代码扫描问题解决

chsm-web-manage/src/main/java/com/sunyard/chsm/controller/AppCertController.java

@@ -7,8 +7,10 @@ import com.sunyard.chsm.model.dto.CertDTO;
 import com.sunyard.chsm.service.AppCertService;
 import com.sunyard.ssp.common.annotation.AuditControllerLog;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -31,6 +33,11 @@ public class AppCertController {
     @Resource
     private AppCertService appCertService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     /**
      * 分页查询应用证书列表
      *

chsm-web-manage/src/main/java/com/sunyard/chsm/controller/ApplicationController.java

@@ -10,8 +10,10 @@ import com.sunyard.chsm.service.ApplicationService;
 import com.sunyard.ssp.common.annotation.AuditControllerLog;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.util.Assert;
+import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -35,6 +37,11 @@ public class ApplicationController {
     @Resource
     private ApplicationService applicationService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     /**
      * 分页查询应用列表
      *

chsm-web-manage/src/main/java/com/sunyard/chsm/controller/CaController.java

@@ -7,8 +7,10 @@ import com.sunyard.chsm.model.dto.CertDTO;
 import com.sunyard.chsm.service.CaCertService;
 import com.sunyard.ssp.common.annotation.AuditControllerLog;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -32,6 +34,11 @@ public class CaController {
     @Resource
     private CaCertService caCertService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     /**
      * 分页查询CA列表
      *

chsm-web-manage/src/main/java/com/sunyard/chsm/controller/CryptoServiceController.java

@@ -10,8 +10,10 @@ import com.sunyard.chsm.service.CryptoServiceService;
 import com.sunyard.ssp.common.annotation.AuditControllerLog;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.util.Assert;
+import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -38,6 +40,11 @@ public class CryptoServiceController {
     @Resource
     private CryptoServiceService cryptoServiceService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     /**
      * 查询密码服务接口分组列表
      *

chsm-web-manage/src/main/java/com/sunyard/chsm/controller/DeviceController.java

@@ -9,8 +9,10 @@ import com.sunyard.chsm.model.R;
 import com.sunyard.chsm.service.DeviceService;
 import com.sunyard.ssp.common.annotation.AuditControllerLog;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -37,6 +39,11 @@ public class DeviceController {
     @Resource
     private DeviceService deviceService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     /**
      * 分页查询密码设备列表
      *

chsm-web-manage/src/main/java/com/sunyard/chsm/controller/DeviceGroupController.java

@@ -6,8 +6,10 @@ import com.sunyard.chsm.dto.DeviceGroupDTO;
 import com.sunyard.chsm.model.R;
 import com.sunyard.chsm.service.DeviceGroupService;
 import com.sunyard.ssp.common.annotation.AuditControllerLog;
+import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -30,6 +32,11 @@ public class DeviceGroupController {
     @Resource
     private DeviceGroupService deviceGroupService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     /**
      * 分页查询设备组列表
      *

chsm-web-manage/src/main/java/com/sunyard/chsm/controller/IpWhitelistController.java

@@ -6,7 +6,9 @@ import com.sunyard.chsm.dto.IpWhitelistDTO;
 import com.sunyard.chsm.model.R;
 import com.sunyard.chsm.service.IpWhitelistService;
 import com.sunyard.ssp.common.annotation.AuditControllerLog;
+import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -30,6 +32,11 @@ public class IpWhitelistController {
     @Resource
     private IpWhitelistService iIpWhitelistService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     /**
      * 分页查询设备组列表
      *

chsm-web-manage/src/main/java/com/sunyard/chsm/controller/KeyInfoAsymController.java

@@ -10,7 +10,9 @@ import org.springframework.core.io.ByteArrayResource;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -32,6 +34,11 @@ public class KeyInfoAsymController {
     @Resource
     private KeyInfoService keyInfoService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
 
     /**
      * 分页查询非对称密钥列表

chsm-web-manage/src/main/java/com/sunyard/chsm/controller/KeyInfoController.java

@@ -8,7 +8,9 @@ import com.sunyard.chsm.model.dto.KeyInfoDTO;
 import com.sunyard.chsm.service.KeyInfoService;
 import com.sunyard.ssp.common.annotation.AuditControllerLog;
 import com.sunyard.ssp.common.exception.SspwebException;
+import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -35,6 +37,11 @@ public class KeyInfoController {
     @Resource
     private KeyInfoService keyInfoService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     /**
      * 获取密钥状态选项
      */

chsm-web-manage/src/main/java/com/sunyard/chsm/controller/KeyInfoSymController.java

@@ -12,7 +12,9 @@ import org.springframework.core.io.Resource;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -33,6 +35,11 @@ public class KeyInfoSymController {
     @Autowired
     private KeyInfoService keyInfoService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
 
     /**
      * 分页查询对称密钥列表

chsm-web-manage/src/main/java/com/sunyard/chsm/controller/KeyTemplateController.java

@@ -6,8 +6,10 @@ import com.sunyard.chsm.dto.KeyTemplateDTO;
 import com.sunyard.chsm.model.R;
 import com.sunyard.chsm.service.KeyTemplateService;
 import com.sunyard.ssp.common.annotation.AuditControllerLog;
+import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -30,6 +32,11 @@ public class KeyTemplateController {
     @Resource
     private KeyTemplateService keyTemplateService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     /**
      * 分页查询密钥模版
      *

chsm-web-manage/src/main/java/com/sunyard/chsm/controller/TmkController.java

@@ -6,7 +6,9 @@ import com.sunyard.chsm.service.TmkService;
 import lombok.Data;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.tuple.Pair;
+import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -31,6 +33,11 @@ public class TmkController {
     @Resource
     private TmkService tmkService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     /**
      * 查询主密钥生成状态
      *

chsm-web-manage/src/main/java/com/sunyard/config/security/jwt/JWTAuthenticationFilter.java

@@ -22,12 +22,10 @@ import org.springframework.security.web.authentication.www.BasicAuthenticationFi
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
-import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.List;
 import java.util.concurrent.TimeUnit;
 
@@ -77,11 +75,6 @@ public class JWTAuthenticationFilter extends BasicAuthenticationFilter   {
             header = request.getParameter(SecurityConstant.HEADER);
         }
 
-        if(StrUtil.isBlank(header) && request.getCookies()!=null){
-            Cookie cookie = Arrays.stream(request.getCookies()).filter(tmpCookie -> SecurityConstant.HEADER.equals(tmpCookie.getName())).findAny().orElse(null);
-            header = cookie == null?null: cookie.getValue();
-        }
-
         Boolean notValid = StrUtil.isBlank(header) || (!tokenRedis && !header.startsWith(SecurityConstant.TOKEN_SPLIT));
         if (notValid) {
             chain.doFilter(request, response);

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/common/CaptchaController.java

