Skip to content

Commit 339444e

Browse files
TommyLemonTommyLemon
committed
同步eclipse4javaee版至idea版
1 parent 919b2e0 commit 339444e

3 files changed

Lines changed: 158 additions & 9 deletions

File tree

APIJSON(Server)/APIJSON(Idea)/src/main/java/zuo/biao/apijson/server/RequestParser.java

Lines changed: 23 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -13,19 +13,22 @@
1313
limitations under the License.*/
1414

1515
package zuo.biao.apijson.server;
16+
import static zuo.biao.apijson.StringUtil.UTF_8;
17+
1618
import java.io.UnsupportedEncodingException;
1719
import java.net.URLDecoder;
20+
import java.rmi.AccessException;
1821
import java.util.HashMap;
1922
import java.util.Map;
2023
import java.util.Set;
2124

2225
import com.alibaba.fastjson.JSONObject;
26+
2327
import zuo.biao.apijson.JSON;
2428
import zuo.biao.apijson.StringUtil;
29+
import zuo.biao.apijson.server.sql.AccessVerifier;
2530
import zuo.biao.apijson.server.sql.QueryHelper;
2631

27-
import static zuo.biao.apijson.StringUtil.UTF_8;
28-
2932
/**parser for parsing request to JSONObject
3033
* @author Lemon
3134
*/
@@ -54,10 +57,12 @@ public JSONObject parse(String json) {
5457

5558
relationMap = new HashMap<String, String>();
5659
parseRelation = false;
57-
requestObject = getObject(null, null, null, JSON.parseObject(json));
60+
requestObject = JSON.parseObject(json);
61+
requestObject = getObject(null, null, null, requestObject);
5862
parseRelation = true;
5963
requestObject = getObject(null, null, null, requestObject);
60-
System.out.println(TAG + "\n\n最终返回至客户端的json:\n" + JSON.toJSONString(requestObject));
64+
65+
requestObject = AccessVerifier.removeAccessInfo(requestObject);
6166

6267
/**
6368
* TODO 格式化json,去除标记array内object位置的数字,转为[]形式,比如
@@ -68,7 +73,8 @@ public JSONObject parse(String json) {
6873

6974
QueryHelper.getInstance().close();
7075
// QueryHelper2.getInstance().close();
71-
76+
77+
System.out.println(TAG + "\n\n最终返回至客户端的json:\n" + JSON.toJSONString(requestObject));
7278
return requestObject;
7379
}
7480

@@ -144,7 +150,15 @@ private JSONObject getObject(String parentPath, final QueryConfig parentConfig,
144150
config2.setLimit(parentConfig.getLimit()).setPage(parentConfig.getPage())
145151
.setPosition(parentConfig.getPosition());//避免position > 0的object获取不到
146152
}
147-
JSONObject result = getSQLObject(config2);
153+
JSONObject result = null;
154+
try {
155+
result = getSQLObject(config2);
156+
} catch (AccessException e) {
157+
// e.printStackTrace();
158+
result = new JSONObject(true);
159+
result.put("status", 403);
160+
result.put("message", e.getMessage());
161+
}
148162
// if (result != null) {
149163
transferredRequest = result;
150164
if (parseRelation) {
@@ -389,9 +403,11 @@ private JSONObject getJSONObject(JSONObject object, String key) {
389403
/**获取数据库返回的String
390404
* @param config
391405
* @return
406+
* @throws AccessException
392407
*/
393-
private synchronized JSONObject getSQLObject(QueryConfig config) {
408+
private synchronized JSONObject getSQLObject(QueryConfig config) throws AccessException {
394409
System.out.println("getSQLObject config = " + JSON.toJSONString(config));
410+
AccessVerifier.verify(requestObject, config == null ? null : config.getTable());
395411
return QueryHelper.getInstance().select(config);//QueryHelper2.getInstance().select(config);//
396412
}
397413

APIJSON(Server)/APIJSON(Idea)/src/main/java/zuo/biao/apijson/server/sql/AccessVerifier.java

