由于在集群环境下页面发起请求，由于ip都会在主备机器间切换，导致sessionid变化。因此现在屏蔽调资源访问拦截策略中基于sessionid一致性的拦截

7080e084 · WeiCong · 4b039167 · 7080e084
Commit 7080e084 authored Dec 03, 2020 by WeiCong
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 6 deletions

ResourceAccessFilter.java ...rg/sss/presentation/noui/filter/ResourceAccessFilter.java +6 -6

No files found.
--- a/src/main/java/org/sss/presentation/noui/filter/ResourceAccessFilter.java
+++ b/src/main/java/org/sss/presentation/noui/filter/ResourceAccessFilter.java
@@ -169,9 +169,9 @@ public class ResourceAccessFilter implements Filter {
    }

    private boolean isLegalSecForMsg(String sec, String rawuid, String res, HttpServletRequest request) throws Exception {
-        if (isNotSameSessionId(rawuid, request)) {
-            return false;
-        }
+//        if (isNotSameSessionId(rawuid, request)) {
+//            return false;
+//        }
        Object obj = RedisUtil.get(KEY.replace("##", rawuid));
        if (obj == null) {
            log.warn(KEY.replace("##", rawuid) + "get logininfo is null");
@@ -197,9 +197,9 @@ public class ResourceAccessFilter implements Filter {
            res = res.substring(res.lastIndexOf("/") + 1);
        }
        String rawuid = new StringBuilder(uid).reverse().toString();
-        if (isNotSameSessionId(rawuid, request)) {
-            return false;
-        }
+//        if (isNotSameSessionId(rawuid, request)) {
+//            return false;
+//        }
        Object obj = RedisUtil.get(KEY.replace("##", rawuid));
        if (obj == null) {
            log.warn(KEY.replace("##", rawuid) + "get logininfo is null");