@@ -10,6 +10,8 @@ import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -33,6 +35,11 @@ public class CaptchaController {
     @Autowired
     private StringRedisTemplate redisTemplate;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     @RequestMapping(value = "/init",method = RequestMethod.GET)
     @ApiOperation(value = "初始化验证码")
     public Result<Object> initCaptcha() {

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/monitor/log/controller/AuditLogController.java

@@ -17,6 +17,8 @@ import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -46,6 +48,11 @@ public class AuditLogController {
     @Autowired
     private SecurityUtil securityUtil;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     @RequestMapping(value = "/getById",method = RequestMethod.GET)
     @ResponseBody
     @ApiOperation(value = "通过id获取")

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/monitor/log/controller/LogDownloadController.java

@@ -7,7 +7,9 @@ import org.springframework.core.io.Resource;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -21,6 +23,11 @@ public class LogDownloadController {
     @Autowired
     private LogDownloadService logService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     @GetMapping("/download/logs")
     public ResponseEntity<Resource> downloadLogs(
             @RequestParam("startDate") String startDateStr,

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/monitor/log/controller/LogSignController.java

@@ -29,6 +29,8 @@ import io.swagger.annotations.ApiOperation;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -58,6 +60,11 @@ public class LogSignController {
     @Autowired
     private IAuditLogService auditLogService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     @RequestMapping(value = "/getByCondition", method = RequestMethod.GET)
     @ApiOperation(value = "日志签名分页条件查询")
     public Result<org.springframework.data.domain.Page<LogSign>> getByCondition(@ModelAttribute LogSign logSign,

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/monitor/log/controller/SysLogController.java

@@ -12,6 +12,8 @@ import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -35,6 +37,11 @@ public class SysLogController {
     @Autowired
     private ISysLogService iSysLogService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
 
 
     @RequestMapping(value = "/queryList",method = RequestMethod.GET)

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/monitor/transaction/controller/TransactionController.java

@@ -10,6 +10,8 @@ import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -25,6 +27,11 @@ public class TransactionController {
     @Autowired
     private TransactionService transactionService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     @RequestMapping(value = "/getTransactionData", method = RequestMethod.POST)
     @ResponseBody
     @ApiOperation(value = "获得交易监控的数据")

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/sdk/SdkApiServiceImpl.java

@@ -11,11 +11,10 @@ import com.sunyard.ssp.constv.KeyType;
 import com.sunyard.ssp.constv.PublicKeyType;
 import com.sunyard.ssp.constv.SplitMode;
 import com.sunyard.ssp.proto.sdk.Sdk;
+import com.sunyard.ssp.utils.RandomUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import java.util.Random;
-
 /**
  * @author:tsz
  * @date:2020/5/21
@@ -258,7 +257,7 @@ public class SdkApiServiceImpl implements SdkApiService {
     @Override
     public byte[] PKCS1Sign(Alg alg, byte[] data) {
         byte[] sign = new byte[64];
-        (new Random()).nextBytes( sign );
+        (RandomUtils.getRandom()).nextBytes( sign );
         return sign;
 //        SSPApi api = null;
 //        try {

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/sysconf/cipherunit/controller/ScCipherMachineController.java

@@ -1,230 +1,230 @@
-package com.sunyard.ssp.modules.sysconf.cipherunit.controller;
+//package com.sunyard.ssp.modules.sysconf.cipherunit.controller;
-
+//
-import com.sun.jna.Pointer;
+//import com.sun.jna.Pointer;
-import com.sun.jna.ptr.PointerByReference;
+//import com.sun.jna.ptr.PointerByReference;
-import com.sunyard.chsm.model.entity.ParamConf;
+//import com.sunyard.chsm.model.entity.ParamConf;
-import com.sunyard.ssp.common.Result;
+//import com.sunyard.ssp.common.Result;
-import com.sunyard.ssp.common.annotation.AuditControllerLog;
+//import com.sunyard.ssp.common.annotation.AuditControllerLog;
-import com.sunyard.ssp.common.exception.SspwebException;
+//import com.sunyard.ssp.common.exception.SspwebException;
-import com.sunyard.ssp.modules.jna.CipherJna;
+//import com.sunyard.ssp.modules.jna.CipherJna;
-import com.sunyard.ssp.modules.sysconf.cipherunit.entity.ScCipherMachine;
+//import com.sunyard.ssp.modules.sysconf.cipherunit.entity.ScCipherMachine;
-import com.sunyard.ssp.modules.sysconf.cipherunit.entity.ScCipherMachineVo;
+//import com.sunyard.ssp.modules.sysconf.cipherunit.entity.ScCipherMachineVo;
-import com.sunyard.ssp.modules.sysconf.cipherunit.enums.RetEnum;
+//import com.sunyard.ssp.modules.sysconf.cipherunit.enums.RetEnum;
-import com.sunyard.ssp.modules.sysconf.cipherunit.service.ScCipherMachineService;
+//import com.sunyard.ssp.modules.sysconf.cipherunit.service.ScCipherMachineService;
-import com.sunyard.ssp.modules.sysconf.cipherunit.utils.IniFileUpdater;
+//import com.sunyard.ssp.modules.sysconf.cipherunit.utils.IniFileUpdater;
-import com.sunyard.ssp.modules.sysconf.paramconf.service.IParamConfService;
+//import com.sunyard.ssp.modules.sysconf.paramconf.service.IParamConfService;
-import com.sunyard.ssp.utils.ResultUtil;
+//import com.sunyard.ssp.utils.ResultUtil;
-import io.swagger.annotations.Api;
+//import io.swagger.annotations.Api;
-import io.swagger.annotations.ApiOperation;
+//import io.swagger.annotations.ApiOperation;
-import lombok.extern.slf4j.Slf4j;
+//import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.codec.binary.Hex;
+//import org.apache.commons.codec.binary.Hex;
-import org.springframework.beans.factory.annotation.Autowired;
+//import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Controller;
+//import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.PathVariable;
+//import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.RequestBody;
+//import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
+//import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
+//import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.ResponseBody;
+//import org.springframework.web.bind.annotation.ResponseBody;
-
+//
-
+//
-/**
+///**
- * 密码部件管理控制层
+// * 密码部件管理控制层
- *
+// *
- * @author admin
+// * @author admin
- */
+// */
-@Controller
+//@Controller
-@Slf4j
+//@Slf4j
-@Api(description = "关键密码部件管理接口", tags = "关键密码部件管理")
+//@Api(description = "关键密码部件管理接口", tags = "关键密码部件管理")
-@RequestMapping("/cipherMachine")
+//@RequestMapping("/cipherMachine")
-public class ScCipherMachineController {
+//public class ScCipherMachineController {
-    @Autowired
+//    @Autowired
-    private ScCipherMachineService scCipherMachineService;
+//    private ScCipherMachineService scCipherMachineService;
-
+//
-    @Autowired
+//    @Autowired
-    private IParamConfService iParamConfService;
+//    private IParamConfService iParamConfService;
-
+//
-//    @ControllerLog("获取关键密码部件部件")
+////    @ControllerLog("获取关键密码部件部件")
-    @RequestMapping(value = "/query", method = RequestMethod.GET)
+//    @RequestMapping(value = "/query", method = RequestMethod.GET)
-    @ResponseBody
+//    @ResponseBody
-    @ApiOperation(value = "获取关键密码部件部件")
+//    @ApiOperation(value = "获取关键密码部件部件")
-    public Result<ScCipherMachineVo> queryCipherMachine() {
+//    public Result<ScCipherMachineVo> queryCipherMachine() {
-        log.info("get请求 /cipherMachine/query接口");
+//        log.info("get请求 /cipherMachine/query接口");
-        ScCipherMachineVo scCipherMachineVo = scCipherMachineService.queryCipherMachine();
+//        ScCipherMachineVo scCipherMachineVo = scCipherMachineService.queryCipherMachine();
-        log.info("获取密码部件功能响应结果：{}", scCipherMachineVo);
+//        log.info("获取密码部件功能响应结果：{}", scCipherMachineVo);
-        return new ResultUtil<ScCipherMachineVo>().setData(scCipherMachineVo);
+//        return new ResultUtil<ScCipherMachineVo>().setData(scCipherMachineVo);
-    }
+//    }
-
+//
-//    @ControllerLog("添加关键密码部件配置")
+////    @ControllerLog("添加关键密码部件配置")
-    @RequestMapping(value = "/add", method = RequestMethod.POST)
+//    @RequestMapping(value = "/add", method = RequestMethod.POST)
-    @AuditControllerLog(description = "添加关键密码部件配置",operateType = "增加")
+//    @AuditControllerLog(description = "添加关键密码部件配置",operateType = "增加")
-    @ResponseBody
+//    @ResponseBody
-    @ApiOperation(value = "添加关键密码部件配置")
+//    @ApiOperation(value = "添加关键密码部件配置")
-    public Result<Object> addCipherMachine(@RequestBody ScCipherMachine scCipherMachine) {
+//    public Result<Object> addCipherMachine(@RequestBody ScCipherMachine scCipherMachine) {
-        try {
+//        try {
-            ScCipherMachine scCipherMachineVo = scCipherMachineService.addCipherMachine(scCipherMachine);
+//            ScCipherMachine scCipherMachineVo = scCipherMachineService.addCipherMachine(scCipherMachine);
-            IniFileUpdater.updateIniFile(scCipherMachine.getIp(),(String) scCipherMachine.getPort());
+//            IniFileUpdater.updateIniFile(scCipherMachine.getIp(),(String) scCipherMachine.getPort());
-            return new ResultUtil<>().setData(scCipherMachineVo);
+//            return new ResultUtil<>().setData(scCipherMachineVo);
-        } catch (SspwebException e) {
+//        } catch (SspwebException e) {
-            return new ResultUtil<Object>().setErrorMsg(e.getMsg());
+//            return new ResultUtil<Object>().setErrorMsg(e.getMsg());
-        }
+//        }
-    }
+//    }
-//    @ControllerLog("检测")
+////    @ControllerLog("检测")
-    @RequestMapping(value = "/detection", method = RequestMethod.POST)
+//    @RequestMapping(value = "/detection", method = RequestMethod.POST)
-    @ResponseBody
+//    @ResponseBody
-    @ApiOperation(value = "检测")
+//    @ApiOperation(value = "检测")
-    public Result<Object> detection() {
+//    public Result<Object> detection() {
-        int size = 16;
+//        int size = 16;
-        PointerByReference phDeviceHandle = new PointerByReference();
+//        PointerByReference phDeviceHandle = new PointerByReference();
-        PointerByReference phSessionHandle = new PointerByReference();
+//        PointerByReference phSessionHandle = new PointerByReference();
-        int code = RetEnum.SUCCESS.getCode();
+//        int code = RetEnum.SUCCESS.getCode();
-        try {
+//        try {
-
+//
-            // 打开设备
-            int ret = CipherJna.INSTANCE.SDF_OpenDevice(phDeviceHandle);
-            if (ret != code) {
-                return new ResultUtil<Object>().setErrorMsg(ret, "打开设备失败，密码模块初始化失败");
-            }
-            Pointer hDeviceHandle = phDeviceHandle.getValue();
-            // 打开会话
-            ret = CipherJna.INSTANCE.SDF_OpenSession(hDeviceHandle, phSessionHandle);
-            if (ret != code) {
-                return new ResultUtil<Object>().setErrorMsg(ret, "打开会话失败，密码模块初始化失败");
-            }
-            byte[] nakedSign = new byte[size];
-            // 生成随机数
-            ret = CipherJna.INSTANCE.SDF_GenerateRandom(phSessionHandle.getValue(), 16, nakedSign);
-            if (ret != code) {
-                return new ResultUtil<Object>().setErrorMsg(ret, "生成随机数失败，密码模块初始化失败");
-            }
-            // 返回结果
-            String result = Hex.encodeHexString(nakedSign);
-            log.info("检测功能响应结果：{}", result);
-            return new ResultUtil<>().setData(result);
-        } catch (SspwebException e) {
-            return new ResultUtil<Object>().setErrorMsg(e.getMsg());
-        } catch (Throwable e) {
-            log.error("检测异常：" + e);
-            return new ResultUtil<Object>().setErrorMsg("密码模块初始化失败");
-        } finally {
-            // 关闭会话
-            if (phSessionHandle.getValue() != null) {
-                int ret = CipherJna.INSTANCE.SDF_CloseSession(phSessionHandle.getValue());
-                if (ret != code) {
-                    log.error("关闭会话失败：{}", ret);
-                }
-            }
-            // 关闭设备
-            if (phDeviceHandle.getValue() != null) {
-                int ret = CipherJna.INSTANCE.SDF_CloseDevice(phDeviceHandle.getValue());
-                if (ret != code) {
-                    log.error("关闭设备失败：{}", ret);
-                }
-            }
-        }
-    }
-
-//    @ControllerLog("密码模块初始化")
-    @RequestMapping(value = "/init", method = RequestMethod.POST)
-    @ResponseBody
-    @ApiOperation(value = "密码模块初始化")
-    public Result<Object> init() {
-        int size = 16;
-        PointerByReference phDeviceHandle = new PointerByReference();
-        PointerByReference phSessionHandle = new PointerByReference();
-        int code = RetEnum.SUCCESS.getCode();
-        try {
-
 //            // 打开设备
 //            int ret = CipherJna.INSTANCE.SDF_OpenDevice(phDeviceHandle);
 //            if (ret != code) {
-//                return new ResultUtil<Object>().setErrorMsg(ret, "打开设备失败");
+//                return new ResultUtil<Object>().setErrorMsg(ret, "打开设备失败，密码模块初始化失败");
 //            }
 //            Pointer hDeviceHandle = phDeviceHandle.getValue();
 //            // 打开会话
 //            ret = CipherJna.INSTANCE.SDF_OpenSession(hDeviceHandle, phSessionHandle);
 //            if (ret != code) {
