Commit 854fc17d by WeiCong

增加报文越权补充安全措施

parent dffafa30
...@@ -88,7 +88,6 @@ public abstract class AbstractCommonController { ...@@ -88,7 +88,6 @@ public abstract class AbstractCommonController {
//数据安全性拦截-篡改数据拦截 //数据安全性拦截-篡改数据拦截
if (DataSecurityUtil.isSafeMode() && noUiRequest.isSecurity()) { if (DataSecurityUtil.isSafeMode() && noUiRequest.isSecurity()) {
if (DataSecurityUtil.needDecrypt(noUiRequest.getReqUrl())) { if (DataSecurityUtil.needDecrypt(noUiRequest.getReqUrl())) {
String[] clientpars = DataSecurityUtil.getSafeConfigByReqUrl(context,noUiRequest, noUiRequest.getReqUrl() + DataSecurityUtil.DECRYPT_FIX); String[] clientpars = DataSecurityUtil.getSafeConfigByReqUrl(context,noUiRequest, noUiRequest.getReqUrl() + DataSecurityUtil.DECRYPT_FIX);
if(!ArrayUtils.isEmpty(clientpars)){ if(!ArrayUtils.isEmpty(clientpars)){
...@@ -107,6 +106,18 @@ public abstract class AbstractCommonController { ...@@ -107,6 +106,18 @@ public abstract class AbstractCommonController {
} }
} }
} }
}else if("infsmh".equals(trnName) && "_recpan_show".equals(alias.getAliasActionUrl())){
String res = request.getHeader("res");
String docpth = (String) paramsMap.get("docpth");
String errmsg="Access Forbidden, Unauthorized!!!";
if(res==null || docpth ==null){
Result rt = new Result(ErrorCodes.ERROR, errmsg, null, noUiVersion.getVersion());
return rt;
}
if(!res.equals(docpth)){
Result rt = new Result(ErrorCodes.ERROR, errmsg, null, noUiVersion.getVersion());
return rt;
}
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment