增加报文越权补充安全措施

854fc17d · WeiCong · dffafa30 · 854fc17d
Commit 854fc17d authored Oct 29, 2020 by WeiCong
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 1 deletions

AbstractCommonController.java ...resentation/noui/controller/AbstractCommonController.java +12 -1

No files found.
--- a/src/main/java/org/sss/presentation/noui/controller/AbstractCommonController.java
+++ b/src/main/java/org/sss/presentation/noui/controller/AbstractCommonController.java
@@ -88,7 +88,6 @@ public abstract class AbstractCommonController {
            //数据安全性拦截-篡改数据拦截
            if (DataSecurityUtil.isSafeMode() && noUiRequest.isSecurity()) {
                if (DataSecurityUtil.needDecrypt(noUiRequest.getReqUrl())) {
                    String[] clientpars = DataSecurityUtil.getSafeConfigByReqUrl(context,noUiRequest, noUiRequest.getReqUrl() + DataSecurityUtil.DECRYPT_FIX);
                    if(!ArrayUtils.isEmpty(clientpars)){
@@ -107,6 +106,18 @@ public abstract class AbstractCommonController {
                            }
                        }
                    }
+                }else if("infsmh".equals(trnName) && "_recpan_show".equals(alias.getAliasActionUrl())){
+                    String res = request.getHeader("res");
+                    String docpth = (String) paramsMap.get("docpth");
+                    String errmsg="Access Forbidden, Unauthorized!!!";
+                    if(res==null || docpth ==null){
+                        Result rt = new Result(ErrorCodes.ERROR, errmsg, null, noUiVersion.getVersion());
+                        return rt;
+                    }
+                    if(!res.equals(docpth)){
+                        Result rt = new Result(ErrorCodes.ERROR, errmsg, null, noUiVersion.getVersion());
+                        return rt;
+                    }
                }
            }