-//                return new ResultUtil<Object>().setErrorMsg(ret, "打开会话失败");
+//                return new ResultUtil<Object>().setErrorMsg(ret, "打开会话失败，密码模块初始化失败");
 //            }
 //            byte[] nakedSign = new byte[size];
 //            // 生成随机数
 //            ret = CipherJna.INSTANCE.SDF_GenerateRandom(phSessionHandle.getValue(), 16, nakedSign);
 //            if (ret != code) {
-//                return new ResultUtil<Object>().setErrorMsg(ret, "生成随机数失败");
+//                return new ResultUtil<Object>().setErrorMsg(ret, "生成随机数失败，密码模块初始化失败");
 //            }
 //            // 返回结果
-//            String result = Util.bytes2HexString(nakedSign);
+//            String result = Hex.encodeHexString(nakedSign);
 //            log.info("检测功能响应结果：{}", result);
-            ParamConf paramConf = iParamConfService.selectByKey("initStatus");
+//            return new ResultUtil<>().setData(result);
-            if (paramConf != null) {
+//        } catch (SspwebException e) {
-                paramConf.setValue("1");
+//            return new ResultUtil<Object>().setErrorMsg(e.getMsg());
-                iParamConfService.updateById(paramConf);
+//        } catch (Throwable e) {
-            }
+//            log.error("检测异常：" + e);
-            return new ResultUtil<>().setSuccessMsg("初始化成功");
+//            return new ResultUtil<Object>().setErrorMsg("密码模块初始化失败");
-        } catch (SspwebException e) {
+//        } finally {
-            return new ResultUtil<Object>().setErrorMsg(e.getMsg());
+//            // 关闭会话
-        } catch (Throwable e) {
+//            if (phSessionHandle.getValue() != null) {
-            log.error("检测异常：" + e);
+//                int ret = CipherJna.INSTANCE.SDF_CloseSession(phSessionHandle.getValue());
-            return new ResultUtil<Object>().setErrorMsg("检测失败");
+//                if (ret != code) {
-        } finally {
+//                    log.error("关闭会话失败：{}", ret);
-            // 关闭会话
+//                }
-            if (phSessionHandle.getValue() != null) {
+//            }
-                int ret = CipherJna.INSTANCE.SDF_CloseSession(phSessionHandle.getValue());
+//            // 关闭设备
-                if (ret != code) {
+//            if (phDeviceHandle.getValue() != null) {
-                    log.error("关闭会话失败：{}", ret);
+//                int ret = CipherJna.INSTANCE.SDF_CloseDevice(phDeviceHandle.getValue());
-                }
+//                if (ret != code) {
-            }
+//                    log.error("关闭设备失败：{}", ret);
-            // 关闭设备
+//                }
-            if (phDeviceHandle.getValue() != null) {
+//            }
-                int ret = CipherJna.INSTANCE.SDF_CloseDevice(phDeviceHandle.getValue());
+//        }
-                if (ret != code) {
+//    }
-                    log.error("关闭设备失败：{}", ret);
+//
-                }
+////    @ControllerLog("密码模块初始化")
-            }
+//    @RequestMapping(value = "/init", method = RequestMethod.POST)
-        }
+//    @ResponseBody
-    }
+//    @ApiOperation(value = "密码模块初始化")
-
+//    public Result<Object> init() {
-//    @ControllerLog("密码模块初始化状态获取")
+//        int size = 16;
-    @RequestMapping(value = "/init/status", method = RequestMethod.GET)
+//        PointerByReference phDeviceHandle = new PointerByReference();
-    @ResponseBody
+//        PointerByReference phSessionHandle = new PointerByReference();
-    @ApiOperation(value = "密码模块初始化状态获取")
+//        int code = RetEnum.SUCCESS.getCode();
-    public Result<Object> initStatus() {
+//        try {
-        ParamConf paramConf = iParamConfService.selectByKey("initStatus");
+//
-        if (paramConf != null) {
+////            // 打开设备
-            return new ResultUtil<>().setData(paramConf.getValue());
+////            int ret = CipherJna.INSTANCE.SDF_OpenDevice(phDeviceHandle);
-        } else {
+////            if (ret != code) {
-            return new ResultUtil<>().setErrorMsg("获取初始化状态失败");
+////                return new ResultUtil<Object>().setErrorMsg(ret, "打开设备失败");
-        }
+////            }
-    }
+////            Pointer hDeviceHandle = phDeviceHandle.getValue();
-
+////            // 打开会话
-
+////            ret = CipherJna.INSTANCE.SDF_OpenSession(hDeviceHandle, phSessionHandle);
-//    @ControllerLog("编辑关键密码部件配置")
+////            if (ret != code) {
-    @RequestMapping(value = "/edit", method = RequestMethod.PUT)
+////                return new ResultUtil<Object>().setErrorMsg(ret, "打开会话失败");
-    @AuditControllerLog(description = "编辑关键密码部件配置",operateType = "修改")
+////            }
-    @ResponseBody
+////            byte[] nakedSign = new byte[size];
-    @ApiOperation(value = "编辑关键密码部件配置")
+////            // 生成随机数
-    public Result<Object> editCipherMachine(@RequestBody ScCipherMachine scCipherMachine) {
+////            ret = CipherJna.INSTANCE.SDF_GenerateRandom(phSessionHandle.getValue(), 16, nakedSign);
-        try {
+////            if (ret != code) {
-            log.info("put请求 /cipherMachine/edit 请求参数：{}", scCipherMachine);
+////                return new ResultUtil<Object>().setErrorMsg(ret, "生成随机数失败");
-            ScCipherMachine scCipherMachineVo = scCipherMachineService.editCipherMachine(scCipherMachine);
+////            }
-            log.info("编辑关键密码部件功能响应结果：{}", scCipherMachineVo);
+////            // 返回结果
-            IniFileUpdater.updateIniFile(scCipherMachine.getIp(),(String) scCipherMachine.getPort());
+////            String result = Util.bytes2HexString(nakedSign);
-            return new ResultUtil<>().setData(scCipherMachineVo);
+////            log.info("检测功能响应结果：{}", result);
-        } catch (SspwebException e) {
+//            ParamConf paramConf = iParamConfService.selectByKey("initStatus");
-            return new ResultUtil<Object>().setErrorMsg(e.getMsg());
+//            if (paramConf != null) {
-        }
+//                paramConf.setValue("1");
-    }
+//                iParamConfService.updateById(paramConf);
-//    @ControllerLog("删除关键密码部件配置")
+//            }
-    @RequestMapping(value = "/delete/{id}", method = RequestMethod.DELETE)
+//            return new ResultUtil<>().setSuccessMsg("初始化成功");
-    @AuditControllerLog(description = "删除关键密码部件配置",operateType = "删除")
+//        } catch (SspwebException e) {
-    @ResponseBody
+//            return new ResultUtil<Object>().setErrorMsg(e.getMsg());
-    @ApiOperation(value = "删除关键密码部件配置")
+//        } catch (Throwable e) {
-    public Result<Object> deleteCipherMachine(@PathVariable("id") Long id) {
+//            log.error("检测异常：" + e);
-        try {
+//            return new ResultUtil<Object>().setErrorMsg("检测失败");
-            log.info("delete请求 /cipherMachine/delete 请求参数：{}", id);
+//        } finally {
-            scCipherMachineService.deleteCipherMachine(id);
+//            // 关闭会话
-            return new ResultUtil<>().setData(null);
+//            if (phSessionHandle.getValue() != null) {
-        } catch (SspwebException e) {
+//                int ret = CipherJna.INSTANCE.SDF_CloseSession(phSessionHandle.getValue());
-            return new ResultUtil<Object>().setErrorMsg(e.getMsg());
+//                if (ret != code) {
-        }
+//                    log.error("关闭会话失败：{}", ret);
-    }
+//                }
-}
+//            }
+//            // 关闭设备
+//            if (phDeviceHandle.getValue() != null) {
+//                int ret = CipherJna.INSTANCE.SDF_CloseDevice(phDeviceHandle.getValue());
+//                if (ret != code) {
+//                    log.error("关闭设备失败：{}", ret);
+//                }
+//            }
+//        }
+//    }
+//
+////    @ControllerLog("密码模块初始化状态获取")
+//    @RequestMapping(value = "/init/status", method = RequestMethod.GET)
+//    @ResponseBody
+//    @ApiOperation(value = "密码模块初始化状态获取")
+//    public Result<Object> initStatus() {
+//        ParamConf paramConf = iParamConfService.selectByKey("initStatus");
+//        if (paramConf != null) {
+//            return new ResultUtil<>().setData(paramConf.getValue());
+//        } else {
+//            return new ResultUtil<>().setErrorMsg("获取初始化状态失败");
+//        }
+//    }
+//
+//
+////    @ControllerLog("编辑关键密码部件配置")
+//    @RequestMapping(value = "/edit", method = RequestMethod.PUT)
+//    @AuditControllerLog(description = "编辑关键密码部件配置",operateType = "修改")
+//    @ResponseBody
+//    @ApiOperation(value = "编辑关键密码部件配置")
+//    public Result<Object> editCipherMachine(@RequestBody ScCipherMachine scCipherMachine) {
+//        try {
+//            log.info("put请求 /cipherMachine/edit 请求参数：{}", scCipherMachine);
+//            ScCipherMachine scCipherMachineVo = scCipherMachineService.editCipherMachine(scCipherMachine);
+//            log.info("编辑关键密码部件功能响应结果：{}", scCipherMachineVo);
+//            IniFileUpdater.updateIniFile(scCipherMachine.getIp(),(String) scCipherMachine.getPort());
+//            return new ResultUtil<>().setData(scCipherMachineVo);
+//        } catch (SspwebException e) {
+//            return new ResultUtil<Object>().setErrorMsg(e.getMsg());
+//        }
+//    }
+////    @ControllerLog("删除关键密码部件配置")
+//    @RequestMapping(value = "/delete/{id}", method = RequestMethod.DELETE)
+//    @AuditControllerLog(description = "删除关键密码部件配置",operateType = "删除")
+//    @ResponseBody
+//    @ApiOperation(value = "删除关键密码部件配置")
+//    public Result<Object> deleteCipherMachine(@PathVariable("id") Long id) {
+//        try {
+//            log.info("delete请求 /cipherMachine/delete 请求参数：{}", id);
+//            scCipherMachineService.deleteCipherMachine(id);
+//            return new ResultUtil<>().setData(null);
+//        } catch (SspwebException e) {
+//            return new ResultUtil<Object>().setErrorMsg(e.getMsg());
+//        }
+//    }
+//}

