更新

whycxzp

2025-04-24 91dc15e7d96b26873a5729aef096d284cc768c1c

 src/main/java/com/whyc/filter/AccessFilter.java

@@ -2,7 +2,7 @@

import com.whyc.constant.UserOperation;
import com.whyc.constant.YamlProperties;
import com.whyc.pojo.UserInf;
import com.whyc.pojo.DocUser;
import com.whyc.util.ActionUtil;
import com.whyc.util.CommonUtil;

@@ -101,7 +101,7 @@

        if(YamlProperties.profileType.equals("prod")) {
            //用户需要登录
            UserInf user = (UserInf) request.getSession().getAttribute("user");
            DocUser user = (DocUser) request.getSession().getAttribute("user");
            //无需登录可以调用接口放行
            if (!requestURI.contains(".") && !servletPath.equals("/") &&
                    (!
@@ -149,7 +149,7 @@
                if (user == null) {
                    //越权访问
                    //CommonUtil.record(0, UserOperation.TYPE_UNAUTHORIZED_ACCESS.getType(), "越权访问", "越权访问接口:" + requestURI);
                    CommonUtil.record2(request, 0, UserOperation.TYPE_UNAUTHORIZED_ACCESS.getType(), "越权访问", "越权访问接口:" + requestURI);
                    CommonUtil.record2(request, 0,"", UserOperation.TYPE_UNAUTHORIZED_ACCESS.getType(), "越权访问", "越权访问接口:" + requestURI);
                    response.setStatus(401);
                    response.setContentType("text/html;charset=utf-8");
                    response.getWriter().write("非法请求，身份未验证");