HW问题改动_PDS

口令禁止拷贝###

100M 限制上传文件###

数据库连接串，加密

String logUser = userAdmin.getName() ;
				String logIp = IPUtil.getIpAddr(request);
				String logEvent = "login";
				loginServie.addLogNote(0,logUser,logIp,logEvent);

String logUser = loginServie.getUserById( Integer.parseInt(request.getSession().getId())).getName();
		String logIp = IPUtil.getIpAddr(request);
		String logEvent = "login_out";
		loginServie.addLogNote(0,logUser,logIp,logEvent);

HttpServletRequest request

Integer userId = (Integer) request.getAttribute("userId");
		String logUser = userService.getUserById(userId).getName();
		String logIp = IPUtil.getIpAddr(request);
		String logEvent = "login";
		loginServie.addLogNote(0,logUser,logIp,logEvent);

拦截器 get/set atrribute "userId"


通过 atrribute "userId" 与 token 获取用户

Integer userId = (Integer) request.getSession().getAttribute(Constants.ADMIN_USER);
		String logUser = loginServie.getUserById(userId).getName();
		String logIp = IPUtil.getIpAddr(request);
		String logEvent = "TrainServer/goSelectCountry";
		loginServie.addLogNote(1,logUser,logIp,logEvent);

String logUser = (String) request.getSession().getAttribute("userName");

"[^0-9a-zA-Z\u4e00-\u9fa5]+";

String filepath = request.getSession().getServletContext().getRealPath("")+"/../"
					+ new PropertiesUtil("configmy.properties").getValue("TRAINDATA");

SecureRandom sr = new SecureRandom();
sr.nextInt(interval);//更安全的随机数，不同于math.radom()

过滤器
    

3. 如何验证过滤器是否生效，浏览器打开控制台，查看请求的response中是否有相应安全头

//参数校验开始
		String address = location.getAddress();
		String serverip = location.getServerip();
		String name = location.getServername();
		String port = String.valueOf(location.getServerport());
		boolean boolAdd = testMatch(address, "name");
		boolean boolIp = testMatch(serverip, "ip");
		boolean boolName = testMatch(name, "name");
		boolean boolPort = testMatch(port, "port");
		if (boolAdd&&boolIp&&boolName&&boolPort) {
			rs = locationMapper.insertSelective(location);
			if(rs > 0){
				return true;
			}
			else{
				return false;
			}
				
		}else{
			return false;
		}
		//参数校验结束

public boolean testMatch(String str, String type){
		if(type=="name"){
			String pattern = "^[\\w\\u4e00-\\u9fa5]+$";
			Pattern r = Pattern.compile(pattern);
			Matcher m = r.matcher(str);
			System.out.println(m.matches());
			return m.matches();
		}
		else if(type=="ip"){
			String pattern = "(25[0-5]|2[0-4]\\d|[0-1]\\d{2}|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|[0-1]\\d{2}|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|[0-1]\\d{2}|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|[0-1]\\d{2}|[1-9]?\\d)";
			Pattern r = Pattern.compile(pattern);
			Matcher m = r.matcher(str);
			System.out.println(m.matches());
			return m.matches();
		}
		else if(type=="port"){
			String pattern = "^([0-9]|[1-9]\\d|[1-9]\\d{2}|[1-9]\\d{3}|[1-5]\\d{4}|6[0-4]\\d{3}|65[0-4]\\d{2}|655[0-2]\\d|6553[0-5])$";
			Pattern r = Pattern.compile(pattern);
			Matcher m = r.matcher(str);
			System.out.println(m.matches());
			return m.matches();
		}else {
			return true;
		}
	}


boolean boolindexFromJSP = locationService.testMatch(String.valueOf(id), "StringId");
		if (boolindexFromJSP) {
			mv.addObject("errormessage","站点Id参数错误");			
		}else{


boolean boolindexFromJSP = locationService.testMatch(request.getParameter("buildingId"), "StringId");
            boolean boolindexFromJSP2 = locationService.testMatch(request.getParameter("floornumber"), "floorId");
            boolean boolindexFromJSP3 = locationService.testMatch(request.getParameter("name"), "name");
            boolean boolindexFromJSP4 = locationService.testMatch(request.getParameter("scale"), "scale");
            if (!(boolindexFromJSP&&boolindexFromJSP2&&boolindexFromJSP3&&boolindexFromJSP4)) {
				mv.addObject("errormessage","参数错误");	
				return mv;	

			}

CloseableHttpResponse response =null;

CloseableHttpClient httpclient = null;

		finally{
			try{
				if(bReader != null)
					bReader.close();
			}catch(IOException e){
				e.printStackTrace();
			}
			try{
				if(response != null)
					response.close();
			}catch(IOException e){
				e.printStackTrace();
			}
			if(httpclient != null)
				try {
					httpclient.close();
				} catch (IOException e) {
					e.printStackTrace();
				}

		}

重写父类方法，解密指定属性名对应的属性值   DecryptPropertyPlaceholderConfigurer extends PropertyPlaceholderConfigurer