| ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysUser.java | ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 | |
| ruoyi-common/src/main/java/com/ruoyi/common/utils/bean/BeanValidators.java | ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 | |
| ruoyi-common/src/main/java/com/ruoyi/common/xss/Xss.java | ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 | |
| ruoyi-common/src/main/java/com/ruoyi/common/xss/XssValidator.java | ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 | |
| ruoyi-system/src/main/java/com/ruoyi/system/domain/SysNotice.java | ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 | |
| ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java | ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史 |
ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysUser.java
@@ -2,9 +2,7 @@ import java.util.Date; import java.util.List; import javax.validation.constraints.Email; import javax.validation.constraints.NotBlank; import javax.validation.constraints.Size; import javax.validation.constraints.*; import org.apache.commons.lang3.builder.ToStringBuilder; import org.apache.commons.lang3.builder.ToStringStyle; import com.fasterxml.jackson.annotation.JsonIgnore; @@ -14,6 +12,7 @@ import com.ruoyi.common.annotation.Excel.Type; import com.ruoyi.common.annotation.Excels; import com.ruoyi.common.core.domain.BaseEntity; import com.ruoyi.common.xss.Xss; /** * 用户对象 sys_user @@ -135,6 +134,7 @@ this.deptId = deptId; } @Xss(message = "用户昵称不能包含脚本字符") @Size(min = 0, max = 30, message = "用户昵称长度不能超过30个字符") public String getNickName() { @@ -146,6 +146,7 @@ this.nickName = nickName; } @Xss(message = "用户账号不能包含脚本字符") @NotBlank(message = "用户账号不能为空") @Size(min = 0, max = 30, message = "用户账号长度不能超过30个字符") public String getUserName() ruoyi-common/src/main/java/com/ruoyi/common/utils/bean/BeanValidators.java
对比新文件 @@ -0,0 +1,24 @@ package com.ruoyi.common.utils.bean; import java.util.Set; import javax.validation.ConstraintViolation; import javax.validation.ConstraintViolationException; import javax.validation.Validator; /** * bean对象属性验证 * * @author ruoyi */ public class BeanValidators { public static void validateWithException(Validator validator, Object object, Class<?>... groups) throws ConstraintViolationException { Set<ConstraintViolation<Object>> constraintViolations = validator.validate(object, groups); if (!constraintViolations.isEmpty()) { throw new ConstraintViolationException(constraintViolations); } } } ruoyi-common/src/main/java/com/ruoyi/common/xss/Xss.java
对比新文件 @@ -0,0 +1,27 @@ package com.ruoyi.common.xss; import javax.validation.Constraint; import javax.validation.Payload; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; /** * 自定义xss校验注解 * * @author ruoyi */ @Retention(RetentionPolicy.RUNTIME) @Target(value = { ElementType.METHOD, ElementType.FIELD, ElementType.CONSTRUCTOR, ElementType.PARAMETER }) @Constraint(validatedBy = { XssValidator.class }) public @interface Xss { String message() default "不允许任何脚本运行"; Class<?>[] groups() default {}; Class<? extends Payload>[] payload() default {}; } ruoyi-common/src/main/java/com/ruoyi/common/xss/XssValidator.java
对比新文件 @@ -0,0 +1,29 @@ package com.ruoyi.common.xss; import javax.validation.ConstraintValidator; import javax.validation.ConstraintValidatorContext; import java.util.regex.Matcher; import java.util.regex.Pattern; /** * 自定义xss校验注解实现 * * @author ruoyi */ public class XssValidator implements ConstraintValidator<Xss, String> { private final String HTML_PATTERN = "<(\\S*?)[^>]*>.*?|<.*? />"; @Override public boolean isValid(String value, ConstraintValidatorContext constraintValidatorContext) { return !containsHtml(value); } public boolean containsHtml(String value) { Pattern pattern = Pattern.compile(HTML_PATTERN); Matcher matcher = pattern.matcher(value); return matcher.matches(); } } ruoyi-system/src/main/java/com/ruoyi/system/domain/SysNotice.java
@@ -5,6 +5,7 @@ import org.apache.commons.lang3.builder.ToStringBuilder; import org.apache.commons.lang3.builder.ToStringStyle; import com.ruoyi.common.core.domain.BaseEntity; import com.ruoyi.common.xss.Xss; /** * 通知公告表 sys_notice @@ -45,6 +46,7 @@ this.noticeTitle = noticeTitle; } @Xss(message = "公告标题不能包含脚本字符") @NotBlank(message = "公告标题不能为空") @Size(min = 0, max = 50, message = "公告标题不能超过50个字符") public String getNoticeTitle() ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
@@ -3,6 +3,7 @@ import java.util.ArrayList; import java.util.List; import java.util.stream.Collectors; import javax.validation.Validator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -16,6 +17,7 @@ import com.ruoyi.common.exception.ServiceException; import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.bean.BeanValidators; import com.ruoyi.common.utils.spring.SpringUtils; import com.ruoyi.system.domain.SysPost; import com.ruoyi.system.domain.SysUserPost; @@ -55,6 +57,9 @@ @Autowired private ISysConfigService configService; @Autowired protected Validator validator; /** * 根据条件分页查询用户列表 @@ -513,6 +518,7 @@ SysUser u = userMapper.selectUserByUserName(user.getUserName()); if (StringUtils.isNull(u)) { BeanValidators.validateWithException(validator, user); user.setPassword(SecurityUtils.encryptPassword(password)); user.setCreateBy(operName); this.insertUser(user); @@ -521,6 +527,7 @@ } else if (isUpdateSupport) { BeanValidators.validateWithException(validator, user); user.setUpdateBy(operName); this.updateUser(user); successNum++;
