~whyclxw/CadDrawManager.git

			@@ -2,7 +2,7 @@

			import com.whyc.constant.UserOperation;
			import com.whyc.constant.YamlProperties;
			import com.whyc.pojo.UserInf;
			import com.whyc.pojo.DocUser;
			import com.whyc.util.ActionUtil;
			import com.whyc.util.CommonUtil;

			@@ -101,7 +101,7 @@

			if(YamlProperties.profileType.equals("prod")) {
			//用户需要登录
			UserInf user = (UserInf) request.getSession().getAttribute("user");
			DocUser user = (DocUser) request.getSession().getAttribute("user");
			//无需登录可以调用接口放行
			if (!requestURI.contains(".") && !servletPath.equals("/") &&
			(!
			@@ -125,7 +125,7 @@
			//登录页面接口
			\|\| requestURI.contains("User_infAction!searchSnIdByUId") //TODO 免登陆v2待开发
			\|\| requestURI.contains("message")
			\|\| requestURI.contains("login/login")
			\|\| requestURI.contains("login")
			\|\| requestURI.contains("user/updatePassword2")
			\|\| requestURI.contains("pageParam/findByCategoryId")
			\|\| requestURI.contains("pageParam/allList")
			@@ -143,13 +143,15 @@
			\|\| requestURI.contains("interfaceRealTime")
			//WebSocket-签名所需时间戳
			\|\| requestURI.contains("server")
			\|\| requestURI.contains("docDepart/getAllRole")
			//options请求
			\|\| request.getMethod().toUpperCase().equals("OPTIONS")

			))) {
			if (user == null) {
			//越权访问
			//CommonUtil.record(0, UserOperation.TYPE_UNAUTHORIZED_ACCESS.getType(), "越权访问", "越权访问接口:" + requestURI);
			CommonUtil.record2(request, 0, UserOperation.TYPE_UNAUTHORIZED_ACCESS.getType(), "越权访问", "越权访问接口:" + requestURI);
			CommonUtil.record2(request, 0,"", UserOperation.TYPE_UNAUTHORIZED_ACCESS.getType(), "越权访问", "越权访问接口:" + requestURI);
			response.setStatus(401);
			response.setContentType("text/html;charset=utf-8");
			response.getWriter().write("非法请求，身份未验证");