去掉放行logins, 解决越权漏洞

master
yangjie 4 years ago
parent 655b25fb98
commit fdb0443c3e
  1. 8
      src/main/resources/application-prod.properties

@ -57,3 +57,11 @@ redis.cluster.nodes=192.168.136.191:8000,192.168.136.191:8001,192.168.136.191:80
server.port=8090
server.servlet.context-path= /liuwanr
#开启全局拦截,为空不开启拦截
#auth.openInterceptStr=
auth.openInterceptStr=/**
#放行Url
auth.permitUrl=/userInfo/adminLogins/**,/userInfo/loginSchoolClient/**,/province/queryProvince/**,/city/queryCity/**,/customer/querySchool/**,/userInfo/queryPhone/**,/userInfo/updateLogInNumber/**,/userInfo/getAccountPassword

Loading…
Cancel
Save