| | |
|---|
| | | //登录页面接口 |
|---|
| | | || requestURI.contains("User_infAction!searchSnIdByUId") //TODO 免登陆v2待开发 |
|---|
| | | || requestURI.contains("message") |
|---|
| | | || requestURI.contains("login/login") |
|---|
| | | || requestURI.contains("login") |
|---|
| | | || requestURI.contains("user/updatePassword2") |
|---|
| | | || requestURI.contains("pageParam/findByCategoryId") |
|---|
| | | || requestURI.contains("pageParam/allList") |
|---|
| | |
|---|
| | | || requestURI.contains("interfaceRealTime") |
|---|
| | | //WebSocket-签名所需时间戳 |
|---|
| | | || requestURI.contains("server") |
|---|
| | | || requestURI.contains("docDepart/getAllRole") |
|---|
| | | //options请求 |
|---|
| | | || request.getMethod().toUpperCase().equals("OPTIONS") |
|---|
| | | |
|---|
| | | ))) { |
|---|
| | | if (user == null) { |
|---|
| | | //越权访问 |
|---|
| | | //CommonUtil.record(0, UserOperation.TYPE_UNAUTHORIZED_ACCESS.getType(), "越权访问", "越权访问接口:" + requestURI); |
|---|
| | | CommonUtil.record2(request, 0, UserOperation.TYPE_UNAUTHORIZED_ACCESS.getType(), "越权访问", "越权访问接口:" + requestURI); |
|---|
| | | CommonUtil.record2(request, 0,"", UserOperation.TYPE_UNAUTHORIZED_ACCESS.getType(), "越权访问", "越权访问接口:" + requestURI); |
|---|
| | | response.setStatus(401); |
|---|
| | | response.setContentType("text/html;charset=utf-8"); |
|---|
| | | response.getWriter().write("非法请求,身份未验证"); |
|---|
