修改依赖未经验证和完整性检查的cookie

5b4d3504 · 赵灿灿 · 4f8df141 · 5b4d3504 · 5b4d3504 · 5b4d3504
Commit 5b4d3504 authored Mar 02, 2026 by 赵灿灿
4 changed files
--- a/src/main/java/com/infoepoch/pms/dispatchassistant/common/configuration/MvcInterceptConfiguration.java
+++ b/src/main/java/com/infoepoch/pms/dispatchassistant/common/configuration/MvcInterceptConfiguration.java
 package com.infoepoch.pms.dispatchassistant.common.configuration;
+import com.infoepoch.pms.commons.utils.ResponseUtils;
 import com.infoepoch.pms.dispatchassistant.common.component.RedisTool;
 import com.infoepoch.pms.dispatchassistant.common.constant.RedisKeys;
 import com.infoepoch.pms.dispatchassistant.common.exception.NotLoginException;
@@ -105,7 +106,7 @@ public class MvcInterceptConfiguration implements WebMvcConfigurer {
            if (cookies != null) {
                for (Cookie cookie : cookies) {
                    String cookieName = cookie.getName();
-                    if (cookieName.equals(RedisKeys.SIGN)) {
+                    if (ResponseUtils.isCkName(cookie,RedisKeys.SIGN)) {
                        String userStr = redisTool.get(RedisKeys.AUTHED_USER + cookie.getValue());
                        if(userStr == null) {
                            throw new NotLoginException("登录已失效，请重新登录");

--- a/src/main/java/com/infoepoch/pms/dispatchassistant/common/utils/DecodeJWTToken.java
+++ b/src/main/java/com/infoepoch/pms/dispatchassistant/common/utils/DecodeJWTToken.java
@@ -4,6 +4,7 @@ import com.auth0.jwt.JWT;
 import com.auth0.jwt.JWTVerifier;
 import com.auth0.jwt.algorithms.Algorithm;
 import com.auth0.jwt.interfaces.DecodedJWT;
+import com.infoepoch.pms.commons.utils.ResponseUtils;
 import com.infoepoch.pms.dispatchassistant.common.constant.StoreKeys;
 import com.infoepoch.pms.dispatchassistant.common.exception.ValidationException;
 import com.infoepoch.pms.dispatchassistant.domain.basic.store.KeyValueStoreService;
@@ -68,10 +69,10 @@ public class DecodeJWTToken {
        if (cookies != null && cookies.length != 0) {
            Cookie pmsWebCookie = Arrays.stream(cookies).filter((cookie) -> {
-                return "pms-web".equals(cookie.getName());
+                return ResponseUtils.isCkName(cookie,"pms-web");
            }).findAny().orElse(null);
            Cookie ObSSOCookie = Arrays.stream(cookies).filter((cookie) -> {
-                return "ObSSOCookie".equals(cookie.getName());
+                return ResponseUtils.isCkName(cookie,"ObSSOCookie");
            }).findAny().orElse(null);
            if (pmsWebCookie != null) {
                String token = pmsWebCookie.getValue();

--- a/src/main/java/com/infoepoch/pms/dispatchassistant/common/utils/ServletTool.java
+++ b/src/main/java/com/infoepoch/pms/dispatchassistant/common/utils/ServletTool.java
 package com.infoepoch.pms.dispatchassistant.common.utils;
+import com.infoepoch.pms.commons.utils.ResponseUtils;
 import com.infoepoch.pms.dispatchassistant.common.constant.RedisKeys;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
@@ -20,7 +21,7 @@ public class ServletTool {
        Cookie[] cookies = request.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
-                if (cookie.getName().equals(cookieName)) {
+                if (ResponseUtils.isCkName(cookie,cookieName)) {
                    return cookie.getValue();
                }
            }

--- a/src/main/java/com/infoepoch/pms/dispatchassistant/domain/oa/OaService.java
+++ b/src/main/java/com/infoepoch/pms/dispatchassistant/domain/oa/OaService.java
@@ -238,12 +238,13 @@ public class OaService {
        String token = null;
        String server = null;
        for (Cookie cookie : cookies) {
-            if ("ObSSOCookie".equals(cookie.getName())) {
+            if (ResponseUtils.isCkName(cookie,"ObSSOCookie")) {
                token = cookie.getValue();
            }
-            if ("server".equals(cookie.getName())) {
+            if (ResponseUtils.isCkName(cookie,"server")) {
                server = cookie.getValue();
            }
        }
        if (StringUtils.isBlank(token) || StringUtils.isBlank(server)) {
            logger.info("微服务获取OA登陆信息异常,location:TodoService.computerTodoRedirect");
@@ -305,12 +306,13 @@ public class OaService {
        String token = null;
        String server = null;
        for (Cookie cookie : cookies) {
-            if ("ObSSOCookie".equals(cookie.getName())) {
+            if (ResponseUtils.isCkName(cookie,"ObSSOCookie")) {
                token = cookie.getValue();
            }
-            if ("server".equals(cookie.getName())) {
+            if (ResponseUtils.isCkName(cookie,"server")) {
                server = cookie.getValue();
            }
        }
        if (StringUtils.isBlank(token) || StringUtils.isBlank(server)) {
            logger.info("微服务获取OA登陆信息异常,location:TodoService.moaTodoRedirect");