From 446eb7294332efca2bfd791bc37281cedac0d0ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=98=BF=E6=B2=90?= Date: Tue, 8 Nov 2022 10:54:00 +0800 Subject: [PATCH] https://gitee.com/makunet/maku-boot/issues/I5ZUYI --- .../quartz/controller/ScheduleJobController.java | 40 ++++++++++++++++------ .../main/java/net/maku/quartz/task/TestTask.java | 4 +-- 2 files changed, 31 insertions(+), 13 deletions(-) diff --git a/maku-boot-module/maku-module-quartz/src/main/java/net/maku/quartz/controller/ScheduleJobController.java b/maku-boot-module/maku-module-quartz/src/main/java/net/maku/quartz/controller/ScheduleJobController.java index 48e2455..71e6eb5 100644 --- a/maku-boot-module/maku-module-quartz/src/main/java/net/maku/quartz/controller/ScheduleJobController.java +++ b/maku-boot-module/maku-module-quartz/src/main/java/net/maku/quartz/controller/ScheduleJobController.java @@ -1,8 +1,11 @@ package net.maku.quartz.controller; +import cn.hutool.core.util.ArrayUtil; +import cn.hutool.extra.spring.SpringUtil; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import lombok.AllArgsConstructor; +import net.maku.framework.common.exception.ServerException; import net.maku.framework.common.page.PageResult; import net.maku.framework.common.utils.Result; import net.maku.quartz.convert.ScheduleJobConvert; @@ -12,19 +15,20 @@ import net.maku.quartz.service.ScheduleJobService; import net.maku.quartz.utils.CronUtils; import net.maku.quartz.vo.ScheduleJobVO; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.stereotype.Service; import org.springframework.web.bind.annotation.*; import javax.validation.Valid; import java.util.List; /** -* 定时任务 -* -* @author 阿沐 babamu@126.com -*/ + * 定时任务 + * + * @author 阿沐 babamu@126.com + */ @RestController @RequestMapping("schedule") -@Tag(name="定时任务") +@Tag(name = "定时任务") @AllArgsConstructor public class ScheduleJobController { private final ScheduleJobService scheduleJobService; @@ -32,7 +36,7 @@ public class ScheduleJobController { @GetMapping("page") @Operation(summary = "分页") @PreAuthorize("hasAuthority('schedule:page')") - public Result> page(@Valid ScheduleJobQuery query){ + public Result> page(@Valid ScheduleJobQuery query) { PageResult page = scheduleJobService.page(query); return Result.ok(page); @@ -41,7 +45,7 @@ public class ScheduleJobController { @GetMapping("{id}") @Operation(summary = "信息") @PreAuthorize("hasAuthority('schedule:info')") - public Result get(@PathVariable("id") Long id){ + public Result get(@PathVariable("id") Long id) { ScheduleJobEntity entity = scheduleJobService.getById(id); return Result.ok(ScheduleJobConvert.INSTANCE.convert(entity)); @@ -50,11 +54,14 @@ public class ScheduleJobController { @PostMapping @Operation(summary = "保存") @PreAuthorize("hasAuthority('schedule:save')") - public Result save(@RequestBody ScheduleJobVO vo){ + public Result save(@RequestBody ScheduleJobVO vo) { if (!CronUtils.isValid(vo.getCronExpression())) { return Result.error("操作失败,Cron表达式不正确"); } + // 检查Bean的合法性 + checkBean(vo.getBeanName()); + scheduleJobService.save(vo); return Result.ok(); @@ -68,6 +75,9 @@ public class ScheduleJobController { return Result.error("操作失败,Cron表达式不正确"); } + // 检查Bean的合法性 + checkBean(vo.getBeanName()); + scheduleJobService.update(vo); return Result.ok(); @@ -76,7 +86,7 @@ public class ScheduleJobController { @DeleteMapping @Operation(summary = "删除") @PreAuthorize("hasAuthority('schedule:delete')") - public Result delete(@RequestBody List idList){ + public Result delete(@RequestBody List idList) { scheduleJobService.delete(idList); return Result.ok(); @@ -85,7 +95,7 @@ public class ScheduleJobController { @PutMapping("run") @Operation(summary = "立即执行") @PreAuthorize("hasAuthority('schedule:run')") - public Result run(@RequestBody ScheduleJobVO vo){ + public Result run(@RequestBody ScheduleJobVO vo) { scheduleJobService.run(vo); return Result.ok(); @@ -94,9 +104,17 @@ public class ScheduleJobController { @PutMapping("change-status") @Operation(summary = "修改状态") @PreAuthorize("hasAuthority('schedule:update')") - public Result changeStatus(@RequestBody ScheduleJobVO vo){ + public Result changeStatus(@RequestBody ScheduleJobVO vo) { scheduleJobService.changeStatus(vo); return Result.ok(); } + + private void checkBean(String beanName) { + // 为避免执行jdbcTemplate等类,只允许添加有@Service注解的Bean + String[] serviceBeans = SpringUtil.getApplicationContext().getBeanNamesForAnnotation(Service.class); + if (!ArrayUtil.contains(serviceBeans, beanName)) { + throw new ServerException("只允许添加有@Service注解的Bean!"); + } + } } \ No newline at end of file diff --git a/maku-boot-module/maku-module-quartz/src/main/java/net/maku/quartz/task/TestTask.java b/maku-boot-module/maku-module-quartz/src/main/java/net/maku/quartz/task/TestTask.java index 27f9c0c..345d2b3 100644 --- a/maku-boot-module/maku-module-quartz/src/main/java/net/maku/quartz/task/TestTask.java +++ b/maku-boot-module/maku-module-quartz/src/main/java/net/maku/quartz/task/TestTask.java @@ -1,7 +1,7 @@ package net.maku.quartz.task; import lombok.extern.slf4j.Slf4j; -import org.springframework.stereotype.Component; +import org.springframework.stereotype.Service; /** * 测试定时任务 @@ -9,7 +9,7 @@ import org.springframework.stereotype.Component; * @author 阿沐 babamu@126.com */ @Slf4j -@Component +@Service public class TestTask { public void run(String params) throws InterruptedException {