3.3.7:16379
# 使用lettuce配置
lettuce:
pool:
# 连接池最大连接数(使用负值表示没有限制)
max-active: 200
# 连接池中的最大空闲连接
max-idle: 20
# 连接池中的最小空闲连接
min-idle: 5
# 连接池最大阻塞等待时间(使用负值表示没有限制)
max-wait: -1ms
application:
name: exam-server
profiles:
active: dev
cloud:
nacos:
#生产环境
server-addr: 172.16.10.156:8848
username: nacos
password: nacos
# password: ENC(uA9HhACj5oG53b3AhbLpkQ==)
#上面3项存在,就不需要在spring.cloud.nacos.discovery中再写
#上面3项存在,就不需要在spring.cloud.nacos.config中再写
# 注册
discovery:
group: ${spring.profiles.active}
#生产环境
namespace: safeliab-uat
# 配置
config:
server-addr: 172.16.10.156:8848
username: nacos
password: nacos
group: ${spring.profiles.active}
file-extension: yaml
#生产环境
namespace: safeliab-uat

4
ccic-exam/src/main/resources/mappers/DemoMapper.xml
Unescape View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.ccic.safeliab.dao.DemoMapper">
</mapper>

28
ccic-exam/src/main/resources/validation.properties
Unescape View File

@ -0,0 +1,28 @@
# The ESAPI validator does many security checks on input, such as canonicalization
# and whitelist validation. Note that all of these validation rules are applied *after*
# canonicalization. Double-encoded characters (even with different encodings involved,
# are never allowed.
#
# To use:
#
# First set up a pattern below. You can choose any name you want, prefixed by the word
# "Validation." For example:
# Validation.Email=^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[a-zA-Z]{2,4}$
#
# Then you can validate in your code against the pattern like this:
# ESAPI.validator().isValidInput("User Email", input, "Email", maxLength, allowNull);
# Where maxLength and allowNull are set for you needs, respectively.
#
# But note, when you use boolean variants of validation functions, you lose critical
# canonicalization. It is preferable to use the "get" methods (which throw exceptions) and
# and use the returned user input which is in canonical form. Consider the following:
#
# try {
# someObject.setEmail(ESAPI.validator().getValidInput("User Email", input, "Email", maxLength, allowNull));
#
Validator.SafeString=^[.\p{Alnum}\p{Space}]{0,1024}$
Validator.Email=^[A-Za-z0-9._%'-]+@[A-Za-z0-9.-]+\.[a-zA-Z]{2,4}$
Validator.IPAddress=^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
Validator.URL=^(ht|f)tp(s?)\:\/\/[0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*(:(0-9)*)*(\/?)([a-zA-Z0-9\-\.\?\,\:\'\/\\\+=&;%\$#_]*)?$
Validator.CreditCard=^(\d{4}[- ]?){3}\d{4}$
Validator.SSN=^(?!000)([0-6]\d{2}|7([0-6]\d|7[012]))([ -]?)(?!00)\d\d\3(?!0000)\d{4}$
Write Preview
Loading…
Cancel
Save