WangZhiJian/ggpx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

定时任务屏蔽http(s)远程调用

Browse Source
This commit is contained in:
RuoYi 2021-07-30 11:28:46 +08:00
parent 2de5cc52d1
commit 8ed7916b61
2 changed files with 45 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
ruoyi-common/src/main/java/com/ruoyi/common/utils/StringUtils.java
View File

@ -324,6 +324,29 @@ public class StringUtils extends org.apache.commons.lang3.StringUtils
return list; return list;
} }
/**
* 查找指定字符串是否包含指定字符串列表中的任意一个字符串同时串忽略大小写
*
* @param cs 指定字符串
* @param searchCharSequences 需要检查的字符串数组
* @return 是否包含任意一个字符串
*/
public static boolean containsAnyIgnoreCase(CharSequence cs, CharSequence... searchCharSequences)
{
if (isEmpty(cs) || isEmpty(searchCharSequences))
{
return false;
}
for (CharSequence testStr : searchCharSequences)
{
if (containsIgnoreCase(cs, testStr))
{
return true;
}
}
return false;
}
/** /**
* 驼峰转下划线命名 * 驼峰转下划线命名
*/ */

36
ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java
View File

@ -79,18 +79,22 @@ public class SysJobController extends BaseController
@PreAuthorize("@ss.hasPermi('monitor:job:add')") @PreAuthorize("@ss.hasPermi('monitor:job:add')")
@Log(title = "定时任务", businessType = BusinessType.INSERT) @Log(title = "定时任务", businessType = BusinessType.INSERT)
@PostMapping @PostMapping
public AjaxResult add(@RequestBody SysJob sysJob) throws SchedulerException, TaskException public AjaxResult add(@RequestBody SysJob job) throws SchedulerException, TaskException
{ {
if (!CronUtils.isValid(sysJob.getCronExpression())) if (!CronUtils.isValid(job.getCronExpression()))
{ {
return AjaxResult.error("新增任务'" + sysJob.getJobName() + "'失败Cron表达式不正确"); return error("新增任务'" + job.getJobName() + "'失败Cron表达式不正确");
} }
else if (StringUtils.containsIgnoreCase(sysJob.getInvokeTarget(), Constants.LOOKUP_RMI)) else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_RMI))
{ {
return AjaxResult.error("新增任务'" + sysJob.getJobName() + "'失败,目标字符串不允许'rmi://'调用"); return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'rmi://'调用");
} }
sysJob.setCreateBy(SecurityUtils.getUsername()); else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS }))
return toAjax(jobService.insertJob(sysJob)); {
return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'http(s)//'调用");
}
job.setCreateBy(SecurityUtils.getUsername());
return toAjax(jobService.insertJob(job));
} }
/** /**
@ -99,18 +103,22 @@ public class SysJobController extends BaseController
@PreAuthorize("@ss.hasPermi('monitor:job:edit')") @PreAuthorize("@ss.hasPermi('monitor:job:edit')")
@Log(title = "定时任务", businessType = BusinessType.UPDATE) @Log(title = "定时任务", businessType = BusinessType.UPDATE)
@PutMapping @PutMapping
public AjaxResult edit(@RequestBody SysJob sysJob) throws SchedulerException, TaskException public AjaxResult edit(@RequestBody SysJob job) throws SchedulerException, TaskException
{ {
if (!CronUtils.isValid(sysJob.getCronExpression())) if (!CronUtils.isValid(job.getCronExpression()))
{ {
return AjaxResult.error("修改任务'" + sysJob.getJobName() + "'失败Cron表达式不正确"); return error("修改任务'" + job.getJobName() + "'失败Cron表达式不正确");
} }
else if (StringUtils.containsIgnoreCase(sysJob.getInvokeTarget(), Constants.LOOKUP_RMI)) else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_RMI))
{ {
return AjaxResult.error("修改任务'" + sysJob.getJobName() + "'失败,目标字符串不允许'rmi://'调用"); return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'rmi://'调用");
} }
sysJob.setUpdateBy(SecurityUtils.getUsername()); else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS }))
return toAjax(jobService.updateJob(sysJob)); {
return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'http(s)//'调用");
}
job.setUpdateBy(SecurityUtils.getUsername());
return toAjax(jobService.updateJob(job));
} }
/** /**