修复用户数据安全漏洞

2018-02-27 11:25:13 +08:00
parent b48ad48c72
commit 76a84528a9
5 changed files with 9 additions and 9 deletions
--- a/src/main/java/com/fjy/spring/controller/DataController.java
+++ b/src/main/java/com/fjy/spring/controller/DataController.java
@@ -74,7 +74,7 @@ public class DataController {
        throw new UserException(ResultEnum.EMPTY_DATA);
    }

-    @GetMapping("/home/findvfeedback")
+    @GetMapping("/home/admin/findvfeedback")
    public List<VFeedBack> findAllVFeedback(){
        List<VFeedBack> feedBacks = feedBackService.findAllVFeedback();
        if (feedBacks!=null){
@@ -92,7 +92,7 @@ public class DataController {
        throw new UserException(ResultEnum.EMPTY_DATA);
    }

-    @GetMapping("/home/findalluser")
+    @GetMapping("/home/admin/findalluser")
    public List<TbUser> findAllUser(){
        List<TbUser> users = userService.findAllUser();
        if (users!=null){
@@ -110,7 +110,7 @@ public class DataController {
        throw new UserException(ResultEnum.EMPTY_DATA);
    }

-    @GetMapping("/home/findStudentInCourseFile")
+    @GetMapping("/home/admin/findStudentInCourseFile")
    public  List<TbStudentlist> findStudentInCourseFile(
            @RequestParam(value = "Folder") String Folder,@RequestParam(value = "CourseName") String CourseName){
        List<TbStudentlist> files = vUserfileService.findStudentNoByWorkFolderAndCourseName(Folder,CourseName);
@@ -169,7 +169,7 @@ public class DataController {
            , @RequestParam(value = "password") String password,
              @RequestParam(value = "question") String question
            , @RequestParam(value = "answer") String answer) throws Exception {
-        log.info("name:{}, password:{}, question:{}, answer:{}",name,password,question,answer);
+        //log.info("name:{}, password:{}, question:{}, answer:{}",name,password,question,answer);
        if (findUserQue(name,question,answer)){
            //service方法内含有对密码加密的操作
            return userService.updateColpasswordByColname(password,name);
@@ -185,7 +185,7 @@ public class DataController {

    @PostMapping("/home/admin/addoneversion")
    public boolean addOneVersion(TbVersion version){
-        log.info(version.toString());
+        //log.info(version.toString());
        return versionService.addOneVersion(version)!=null;
    }

--- a/src/main/java/com/fjy/spring/interceptor/WebAppConfig.java
+++ b/src/main/java/com/fjy/spring/interceptor/WebAppConfig.java
@@ -6,7 +6,7 @@ import org.springframework.web.servlet.config.annotation.PathMatchConfigurer;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

-@Configuration
+/*@Configuration*/
 public class WebAppConfig implements WebMvcConfigurer {

    /**