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/sysconf/cipherunit/controller/StatusController.java

@@ -9,6 +9,8 @@ import io.swagger.annotations.ApiOperation;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -22,6 +24,11 @@ public class StatusController {
     @Autowired
     IParamConfService iParamConfService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
 //    @ControllerLog("获取全局密码模块状态")
     @RequestMapping(value = "/query", method = RequestMethod.GET)
     @ResponseBody

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/sysconf/dict/controller/ScDictController.java

@@ -20,6 +20,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.dao.DuplicateKeyException;
 import org.springframework.stereotype.Controller;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -50,6 +52,11 @@ public class ScDictController {
     @Autowired
     IScDictDataService iScDictDataService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     @RequestMapping(value = "/search", method = RequestMethod.GET)
     @ResponseBody
     @ApiOperation("根据字典关键字查询")

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/sysconf/dict/controller/ScDictDataController.java

@@ -18,6 +18,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.dao.DuplicateKeyException;
 import org.springframework.stereotype.Controller;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -51,6 +53,11 @@ public class ScDictDataController {
     @Autowired
     IScDictService iScDictService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     @RequestMapping(value = "/getById",method = RequestMethod.GET)
     @ResponseBody
     @ApiOperation("根据Id获取字典数据")

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/sysconf/paramconf/controller/ParamConfController.java

@@ -12,6 +12,8 @@ import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -39,7 +41,10 @@ public class ParamConfController {
     @Autowired
     IParamConfService iParamConfService;
 
-
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
 
 
     @RequestMapping(value = "/getAll",method = RequestMethod.GET)

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/user/controller/ScDepartmentController.java

@@ -81,6 +81,7 @@ public class ScDepartmentController {
     @InitBinder(value = ValidatorConstant.DEPARTMENT_BASE_NAME)
     public void initBainder(DataBinder binder){
         binder.replaceValidators(departmentValidator);
+        binder.setDisallowedFields("qwer");
     }
 
     @RequestMapping(value = "/getByParentId/{parentId}",method = RequestMethod.GET)

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/user/controller/ScDepartmentHeaderController.java

@@ -12,6 +12,8 @@ import com.sunyard.ssp.utils.ResultUtil;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -38,6 +40,11 @@ public class ScDepartmentHeaderController {
     @Autowired
     IScDepartmentHeaderService iScDepartmentHeaderService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     @RequestMapping(value = "/getById",method = RequestMethod.GET)
     @ResponseBody
     public Result<ScDepartmentHeader> get(@RequestParam String id){

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/user/controller/ScPermissionController.java

@@ -99,6 +99,7 @@ public class ScPermissionController {
     @InitBinder(ValidatorConstant.PERMISSION_BASE_NAME)
     public void initBainder(DataBinder binder){
         binder.addValidators(permissionValidator);
+        binder.setDisallowedFields("qwer");
     }
 
     @RequestMapping(value = "/getById",method = RequestMethod.GET)

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/user/controller/ScPositionController.java

@@ -63,6 +63,7 @@ public class ScPositionController {
     @InitBinder(ValidatorConstant.POSTION_BASE_NAME)
     public void initBainder(DataBinder binder){
         binder.replaceValidators(positionValidator);
+        binder.setDisallowedFields("qwer");
     }
 
