manager/my-worker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

防登录信息过长攻击

Browse Source
This commit is contained in:
thinkgem
2021-11-29 11:51:16 +08:00
parent 793a5dd014
commit a13fbf45e8
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
modules/core/src/main/java/com/jeesite/common/shiro/filter/FormFilter.java
View File

@@ -107,6 +107,9 @@ public class FormFilter extends org.apache.shiro.web.filter.authc.FormAuthentica
if (StringUtils.isBlank(username)){ if (StringUtils.isBlank(username)){
username = ObjectUtils.toString(request.getAttribute(getUsernameParam()), StringUtils.EMPTY); username = ObjectUtils.toString(request.getAttribute(getUsernameParam()), StringUtils.EMPTY);
} }
if (StringUtils.length(username) > 1000) {
throw new AuthenticationException("msg:"+Global.getText("sys.login.error"));
}
// 登录用户名解密(解决登录用户名明文传输安全问题) // 登录用户名解密(解决登录用户名明文传输安全问题)
String secretKey = Global.getProperty("shiro.loginSubmit.secretKey"); String secretKey = Global.getProperty("shiro.loginSubmit.secretKey");
if (StringUtils.isNotBlank(username) && StringUtils.isNotBlank(secretKey)){ if (StringUtils.isNotBlank(username) && StringUtils.isNotBlank(secretKey)){
@@ -134,6 +137,9 @@ public class FormFilter extends org.apache.shiro.web.filter.authc.FormAuthentica
if (StringUtils.isBlank(password)){ if (StringUtils.isBlank(password)){
password = ObjectUtils.toString(request.getAttribute(getPasswordParam()), StringUtils.EMPTY); password = ObjectUtils.toString(request.getAttribute(getPasswordParam()), StringUtils.EMPTY);
} }
if (StringUtils.length(password) > 1000) {
throw new AuthenticationException("msg:"+Global.getText("sys.login.error"));
}
// 登录密码解密(解决登录密码明文传输安全问题) // 登录密码解密(解决登录密码明文传输安全问题)
String secretKey = Global.getProperty("shiro.loginSubmit.secretKey"); String secretKey = Global.getProperty("shiro.loginSubmit.secretKey");
if (StringUtils.isNotBlank(password) && StringUtils.isNotBlank(secretKey)){ if (StringUtils.isNotBlank(password) && StringUtils.isNotBlank(secretKey)){
@@ -173,6 +179,9 @@ public class FormFilter extends org.apache.shiro.web.filter.authc.FormAuthentica
if (StringUtils.isBlank(captcha)){ if (StringUtils.isBlank(captcha)){
captcha = ObjectUtils.toString(request.getAttribute(CAPTCHA_PARAM), StringUtils.EMPTY); captcha = ObjectUtils.toString(request.getAttribute(CAPTCHA_PARAM), StringUtils.EMPTY);
} }
if (StringUtils.length(captcha) > 100) {
throw new AuthenticationException("msg:"+Global.getText("sys.login.error"));
}
// 登录用户名解密(解决登录用户名明文传输安全问题) // 登录用户名解密(解决登录用户名明文传输安全问题)
String secretKey = Global.getProperty("shiro.loginSubmit.secretKey"); String secretKey = Global.getProperty("shiro.loginSubmit.secretKey");
if (StringUtils.isNotBlank(captcha) && StringUtils.isNotBlank(secretKey)){ if (StringUtils.isNotBlank(captcha) && StringUtils.isNotBlank(secretKey)){