diff --git a/backend/framework/sdk/src/main/java/io/metersphere/sdk/util/FilterChainUtils.java b/backend/framework/sdk/src/main/java/io/metersphere/sdk/util/FilterChainUtils.java index 45221ad25a..9f52a97990 100644 --- a/backend/framework/sdk/src/main/java/io/metersphere/sdk/util/FilterChainUtils.java +++ b/backend/framework/sdk/src/main/java/io/metersphere/sdk/util/FilterChainUtils.java @@ -24,7 +24,6 @@ public class FilterChainUtils { filterChainDefinitionMap.put("/favicon.ico", "anon"); filterChainDefinitionMap.put("/base-display/**", "anon"); filterChainDefinitionMap.put("/jmeter/ping", "anon"); - filterChainDefinitionMap.put("/jmeter/ready/**", "totp"); filterChainDefinitionMap.put("/authsource/list/allenable", "anon"); filterChainDefinitionMap.put("/sso/callback/**", "anon"); filterChainDefinitionMap.put("/license/validate", "anon"); @@ -75,10 +74,4 @@ public class FilterChainUtils { return filterChainDefinitionMap; } - public static Map totpFilterChain() { - Map filterChainDefinitionMap = new HashMap<>(); - // 执行机下载执行资源需要验证totp - filterChainDefinitionMap.put("/jmeter/download/**", "totp"); - return filterChainDefinitionMap; - } } diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/config/ShiroConfig.java b/backend/services/system-setting/src/main/java/io/metersphere/system/config/ShiroConfig.java index 02c48f4d63..7453f7ae38 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/config/ShiroConfig.java +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/config/ShiroConfig.java @@ -4,7 +4,6 @@ package io.metersphere.system.config; import io.metersphere.system.security.ApiKeyFilter; import io.metersphere.system.security.CsrfFilter; import io.metersphere.system.security.MsPermissionAnnotationMethodInterceptor; -import io.metersphere.system.security.TotpFilter; import io.metersphere.system.security.realm.LocalRealm; import io.metersphere.sdk.util.FilterChainUtils; import jakarta.servlet.DispatcherType; @@ -43,12 +42,11 @@ public class ShiroConfig { shiroFilterFactoryBean.getFilters().put("apikey", new ApiKeyFilter()); shiroFilterFactoryBean.getFilters().put("csrf", new CsrfFilter()); - shiroFilterFactoryBean.getFilters().put("totp", new TotpFilter()); + Map filterChainDefinitionMap = shiroFilterFactoryBean.getFilterChainDefinitionMap(); filterChainDefinitionMap.putAll(FilterChainUtils.loadBaseFilterChain()); - filterChainDefinitionMap.putAll(FilterChainUtils.totpFilterChain()); filterChainDefinitionMap.putAll(FilterChainUtils.ignoreCsrfFilter()); diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/security/TotpFilter.java b/backend/services/system-setting/src/main/java/io/metersphere/system/security/TotpFilter.java deleted file mode 100644 index ea0daf89ba..0000000000 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/security/TotpFilter.java +++ /dev/null @@ -1,38 +0,0 @@ -package io.metersphere.system.security; - - -import com.bastiaanjansen.otp.TOTPGenerator; -import io.metersphere.sdk.constants.MsHttpHeaders; -import io.metersphere.sdk.util.CommonBeanFactory; -import jakarta.servlet.ServletRequest; -import jakarta.servlet.ServletResponse; -import jakarta.servlet.http.HttpServletRequest; -import org.apache.commons.lang3.StringUtils; -import org.apache.shiro.web.filter.authc.AnonymousFilter; -import org.apache.shiro.web.util.WebUtils; - -public class TotpFilter extends AnonymousFilter { - - @Override - protected boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) { - HttpServletRequest httpServletRequest = WebUtils.toHttp(request); - - // 请求头取出的token value - String token = httpServletRequest.getHeader(MsHttpHeaders.OTP_TOKEN); - // 校验 token - validateToken(token); - - return true; - } - - private void validateToken(String token) { - if (StringUtils.isBlank(token)) { - throw new RuntimeException("token is empty"); - } - - TOTPGenerator totpGenerator = CommonBeanFactory.getBean(TOTPGenerator.class); - if (!totpGenerator.verify(token)) { - throw new RuntimeException("token is not valid"); - } - } -}