接口测试修改

tooth-wechat-web/src/main/java/com/iamberry/wechat/filters/CSRFTokenFilter.java

@@ -31,17 +31,17 @@ import com.iamberry.wechat.tools.IpAddressUtil;
  */
 //@WebFilter(value = {"/admin/*", "/loginUI"})
 public class CSRFTokenFilter implements Filter {
-	
+
 	/**
 	 * DES对称加密
 	 */
 	private static MD5 md5 = new MD5();
-	
+
 	/**
 	 * 后台登录地址
 	 */
 	private static String ADMIN_LOGIN_URL;
-	
+
 	/**
 	 * 签名格式
 	 */
@@ -52,10 +52,10 @@ public class CSRFTokenFilter implements Filter {
 		if (ADMIN_LOGIN_URL == null) {
 			ADMIN_LOGIN_URL = request.getServletContext().getContextPath() + "/loginUI";
 		}
-		
+
 		HttpServletRequest req = (HttpServletRequest) request;
 		HttpServletResponse resp = (HttpServletResponse) response;
-		
+
 		// 当前请求uri
 		String uri = req.getRequestURI();
 		// 是否请求登录页面，如果是，那么创建数据，放行。
@@ -65,7 +65,7 @@ public class CSRFTokenFilter implements Filter {
 			chain.doFilter(req, resp);
 			return;
 		}
-		
+
 		// 是否请求后台页面数据，如果是不放行,继续判断，如果是请求后台的静态资源，那么放行
 		if (!isAdminPage(uri)) {
 			chain.doFilter(req, resp);return;
@@ -78,15 +78,15 @@ public class CSRFTokenFilter implements Filter {
 		}
 		chain.doFilter(req, resp);
 	}
-	
+
 	/**
 	 * 是否为后台页面请求
 	 * @param uri
 	 */
 	public boolean isAdminPage(String uri) {
-		
+
 		if (StringUtils.lastIndexOfAny(uri, "png", "jpg", "jpeg", "js", "css", "ttf", "wttf") != -1) return false;
-		
+
 		if (uri.contains("admin")) return true;
 		return false;
 	}
@@ -99,7 +99,7 @@ public class CSRFTokenFilter implements Filter {
 		if (uri.contains(ADMIN_LOGIN_URL)) return true;
 		return false;
 	}
-	
+
 	/**
 	 * 处理后台页面请求
 	 * @param request
@@ -113,7 +113,7 @@ public class CSRFTokenFilter implements Filter {
 		String TIME_KEY = (String) request.getSession().getAttribute("4");
 		String SESSION_KEY = (String) request.getSession().getAttribute("5");
 		String SIGN_KEY = (String) request.getSession().getAttribute("6");
-		
+
 		String token = null, ip = null, userAgent = null, timestamp = null, sessionId = null, signature = null;
 		Cookie[] cookies = request.getCookies();
 		for(Cookie cookie : cookies){
@@ -131,7 +131,7 @@ public class CSRFTokenFilter implements Filter {
 				signature = cookie.getValue();
 			}
 		}
-		
+
 		if (StringUtils.isEmpty(token) || StringUtils.isEmpty(ip) || StringUtils.isEmpty(userAgent) || StringUtils.isEmpty(timestamp) || StringUtils.isEmpty(sessionId) || StringUtils.isEmpty(signature)) {
 			return false;
 		}
@@ -145,13 +145,13 @@ public class CSRFTokenFilter implements Filter {
 				return false;
 			}
 		} catch (Exception e) {e.printStackTrace();}
-		
+
 		String ipTemp = IpAddressUtil.getIpAddr(request);
 		ipTemp = StringUtils.isEmpty(ipTemp) ? "proxyClientIp" : StringUtils.replace(ipTemp, ".", "");
 		if (!StringUtils.equals(ip, ipTemp)) {
 			return false;
 		}
-		
+
 		// 是否超时
 		try {
 			Long date = Long.parseLong(timestamp);
@@ -164,14 +164,14 @@ public class CSRFTokenFilter implements Filter {
 			return false;
 		}
 	}
-	
+
 	/**
 	 * 保存用户校验所需的数据
 	 * @param request
-	 * @throws Exception 
+	 * @throws Exception
 	 */
 	public static void savesSignatureToToken(HttpServletRequest request, HttpServletResponse response) {
-		
+
 		// 如果已经存在值，不要变更名称保存，否则最后会导致cookie过多，tomcat直接返回400; 如果不存在，那么随机产生，防止被猜测
 		String TOKEN_KEY = (String) request.getSession().getAttribute("1");
 		String IP_KEY = (String) request.getSession().getAttribute("2");
@@ -240,7 +240,7 @@ public class CSRFTokenFilter implements Filter {
 		cookie.setHttpOnly(true);	// 不允许页面读取cookie,此方法不安全，最终保证还是取决浏览器，某些浏览器不支持。
 		response.addCookie(cookie);
 	}
-	
+
 	/**
 	 * 根据name,解析token中的数据
 	 * @param cookieName
@@ -266,7 +266,7 @@ public class CSRFTokenFilter implements Filter {
 	 * @return
 	 */
 	public static String signature(String userAgent, String userIp,
-			String format, String token, String timestamp, String sessionId) {
+								   String format, String token, String timestamp, String sessionId) {
 		// 准备签名模版
 		String signatureTemp = String.format(SIGNATURE_SIMPLE, userAgent, userIp, token, timestamp, sessionId);
 		// md5签名
@@ -299,7 +299,7 @@ public class CSRFTokenFilter implements Filter {
 			return UUID.randomUUID().toString().getBytes();
 		}
 	}
-	
+
 	/**
 	 * 获取一个安全的随机数
 	 * @return
@@ -320,7 +320,7 @@ public class CSRFTokenFilter implements Filter {
 		return hs.toUpperCase();
 	}
 