     @RequestMapping(value = "/getById",method = RequestMethod.GET)

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/user/controller/ScRoleController.java

@@ -70,6 +70,7 @@ public class ScRoleController {
     @InitBinder(ValidatorConstant.ROLE_BASE_NAME)
     public void initBainder(DataBinder binder){
         binder.replaceValidators(roleValidator);
+        binder.setDisallowedFields("qwer");
     }
 
     @RequestMapping(value = "/getAllList",method = RequestMethod.GET)

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/user/controller/ScRoleDepartmentController.java

@@ -12,6 +12,8 @@ import com.sunyard.ssp.utils.ResultUtil;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -38,6 +40,11 @@ public class ScRoleDepartmentController {
     @Autowired
     IScRoleDepartmentService iScRoleDepartmentService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     @RequestMapping(value = "/getById",method = RequestMethod.GET)
     @ResponseBody
     public Result<ScRoleDepartment> get(@RequestParam String id){

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/user/controller/ScRolePermissionController.java

@@ -12,6 +12,8 @@ import com.sunyard.ssp.utils.ResultUtil;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -37,7 +39,10 @@ public class ScRolePermissionController {
 
     @Autowired
     IScRolePermissionService iScRolePermissionService;
-
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
     @RequestMapping(value = "/getById",method = RequestMethod.GET)
     @ResponseBody
     public Result<ScRolePermission> get(@RequestParam String id){

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/user/controller/ScUShieldController.java

@@ -38,6 +38,8 @@ import org.springframework.http.ResponseEntity;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.Assert;
 import org.springframework.util.FileCopyUtils;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -89,6 +91,11 @@ public class ScUShieldController {
     @Autowired
     private IAuditLogService auditLogService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     @RequestMapping(value = "/ulogin", method = RequestMethod.POST)
     @ResponseBody
     @ApiOperation(value = "U盾登录接口")
@@ -153,12 +160,12 @@ public class ScUShieldController {
             }
 
             //查询账户绑定U盾公钥
-            ScUser user = userService.getById(userId);
+            ScUser user = userService.getById(sysUser.getId());
             if (uname == null) {
                 uname = user.getUsername();
             }
             //查询用户角色id集合
-            List<ScRole> roles = iScUserRoleService.findByUserId(userId);
+            List<ScRole> roles = iScUserRoleService.findByUserId(sysUser.getId());
             List<Long> roldIds = new ArrayList<>();
             if (null != roles && roles.size() > 0) {
                 roldIds = roles.stream().map(ScRole::getId).collect(Collectors.toList());
@@ -273,7 +280,7 @@ public class ScUShieldController {
         }
 
         //查询用户角色id集合
-        List<ScRole> roles = iScUserRoleService.findByUserId(userId);
+        List<ScRole> roles = iScUserRoleService.findByUserId(user.getId());
 
         List<Long> roldIds = new ArrayList<>();
         if (null != roles && roles.size() > 0) {
@@ -329,7 +336,7 @@ public class ScUShieldController {
             }
 
             //查询用户角色id集合
-            List<ScRole> roles = iScUserRoleService.findByUserId(userId);
+            List<ScRole> roles = iScUserRoleService.findByUserId(user.getId());
 
             List<Long> roldIds = new ArrayList<>();
             if (null != roles && roles.size() > 0) {

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/user/controller/ScUserController.java

@@ -105,7 +105,10 @@ public class ScUserController {
 
     @Autowired
     IScRoleService roleService;
-
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
 
     @RequestMapping(value = "/info",method = RequestMethod.GET)
     public Result<ScUser> getUserInfo(){

chsm-web-manage/src/main/java/com/sunyard/ssp/modules/user/controller/ScUserRoleController.java

@@ -12,6 +12,8 @@ import com.sunyard.ssp.utils.ResultUtil;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -37,6 +39,10 @@ public class ScUserRoleController {
 
     @Autowired
     IScUserRoleService iScUserRoleService;
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
 
     @RequestMapping(value = "/getById",method = RequestMethod.GET)
     @ResponseBody

chsm-web-manage/src/main/java/com/sunyard/ssp/utils/CreateVerifyCode.java

@@ -5,7 +5,7 @@ import java.awt.*;
 import java.awt.image.BufferedImage;
 import java.io.IOException;
 import java.io.OutputStream;
-import java.util.Random;
+import java.security.SecureRandom;
 
 /**
  * 随机字符验证码生成工具类
@@ -38,7 +38,7 @@ public class CreateVerifyCode {
      */
     private BufferedImage buffImg = null;
 
-    Random random = new Random();
+    SecureRandom random = RandomUtils.getRandom();
 
     public CreateVerifyCode() {
         creatImage();
@@ -194,7 +194,7 @@ public class CreateVerifyCode {
         int len = str1.length() - 1;
         double r;
         for (int i = 0; i < n; i++) {
-            r = (Math.random()) * len;
+            r = (random.nextDouble()) * len;
             str2 = str2 + str1.charAt((int) r);
         }
         return str2;
@@ -224,7 +224,7 @@ public class CreateVerifyCode {
      * 产生随机字体
      */
     private Font getFont(int size) {
-        Random random = new Random();
+        SecureRandom random = RandomUtils.getRandom();
         Font[] font = new Font[5];
         font[0] = new Font("Ravie", Font.PLAIN, size);
         font[1] = new Font("Antique Olive Compact", Font.PLAIN, size);
@@ -305,7 +305,7 @@ public class CreateVerifyCode {
      */
     public String getRandomNum() {
 
-        Random random = new Random();
+        SecureRandom random = RandomUtils.getRandom();
         int num = random.nextInt(999999);
         //不足六位前面补0
         String str = String.format("%06d", num);

