diff --git a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java index 6cbe3114b..a9a6b5577 100644 --- a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java +++ b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java @@ -4,6 +4,7 @@ import java.util.List; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.quartz.SchedulerException; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; import org.springframework.validation.annotation.Validated; @@ -37,6 +38,9 @@ import com.ruoyi.quartz.util.ScheduleUtils; public class SysJobController extends BaseController { private String prefix = "monitor/job"; + + @Value("${job.whiteList:}") + private List whiteList; @Autowired private ISysJobService jobService; @@ -153,7 +157,7 @@ public class SysJobController extends BaseController { return error("新增任务'" + job.getJobName() + "'失败,目标字符串存在违规"); } - else if (!ScheduleUtils.whiteList(job.getInvokeTarget())) + else if (!ScheduleUtils.whiteList(job.getInvokeTarget(), whiteList.toArray(new String[whiteList.size()]))) { return error("新增任务'" + job.getJobName() + "'失败,目标字符串不在白名单内"); } @@ -201,7 +205,7 @@ public class SysJobController extends BaseController { return error("修改任务'" + job.getJobName() + "'失败,目标字符串存在违规"); } - else if (!ScheduleUtils.whiteList(job.getInvokeTarget())) + else if (!ScheduleUtils.whiteList(job.getInvokeTarget(), whiteList.toArray(new String[whiteList.size()]))) { return error("修改任务'" + job.getJobName() + "'失败,目标字符串不在白名单内"); } diff --git a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/util/ScheduleUtils.java b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/util/ScheduleUtils.java index 598a05b44..a87ad86ea 100644 --- a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/util/ScheduleUtils.java +++ b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/util/ScheduleUtils.java @@ -1,5 +1,6 @@ package com.ruoyi.quartz.util; +import org.apache.commons.lang3.ArrayUtils; import org.quartz.CronScheduleBuilder; import org.quartz.CronTrigger; import org.quartz.Job; @@ -123,19 +124,22 @@ public class ScheduleUtils * 检查包名是否为白名单配置 * * @param invokeTarget 目标字符串 + * @param extendedWhiteList 扩展的名单单 * @return 结果 */ - public static boolean whiteList(String invokeTarget) - { + public static boolean whiteList(String invokeTarget, String... extendedWhiteList) + { + String[] whiteList = StringUtils.isEmpty(extendedWhiteList) ? Constants.JOB_WHITELIST_STR + : ArrayUtils.addAll(extendedWhiteList, Constants.JOB_WHITELIST_STR); String packageName = StringUtils.substringBefore(invokeTarget, "("); int count = StringUtils.countMatches(packageName, "."); if (count > 1) { - return StringUtils.containsAnyIgnoreCase(invokeTarget, Constants.JOB_WHITELIST_STR); + return StringUtils.containsAnyIgnoreCase(invokeTarget, whiteList); } Object obj = SpringUtils.getBean(StringUtils.split(invokeTarget, ".")[0]); String beanPackageName = obj.getClass().getPackage().getName(); - return StringUtils.containsAnyIgnoreCase(beanPackageName, Constants.JOB_WHITELIST_STR) + return StringUtils.containsAnyIgnoreCase(beanPackageName, whiteList) && !StringUtils.containsAnyIgnoreCase(beanPackageName, Constants.JOB_ERROR_STR); } } \ No newline at end of file