Lines changed: 129 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,129 @@
1+
package zuo.biao.apijson.server.sql;
2+
3+
import java.rmi.AccessException;
4+
5+
import com.alibaba.fastjson.JSONObject;
6+
7+
import zuo.biao.apijson.StringUtil;
8+
9+
/**权限验证类
10+
* @author Lemon
11+
*/
12+
public class AccessVerifier {
13+
private static final String TAG = "AccessVerifier: ";
14+
15+
private static final int ACCESS_LOGIN = 1;
16+
private static final int ACCESS_PAY = 2;
17+
18+
public static final String KEY_CURRENT_USER_ID = "currentUserId";
19+
public static final String KEY_LOGIN_PASSWORD = "loginPassword";
20+
public static final String KEY_PAY_PASSWORD = "payPassword";
21+
22+
// public static final String[] LOGIN_ACCESS_TABLE_NAMES = {"Work", "Comment"};
23+
public static final String[] PAY_ACCESS_TABLE_NAMES = {"Wallet"};
24+
25+
/**验证权限是否通过
26+
* @param request
27+
* @param tableName
28+
* @return
29+
*/
30+
public static boolean verify(JSONObject request, String tableName) throws AccessException {
31+
try {
32+
verify(request, getAccessId(tableName));
33+
} catch (AccessException e) {
34+
throw new AccessException(TAG + "verify tableName = " + tableName + ", error = " + e.getMessage());
35+
}
36+
return true;
37+
}
38+
39+
40+
/**验证权限是否通过
41+
* @param request
42+
* @param accessId 可以直接在代码里写ACCESS_LOGIN等,或者建一个Access表,包括id和需要改权限的table的tableName列表
43+
* @return
44+
* @throws AccessException
45+
*/
46+
public static boolean verify(JSONObject request, int accessId) throws AccessException {
47+
if (accessId < 0 || request == null) {
48+
return true;
49+
}
50+
long currentUserId = request.getLongValue(KEY_CURRENT_USER_ID);
51+
if (currentUserId <= 0) {
52+
throw new AccessException(TAG + "verify accessId = " + accessId
53+
+ " >> currentUserId <= 0, currentUserId = " + currentUserId);
54+
}
55+
String password;
56+
57+
switch (accessId) {
58+
case ACCESS_LOGIN:
59+
password = StringUtil.getString(request.getString(KEY_LOGIN_PASSWORD));
60+
if (password.equals(StringUtil.getString(getLoginPassword(currentUserId))) == false) {
61+
throw new AccessException(TAG + "verify accessId = " + accessId
62+
+ " >> currentUserId or loginPassword error"
63+
+ " currentUserId = " + currentUserId + ", loginPassword = " + password);
64+
}
65+
case ACCESS_PAY:
66+
password = StringUtil.getString(request.getString(KEY_PAY_PASSWORD));
67+
if (password.equals(StringUtil.getString(getPayPassword(currentUserId))) == false) {
68+
throw new AccessException(TAG + "verify accessId = " + accessId
69+
+ " >> currentUserId or payPassword error"
70+
+ " currentUserId = " + currentUserId + ", payPassword = " + password);
71+
}
72+
default:
73+
return true;
74+
}
75+
}
76+
77+
/**获取权限id
78+
* @param tableName
79+
* @return
80+
*/
81+
public static int getAccessId(String tableName) {
82+
if (StringUtil.isNotEmpty(tableName, true) == false) {
83+
return -1;
84+
}
85+
// for (int i = 0; i < LOGIN_ACCESS_TABLE_NAMES.length; i++) {
86+
// if (tableName.equals(LOGIN_ACCESS_TABLE_NAMES[i])) {
87+
// return ACCESS_LOGIN;
88+
// }
89+
// }
90+
for (int i = 0; i < PAY_ACCESS_TABLE_NAMES.length; i++) {
91+
if (tableName.equals(PAY_ACCESS_TABLE_NAMES[i])) {
92+
return ACCESS_PAY;
93+
}
94+
}
95+
return -1;
96+
}
97+
98+
/**获取登录密码
99+
* @param userId
100+
* @return
101+
*/
102+
public static String getLoginPassword(long userId) {
103+
// TODO 查询并返回对应userId的登录密码
104+
return "123456";//仅测试用
105+
}
106+
107+
/**获取支付密码
108+
* @param userId
109+
* @return
110+
*/
111+
public static String getPayPassword(long userId) {
112+
// TODO 查询并返回对应userId的支付密码
113+
return "123456";//仅测试用
114+
}
115+
116+
/**删除请求里的权限信息
117+
* @param requestObject
118+
* @return
119+
*/
120+
public static JSONObject removeAccessInfo(JSONObject requestObject) {
121+
if (requestObject != null) {
122+
requestObject.remove(KEY_CURRENT_USER_ID);
123+
requestObject.remove(KEY_LOGIN_PASSWORD);
124+
requestObject.remove(KEY_PAY_PASSWORD);
125+
}
126+
return requestObject;
127+
}
128+
129+
}

APIJSON(Server)/APIJSON(Idea)/src/main/java/zuo/biao/apijson/server/sql/QueryHelper.java

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -58,8 +58,12 @@ public Connection getConnection() throws Exception {
5858
private static DatabaseMetaData metaData;
5959
public void close() {
6060
try {
61-
statement.close();
62-
connection.close();
61+
if (statement != null && statement.isClosed() == false) {
62+
statement.close();
63+
}
64+
if (connection != null && connection.isClosed() == false) {
65+
connection.close();
66+
}
6367
} catch (SQLException e) {
6468
e.printStackTrace();
6569
}

0 commit comments

Comments
 (0)