调整cookies中userid为HttpOnly预防篡改，针对动态页面&静态页面使用系统通用授权查询增加预防sql注入。本需求暂无需上线，仅做git留档

03f09aad · 王炜 · d0c76c47 · 03f09aad · 03f09aad
Commit 03f09aad authored Jun 19, 2024 by 王炜
Showing with 346 additions and 0 deletions

DefaultLoginAdaptor.java ...n/java/com/hand/hap/adaptor/impl/DefaultLoginAdaptor.java +3 -0

AbstractFacadeServlet.java src/main/java/leaf/service/http/AbstractFacadeServlet.java +343 -0

No files found.
--- a/src/main/java/com/hand/hap/adaptor/impl/DefaultLoginAdaptor.java
+++ b/src/main/java/com/hand/hap/adaptor/impl/DefaultLoginAdaptor.java
@@ -57,6 +57,8 @@ public class DefaultLoginAdaptor implements ILoginAdaptor {
    private static final boolean VALIDATE_CAPTCHA = true;
+    private static final boolean COOKIES_HTTP_ONLY= true;
    // 校验码
    private static final String KEY_VERIFICODE = "verifiCode";
@@ -519,6 +521,7 @@ public class DefaultLoginAdaptor implements ILoginAdaptor {
        Cookie cookie = new Cookie(cookieName, cookieValue);
        cookie.setPath(StringUtils.defaultIfEmpty(request.getContextPath(), "/"));
        cookie.setMaxAge(-1);
+        cookie.setHttpOnly(COOKIES_HTTP_ONLY);
        response.addCookie(cookie);
    }

--- a/src/main/java/leaf/service/http/AbstractFacadeServlet.java
+++ b/src/main/java/leaf/service/http/AbstractFacadeServlet.java