|
|
|
|
@ -1,29 +1,32 @@ |
|
|
|
|
/* |
|
|
|
|
* Copyright (c) 2023 - 2024. KeyWare.Co.Ltd All rights reserved. |
|
|
|
|
* 项目名称:信息安全性设计准则检查插件 |
|
|
|
|
* 项目描述:用于检查源代码的安全性设计准则的Sonarqube插件 |
|
|
|
|
* 版权说明:本软件属北京关键科技股份有限公司所有,在未获得北京关键科技股份有限公司正式授权情况下,任何企业和个人,不能获取、阅读、安装、传播本软件涉及的任何受知识产权保护的内容。 |
|
|
|
|
*/ |
|
|
|
|
|
|
|
|
|
import com.fasterxml.classmate.Filter; |
|
|
|
|
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; |
|
|
|
|
|
|
|
|
|
import javax.servlet.*; |
|
|
|
|
import javax.servlet.FilterChain; |
|
|
|
|
import javax.servlet.ServletException; |
|
|
|
|
import javax.servlet.ServletRequest; |
|
|
|
|
import javax.servlet.ServletResponse; |
|
|
|
|
import javax.servlet.http.HttpServletRequest; |
|
|
|
|
import javax.servlet.http.HttpServletResponse; |
|
|
|
|
import javax.servlet.http.HttpSession; |
|
|
|
|
import java.io.IOException; |
|
|
|
|
|
|
|
|
|
public class ExampleServlet { |
|
|
|
|
public class UserStatusVerifyChecker { |
|
|
|
|
|
|
|
|
|
private static final long serialVersionUID = 1391640560504378168L; |
|
|
|
|
|
|
|
|
|
static class UserService { |
|
|
|
|
public static boolean validate(String username, String password) { |
|
|
|
|
return true; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
public class AuthenticationFilter implements Filter { |
|
|
|
|
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {// Noncompliant {{对用户进行身份鉴别并建立一个新的会话时让原来的会话失效}}
|
|
|
|
|
// HttpServletRequest request = (HttpServletRequest) req;
|
|
|
|
|
// boolean isValidUser = false;
|
|
|
|
|
HttpServletRequest request = (HttpServletRequest) req; |
|
|
|
|
boolean isValidUser = false; |
|
|
|
|
// String username = request.getParameter("username");
|
|
|
|
|
// String password = request.getParameter("password");
|
|
|
|
|
// // 这里应通过相关业务逻辑来验证用户名和密码的准确性
|
|
|
|
|
isValidUser = UserService.validate(username, password); |
|
|
|
|
// isValidUser = UserService.validate(username, password);
|
|
|
|
|
if (isValidUser) { |
|
|
|
|
HttpSession oldSession = request.getSession(false); |
|
|
|
|
if (oldSession != null) { |
|
|
|
|
@ -34,9 +37,14 @@ public class ExampleServlet { |
|
|
|
|
newSession.setAttribute("username", username); |
|
|
|
|
chain.doFilter(req, resp); // 继续执行下一个过滤器或请求
|
|
|
|
|
} else { |
|
|
|
|
request.getRequestDispatcher("/login.jsp").forward(request, resp); // 跳转到登录页面
|
|
|
|
|
req.getRequestDispatcher("/login.jsp").forward(req, resp); // 跳转到登录页面
|
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@Override |
|
|
|
|
public boolean include(Object o) { |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
public class AuthenticationInterceptor extends HandlerInterceptorAdapter { |
|
|
|
|
@ -47,9 +55,9 @@ public class ExampleServlet { |
|
|
|
|
String password = request.getParameter("password"); |
|
|
|
|
isValidUser = UserService.validate(username, password); |
|
|
|
|
if (isValidUser) { |
|
|
|
|
HttpSession oldSession = request.getSession(false); |
|
|
|
|
// HttpSession oldSession = request.getSession(false);
|
|
|
|
|
if (oldSession != null) { |
|
|
|
|
// oldSession.invalidate();
|
|
|
|
|
oldSession.invalidate(); |
|
|
|
|
} |
|
|
|
|
HttpSession newSession = request.getSession(true); |
|
|
|
|
newSession.setMaxInactiveInterval(30 * 60); |
|
|
|
|
|
RenFengJiang
8 months ago