|
|
@@ -280,7 +280,9 @@ public class SysUserController extends BaseController {
|
|
|
//如果访问的是可视化菜单内的 并且用户没有这个菜单 返回false
|
|
|
boolean isRefererInAll = contains(allArray,referer);
|
|
|
boolean isRefererInUserHas = contains(userHasArray,referer);
|
|
|
- logger.info("访问路径 ==>{}, 访问路径是否在系统菜单里 ==>{}, 用户是否具有该路径权限 ==>{}",referer, isRefererInAll, isRefererInUserHas);
|
|
|
+// logger.info("访问路径 ==>{}", referer);
|
|
|
+// logger.info("访问路径是否在系统菜单里 ==>{}", isRefererInAll);
|
|
|
+// logger.info("用户是否具有该路径权限 ==>{}", isRefererInUserHas);
|
|
|
if(isRefererInAll){
|
|
|
if (!isRefererInUserHas) {
|
|
|
result.put("flag", false);
|
|
|
@@ -308,17 +310,24 @@ public class SysUserController extends BaseController {
|
|
|
url = JSONUtil.parseObj(o).getStr("componentUrl"); break;
|
|
|
}
|
|
|
if (StringUtils.isNotEmpty(url) && compareUrlIpPort(referer, url)) {
|
|
|
- logger.info("Referer ==>{}, PageRouterUrl ==>{}", referer, url);
|
|
|
+// logger.info("Referer ==>{}, PageRouterUrl ==>{}", referer, url);
|
|
|
flag = true;
|
|
|
}
|
|
|
}
|
|
|
return flag;
|
|
|
}
|
|
|
|
|
|
- public boolean compareUrlIpPort(String url1, String url2){
|
|
|
+ public boolean compareUrlIpPort(String referer, String url){
|
|
|
+ // 白名单配置
|
|
|
+ String backToMainPage = configService.selectConfigByKey("backToMainPage");
|
|
|
+ // 白名单匹配:检查 referer 是否包含任意关键字
|
|
|
+ if (StringUtils.isNotEmpty(referer) && referer.endsWith(backToMainPage)) {
|
|
|
+// logger.info("Referer [{}] 匹配白名单 [{}]", referer, backToMainPage);
|
|
|
+ return true;
|
|
|
+ }
|
|
|
try {
|
|
|
- URL u1 = new URL(url1);
|
|
|
- URL u2 = new URL(url2);
|
|
|
+ URL u1 = new URL(referer);
|
|
|
+ URL u2 = new URL(url);
|
|
|
|
|
|
// 获取 host(IP 或域名)
|
|
|
String host1 = u1.getHost();
|
bihuisong