From 30b6ddc4f4f07a88d50e0deae076cb3f4af3bd94 Mon Sep 17 00:00:00 2001 From: Redkale <22250530@qq.com> Date: Wed, 24 Aug 2016 08:00:32 +0800 Subject: [PATCH] --- .../redkale/net/http/BasedHttpServlet.java | 24 +++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/src/org/redkale/net/http/BasedHttpServlet.java b/src/org/redkale/net/http/BasedHttpServlet.java index 9a8e2f425..43224229a 100644 --- a/src/org/redkale/net/http/BasedHttpServlet.java +++ b/src/org/redkale/net/http/BasedHttpServlet.java @@ -19,6 +19,7 @@ import java.util.concurrent.*; import jdk.internal.org.objectweb.asm.*; import static jdk.internal.org.objectweb.asm.ClassWriter.COMPUTE_FRAMES; import static jdk.internal.org.objectweb.asm.Opcodes.*; +import org.redkale.service.RetResult; /** * @@ -29,6 +30,8 @@ import static jdk.internal.org.objectweb.asm.Opcodes.*; */ public abstract class BasedHttpServlet extends HttpServlet { + public static final int RET_METHOD_ERROR = 1800_0001; + /** * 配合 BasedHttpServlet 使用。 * 当标记为 @AuthIgnore 的方法在执行execute之前不会调用authenticate 方法。 @@ -63,6 +66,8 @@ public abstract class BasedHttpServlet extends HttpServlet { int actionid() default 0; String url(); + + String[] methods() default {};//允许方法(不区分大小写),如:GET/POST/PUT,为空表示允许所有方法 } /** @@ -100,6 +105,10 @@ public abstract class BasedHttpServlet extends HttpServlet { for (Map.Entry en : actions) { if (request.getRequestURI().startsWith(en.getKey())) { Entry entry = en.getValue(); + if (!entry.checkMethod(request.getMethod())) { + response.finishJson(new RetResult(RET_METHOD_ERROR, "Method(" + request.getMethod() + ") Error")); + return; + } if (entry.ignore || authenticate(entry.moduleid, entry.actionid, request, response)) { if (entry.cachetimeout > 0) {//有缓存设置 CacheEntry ce = entry.cache.get(request.getRequestURI()); @@ -170,7 +179,7 @@ public abstract class BasedHttpServlet extends HttpServlet { // } // } nameset.add(name); - map.put(name, new Entry(typeIgnore, serviceid, actionid, name, method, createHttpServlet(method))); + map.put(name, new Entry(typeIgnore, serviceid, actionid, name, action.methods(), method, createHttpServlet(method))); } return map; } @@ -256,10 +265,11 @@ public abstract class BasedHttpServlet extends HttpServlet { private static final class Entry { - public Entry(boolean typeIgnore, int moduleid, int actionid, String name, Method method, HttpServlet servlet) { + public Entry(boolean typeIgnore, int moduleid, int actionid, String name, String[] methods, Method method, HttpServlet servlet) { this.moduleid = moduleid; this.actionid = actionid; this.name = name; + this.methods = methods; this.method = method; this.servlet = servlet; this.ignore = typeIgnore || method.getAnnotation(AuthIgnore.class) != null; @@ -279,6 +289,14 @@ public abstract class BasedHttpServlet extends HttpServlet { return this.moduleid != 0 || this.actionid != 0; } + public boolean checkMethod(final String reqMethod) { + if (methods.length == 0) return true; + for (String m : methods) { + if (reqMethod.equalsIgnoreCase(m)) return true; + } + return false; + } + public final HttpResponse.BufferHandler cacheHandler; public final ConcurrentHashMap cache; @@ -293,6 +311,8 @@ public abstract class BasedHttpServlet extends HttpServlet { public final String name; + public final String[] methods; + public final Method method; public final HttpServlet servlet;