package cn.com.goldenwater.dcproj.intercepter; import cn.com.goldenwater.dcproj.constValue.SplitValue; import cn.com.goldenwater.dcproj.utils.RequestUtils; import cn.com.goldenwater.dcproj.utils.ReturnUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; import org.springframework.web.context.request.NativeWebRequest; import org.springframework.web.context.request.RequestAttributes; import org.springframework.web.context.request.ServletWebRequest; import org.springframework.web.multipart.MultipartFile; import org.springframework.web.multipart.MultipartHttpServletRequest; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.HandlerMapping; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.View; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.PrintWriter; import java.util.Iterator; import java.util.Map; @Component public class FileCheckInterceptor implements HandlerInterceptor { @Value("${notFileAllow}") private String notFileAllow; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { /* NativeWebRequest webRequest = new ServletWebRequest(request); Map map = (Map) webRequest.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE, RequestAttributes.SCOPE_REQUEST); if(map!=null && !map.isEmpty()){ for(String key:map.keySet()){ String value=map.get(key); String content=RequestUtils.cleanScript(value); if(content.contains("error-333:")){ ReturnUtils.responseFail(response,"参数存在异常,请仔细检查",5555); return false; } } }*/ // 判断是否为文件上传请求 if (request != null && request instanceof MultipartHttpServletRequest) { MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request; Map files = multipartRequest.getFileMap(); Iterator iterator = files.keySet().iterator(); if (StringUtils.isBlank(notFileAllow)) { //无约束 return true; } String[] notArrays = notFileAllow.split(SplitValue.FENHAO_SPLIT); if (notArrays.length == 0) { //无约束 return true; } String filename = ""; MultipartFile multipartFile = null; while (iterator.hasNext()) { String formKey = (String) iterator.next(); multipartFile = multipartRequest.getFile(formKey); filename = multipartFile.getOriginalFilename(); int lastIndexOf = filename.lastIndexOf("."); filename = filename.substring(lastIndexOf); boolean isFound = false; for (String str : notArrays) { if (StringUtils.isBlank(str)) { continue; } if (filename.equals(str) || filename.trim().equals(str)) { isFound = true; break; } } if (isFound) { response.setCharacterEncoding("UTF-8"); response.setContentType("application/json;charset=utf-8"); PrintWriter printWriter = response.getWriter(); printWriter.write("上传文件有异常,已被系统禁止!"); return false; } multipartFile = null; } } return true; } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { // TODO Auto-generated method stub } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { // TODO Auto-generated method stub } }