chsm-web-manage/src/main/java/com/sunyard/ssp/utils/FileUtil.java

@@ -1,187 +0,0 @@
-package com.sunyard.ssp.utils;
-
-import cn.hutool.core.date.DateUtil;
-import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.codec.digest.DigestUtils;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.stereotype.Component;
-import org.springframework.web.multipart.MultipartFile;
-
-import javax.servlet.http.HttpServletResponse;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.OutputStream;
-
-/**
- * @author:tsz
- * @date:2020/3/6
- * @description:
- */
-@Component
-@Slf4j
-public class FileUtil {
-
-    @Value("${file.path}")
-    private String filePath;
-
-    /**
-     * 文件路径上传完整路径
-     *
-     * @param file
-     * @return
-     */
-    public String localUpload(MultipartFile file) {
-
-        String key = CommonUtil.renamePic(file.getOriginalFilename());
-        String day = DateUtil.format(DateUtil.date(), "yyyyMMdd");
-        String path = filePath + "/" + day;
-        File dir = new File(path);
-        if (!dir.exists()) {
-            dir.mkdirs();
-        }
-        File f = new File(path + "/" + key);
-        if (f.exists()) {
-            throw new RuntimeException("文件名已存在");
-        }
-        try {
-            file.transferTo(f);
-            return path + "/" + key;
-        } catch (IOException e) {
-            log.error(e.toString());
-            throw new RuntimeException("上传文件出错");
-        }
-    }
-
-    /**
-     * 文件路径上传只返回文件名
-     *
-     * @param file
-     * @return
-     */
-    public String upload(MultipartFile file) throws IOException {
-        try {
-            //String key = Md5Util.md5HashCode(file.getInputStream()) +"_"+ file.getOriginalFilename();
-            String key = file.getOriginalFilename();
-            String s = Md5Util.little16MD5a(DigestUtils.md5Hex(file.getInputStream()));
-            String path = filePath + "/" + s;
-            File dir = new File(path);
-            if (!dir.exists()) {
-                dir.mkdirs();
-            }
-            File f = new File(path + "/" + key);
-            //如果文件已经存在直接返回文件名证明快速上传了
-            if (f.exists()) {
-                return s + "/" +key;
-            }
-            file.transferTo(f);
-            key = s + "/"+ key;
-            return key;
-        } catch (IOException e) {
-            e.printStackTrace();
-            log.error(e.toString());
-            throw new RuntimeException("上传文件出错");
-        }
-    }
-
-    /**
-     * 读取文件
-     *
-     * @param url
-     * @param response
-     */
-    public void view(String url, HttpServletResponse response) {
-
-        File file = new File(url);
-        FileInputStream i = null;
-        OutputStream o = null;
-
-        try {
-            i = new FileInputStream(file);
-            o = response.getOutputStream();
-
-            byte[] buf = new byte[1024];
-            int bytesRead;
-
-            while ((bytesRead = i.read(buf)) > 0) {
-                o.write(buf, 0, bytesRead);
-                o.flush();
-            }
-
-            i.close();
-            o.close();
-        } catch (IOException e) {
-            log.error(e.toString());
-            throw new RuntimeException("读取文件出错");
-        }
-    }
-
-    /**
-     * 重命名
-     *
-     * @param url
-     * @param toKey
-     * @return
-     */
-    public String renameFile(String url, String toKey) {
-
-        String result = copyFile(url, toKey);
-        deleteFile(url);
-        return result;
-    }
-
-    /**
-     * 复制文件
-     *
-     * @param url
-     * @param toKey
-     */
-    public String copyFile(String url, String toKey) {
-
-        File file = new File(url);
-        FileInputStream i = null;
-        FileOutputStream o = null;
-
-        try {
-            i = new FileInputStream(file);
-            o = new FileOutputStream(new File(file.getParentFile() + "/" + toKey));
-
-            byte[] buf = new byte[1024];
-            int bytesRead;
-
-            while ((bytesRead = i.read(buf)) > 0) {
-                o.write(buf, 0, bytesRead);
-            }
-
-            i.close();
-            o.close();
-            return file.getParentFile() + "/" + toKey;
-        } catch (IOException e) {
-            log.error(e.toString());
-            throw new RuntimeException("复制文件出错");
-        }
-    }
-
-    /**
-     * 删除文件
-     *
-     * @param url
-     */
-    public void deleteFile(String url) {
-
-        File file = new File(url);
-        file.delete();
-    }
-
-    /**
-     * 删除文件
-     *
-     * @param url
-     */
-    public void deleteFileName(String url) {
-
-        File file = new File(filePath + "/" + url);
-        file.delete();
-    }
-}

chsm-web-manage/src/main/java/com/sunyard/ssp/utils/RandomUtils.java

@@ -0,0 +1,23 @@
+package com.sunyard.ssp.utils;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+/**
+ * @author liulu
+ * @since 2025/1/14
+ */
+public abstract class RandomUtils {
+
+
+
+    public static SecureRandom getRandom() {
+        try {
+            return SecureRandom.getInstance("SHA1PRNG");
+        } catch (NoSuchAlgorithmException e) {
+            throw new IllegalArgumentException(e);
+        }
+    }
+
+
+}

chsm-web-manage/src/main/java/com/sunyard/ssp/utils/regexp/model/OptionalRegexNode.java

@@ -1,12 +1,12 @@
 package com.sunyard.ssp.utils.regexp.model;
 
+import com.sunyard.ssp.utils.RandomUtils;
 import com.sunyard.ssp.utils.regexp.exception.RegexpIllegalException;
 import com.sunyard.ssp.utils.regexp.exception.TypeNotMatchException;
 import com.sunyard.ssp.utils.regexp.exception.UninitializedException;
 
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Random;
 
 public class OptionalRegexNode extends BaseRegexNode {
 
@@ -50,6 +50,6 @@ public class OptionalRegexNode extends BaseRegexNode {
     @Override
     protected String random(String expression, List<String> expressionFragments)
             throws UninitializedException, RegexpIllegalException {
-        return children.get(new Random().nextInt(children.size())).random();
+        return children.get(RandomUtils.getRandom().nextInt(children.size())).random();
     }
 }

chsm-web-manage/src/main/java/com/sunyard/ssp/utils/regexp/model/RepeatRegexNode.java

@@ -1,12 +1,12 @@
 package com.sunyard.ssp.utils.regexp.model;
 
+import com.sunyard.ssp.utils.RandomUtils;
 import com.sunyard.ssp.utils.regexp.exception.RegexpIllegalException;
 import com.sunyard.ssp.utils.regexp.exception.TypeNotMatchException;
 import com.sunyard.ssp.utils.regexp.exception.UninitializedException;
 
 import java.util.Collections;
 import java.util.List;
-import java.util.Random;
 
 public class RepeatRegexNode extends BaseRegexNode {
 
@@ -63,7 +63,7 @@ public class RepeatRegexNode extends BaseRegexNode {
     @Override
     protected String random(String expression, List<String> expressionFragments)
             throws RegexpIllegalException, UninitializedException {
-        int repeat = new Random().nextInt(maxRepeat - minRepeat + 1) + minRepeat;
+        int repeat = RandomUtils.getRandom().nextInt(maxRepeat - minRepeat + 1) + minRepeat;
         StringBuilder value = new StringBuilder();
         while (repeat-- > 0) {
             value.append(regexNode.random());

chsm-web-manage/src/main/java/com/sunyard/ssp/utils/regexp/model/SingleRegexNode.java

@@ -1,12 +1,12 @@
 package com.sunyard.ssp.utils.regexp.model;
 
+import com.sunyard.ssp.utils.RandomUtils;
 import com.sunyard.ssp.utils.regexp.exception.RegexpIllegalException;
 import com.sunyard.ssp.utils.regexp.exception.TypeNotMatchException;
 import com.sunyard.ssp.utils.regexp.exception.UninitializedException;
 