-    public CSRFTokenFilter() {}
+	public CSRFTokenFilter() {}
 	public void destroy() {}
 	public void init(FilterConfig fConfig) throws ServletException {}
 }

tooth-wechat-web/src/main/java/com/iamberry/wechat/filters/WechatFilter.java

@@ -24,11 +24,11 @@ import com.iamberry.wechat.core.entity.WechatUtils;
  * @date	2016年12月2日
  * @explain
  */
-@WebFilter(value = { "/wechat/*","/pay/goOrderInfo" })
+@WebFilter(value = { "/wechat","/pay/goOrderInfo" })
 public class WechatFilter implements Filter {
 
 	private static Logger logger = LoggerFactory.getLogger(WechatFilter.class);
-	
+
 	public void doFilter(ServletRequest request, ServletResponse response,
 			FilterChain chain) throws IOException, ServletException {
 		// 权限拦截类
@@ -48,14 +48,14 @@ public class WechatFilter implements Filter {
 			}
 		}
 	}
-	
+
 	/**
 	 * 处理没有登录的用户流程
 	 * @param req
 	 * @param resp
 	 * @param chain
 	 * @author 献
-	 * @throws Exception 
+	 * @throws Exception
 	 * @Time   2016年11月24日
 	 */
 	public void forword(HttpServletRequest req, HttpServletResponse resp, FilterChain chain) throws Exception {
@@ -65,7 +65,7 @@ public class WechatFilter implements Filter {
 //			chain.doFilter(req, resp);
 //			return;
 //		}
-		
+
 		// 如果不是扫描二维码，那么获取后转发微信服务器，完成授权。
 		String query = req.getQueryString();
 		String urlstr = new String(req.getRequestURI().toString().replace(req.getContextPath(), ""));
@@ -73,18 +73,18 @@ public class WechatFilter implements Filter {
 			urlstr = urlstr + "?" + query;
 		}
 		String url = WechatUtils.getOpenIdFunction(urlstr);
-		
+
 		// 判断请求,如果是来自Ajax，那么直接返回302跳转会导致前端报错，所以返回JSON格式数据，状态为200
 		String requestedWith = req.getHeader("x-requested-with");
 		String accept = req.getHeader("accept");
-		if ((StringUtils.isNotEmpty(requestedWith) && requestedWith.indexOf("XMLHttpRequest") != -1) 
+		if ((StringUtils.isNotEmpty(requestedWith) && requestedWith.indexOf("XMLHttpRequest") != -1)
 				|| (StringUtils.isNotEmpty(accept) && accept.indexOf("json") != -1)) {
 			// 客户端需要的是json数据
 			String redirectURL = req.getHeader("Referer");
 			resp.getWriter().write("{\"isRedirect\":true, \"redirectURL\":\"" + WechatUtils.getOpenIdFunction(redirectURL) + "\"}");
 			return;
 		}
-		
+
 		// 客户端没有登录的请求不是来自于Ajax，可以执行跳转动作
 		resp.sendRedirect(url);
 	}
@@ -99,7 +99,7 @@ public class WechatFilter implements Filter {
 	 * @author 献
 	 * @Time   2016年12月2日
 	 */
-	public void setRequestDispatcherInfo(HttpServletRequest req, HttpServletResponse resp, String url) 
+	public void setRequestDispatcherInfo(HttpServletRequest req, HttpServletResponse resp, String url)
 			throws ServletException, IOException {resp.sendRedirect(url);}
 	public void init(FilterConfig fConfig) throws ServletException {}
 	public void destroy() {}