页面地址加入越权访问

backend/src/main/java/com/jiayue/ssi/controller/SysPolicyController.java

@@ -198,12 +198,13 @@ public class SysPolicyController {
             else{
                 username = claims.getSubject();
             }
+            String openUrl = request.getParameter("accessUrl");
             SysOperLog operLog = new SysOperLog();
             operLog.setStatus(BusinessStatus.FAIL.ordinal());
             // 请求的地址
             String ip = IPUtils.getIpAddr();
             operLog.setOperIp(ip);
-            operLog.setOperUrl(request.getParameter("accessUrl"));
+            operLog.setOperUrl(openUrl);
             operLog.setOperName(username);
             // 设置请求方式
             operLog.setRequestMethod("");
@@ -228,7 +229,7 @@ public class SysPolicyController {
 
             // 通知系统管理员
             if ("0".equals(noticeWay)){
-                log.info("发送邮箱通知系统管理员后台输出======> "+"账号【"+username+"】越权访问"+org.apache.commons.lang3.StringUtils.substring(ServletUtils.getRequest().getRequestURI(), 0, 255));
+                log.info("发送邮箱通知系统管理员后台输出======> "+"账号【"+username+"】越权访问"+openUrl);
             }
             else if ("1".equals(noticeWay)){
                 // 告警先不用了，系统里只用一种邮箱告警

ui/src/permission.js

@@ -7,6 +7,7 @@ import { getBrowserToken } from './utils/commonFuc' // get token from cookie
 import getPageTitle from '@/utils/get-page-title'
 import {doEncrypt, doDecryptStr,doSign,doVerifySignature,userinfoEncrypt,userinfoDecrypt} from '@/utils/smutil'
 import service from './utils/request'
+import {removeToken} from "@/utils/auth";
 
 NProgress.configure({ showSpinner: false }) // NProgress Configuration
 
@@ -43,6 +44,7 @@ router.beforeEach(async (to, from, next) => {
         }
         // 保存越权访问
         await service.post('/sysPolicyController/brokenAccessControl', searchParams2).then((res) => {
+          removeToken()
           next('/404') // 判断此跳转路由的来源路由是否存在，存在的情况跳转到来源路由，否则跳转到404页面
         }).catch((error) => {
           this.$message.error('越权访问记录出错' + error)