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Random;
 
 public class SingleRegexNode extends BaseRegexNode {
 
@@ -114,7 +114,7 @@ public class SingleRegexNode extends BaseRegexNode {
         for (Interval interval : intervals) {
             count += interval.end + 1 - interval.start;
         }
-        int randomValue = new Random().nextInt(count);
+        int randomValue = RandomUtils.getRandom().nextInt(count);
         for (Interval interval : intervals) {
             if (randomValue < interval.end + 1 - interval.start) {
                 return (char) (interval.start + randomValue);

chsm-web-server/src/main/java/com/sunyard/chsm/controller/AppLoginController.java

@@ -4,6 +4,8 @@ import com.sunyard.chsm.model.R;
 import com.sunyard.chsm.param.AppTokenReq;
 import com.sunyard.chsm.param.AppTokenResp;
 import com.sunyard.chsm.service.AppLoginService;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -26,6 +28,10 @@ public class AppLoginController {
     @Resource
     private AppLoginService appLoginService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
 
     /**
      * 获取应用Token接口

chsm-web-server/src/main/java/com/sunyard/chsm/controller/AsymKeyController.java

@@ -3,9 +3,27 @@ package com.sunyard.chsm.controller;
 import com.sunyard.chsm.auth.AuthCode;
 import com.sunyard.chsm.constant.AuthCodeConst;
 import com.sunyard.chsm.model.R;
-import com.sunyard.chsm.param.*;
+import com.sunyard.chsm.param.AsymDecryptReq;
+import com.sunyard.chsm.param.AsymDecryptResp;
+import com.sunyard.chsm.param.AsymEncryptReq;
+import com.sunyard.chsm.param.AsymEncryptResp;
+import com.sunyard.chsm.param.AsymEnvelopeSealReq;
+import com.sunyard.chsm.param.AsymEnvelopeSealResp;
+import com.sunyard.chsm.param.AsymEnvelopeUnsealReq;
+import com.sunyard.chsm.param.AsymEnvelopeUnsealResp;
+import com.sunyard.chsm.param.AsymSignP7Req;
+import com.sunyard.chsm.param.AsymSignP7Resp;
+import com.sunyard.chsm.param.AsymSignRawReq;
+import com.sunyard.chsm.param.AsymSignRawResp;
+import com.sunyard.chsm.param.AsymVerifyP7Req;
+import com.sunyard.chsm.param.AsymVerifyRawReq;
+import com.sunyard.chsm.param.ExportPubKeyReq;
+import com.sunyard.chsm.param.ExportPubKeyResp;
+import com.sunyard.chsm.param.VerifyResp;
 import com.sunyard.chsm.service.AsymKeyService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -26,6 +44,11 @@ public class AsymKeyController {
     @Autowired
     private AsymKeyService asymKeyService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     /**
      * 导出非对称公钥
      *

chsm-web-server/src/main/java/com/sunyard/chsm/controller/CertController.java

@@ -3,11 +3,23 @@ package com.sunyard.chsm.controller;
 
 import com.sunyard.chsm.model.R;
 import com.sunyard.chsm.model.dto.CertDTO;
-import com.sunyard.chsm.param.*;
+import com.sunyard.chsm.param.CertExinfoResp;
+import com.sunyard.chsm.param.CertInfoResp;
+import com.sunyard.chsm.param.ExportCertReq;
+import com.sunyard.chsm.param.ExportCertResp;
+import com.sunyard.chsm.param.ImportCertReq;
 import com.sunyard.chsm.service.AppCertService;
 import com.sunyard.chsm.service.CertService;
 import org.springframework.beans.BeanUtils;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.InitBinder;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
 
 import javax.annotation.Resource;
 import javax.validation.Valid;
@@ -27,6 +39,11 @@ public class CertController {
     @Resource
     private CertService certService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     /**
      * 导出证书
      *

chsm-web-server/src/main/java/com/sunyard/chsm/controller/HashController.java

@@ -14,6 +14,8 @@ import com.sunyard.chsm.sdf.context.AlgId;
 import com.sunyard.chsm.sdf.model.EccPubKey;
 import com.sunyard.chsm.utils.CodecUtils;
 import org.springframework.util.Assert;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
@@ -40,6 +42,11 @@ public class HashController {
     @Resource
     private DeviceManager deviceManager;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     /**
      * 计算Hash
      *
@@ -118,7 +125,7 @@ public class HashController {
         SdfApiAdapter sdf = context.getSdfApiAdapter();
         sdf.hashUpdate(context.getSessionHandle(), bytes);
         HashResp resp = new HashResp();
-        resp.setHandle(req.getHandle());
+//        resp.setHandle(req.getHandle());
         return R.data(resp);
     }
 
@@ -139,7 +146,7 @@ public class HashController {
         byte[] hash = sdf.hashFinish(context.getSessionHandle());
         sdf.closeSession(context.getSessionHandle());
         HashResp resp = new HashResp();
-        resp.setHandle(req.getHandle());
+//        resp.setHandle(req.getHandle());
         resp.setHash(CodecUtils.encodeBase64(hash));
         return R.data(resp);
     }

chsm-web-server/src/main/java/com/sunyard/chsm/controller/KeyManageController.java

@@ -11,6 +11,8 @@ import com.sunyard.chsm.param.KeyManageReq;
 import com.sunyard.chsm.param.KeyUpdateReq;
 import com.sunyard.chsm.service.KeyManageService;
 import org.springframework.util.Assert;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -32,6 +34,11 @@ public class KeyManageController {
     @Resource
     private KeyManageService keyManageService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     /**
      * 查询密钥列表
      *

chsm-web-server/src/main/java/com/sunyard/chsm/controller/RandomController.java

@@ -7,6 +7,8 @@ import com.sunyard.chsm.param.GenRandomReq;
 import com.sunyard.chsm.param.GenRandomResp;
 import com.sunyard.chsm.sdf.SdfApiService;
 import com.sunyard.chsm.utils.CodecUtils;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
@@ -25,6 +27,11 @@ public class RandomController {
     @Resource
     private SdfApiService sdfApiService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     /**
      * 获取随机数
      *

chsm-web-server/src/main/java/com/sunyard/chsm/controller/SymKeyController.java

@@ -16,6 +16,8 @@ import com.sunyard.chsm.param.SymMacResp;
 import com.sunyard.chsm.param.VerifyResp;
 import com.sunyard.chsm.service.SymKeyService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -36,6 +38,11 @@ public class SymKeyController {
     @Autowired
     private SymKeyService symKeyService;
 
+    @InitBinder
+    public void initBinder(WebDataBinder binder) {
+        binder.setDisallowedFields("qwer");
+    }
+
     /**
      * 对称加密
      *

chsm-web-server/src/test/java/api/BaseTest.java

@@ -30,7 +30,7 @@ public abstract class BaseTest {
     protected static final String asymKeyTemplate = "asym-sm2-001";
     protected static final String ak = "216205d408130d83d13c5072305b8b65";
     protected static final String sk = "ae64515d1d5adec2cc6ae8726d0c1bbc";
-    protected static final String server = "http://172.16.18.46:9890";
+    protected static final String server = "http://172.16.18.42:9890";
     protected static final RestTemplate restTemplate;
     protected static final String token;