高危漏洞修复

src/main/java/com/chinaitop/depot/utils/CustomFilter.java

@@ -24,6 +24,7 @@ public class CustomFilter implements Filter {
 	public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
 			throws IOException, ServletException {
 		HttpServletRequest request = (HttpServletRequest) arg0;
+		String ss = request.getServletPath();
 		HttpSession session = request.getSession();
 		String orgId = "";
 		if (session != null){
@@ -31,8 +32,11 @@ public class CustomFilter implements Filter {
 		}
 		if (!orgId.isEmpty()) {
 			DataPolicyEngine.set(orgId);
+			arg2.doFilter(arg0, arg1);//放行，通过了当前过滤器，递交给下一个filter进行过滤
+		}else if ("/userInfo/getLoginInfo".equals(request.getServletPath())||"/userInfo/getCode".equals(request.getServletPath())
+				||"/userInfo/login".equals(request.getServletPath())) {
+			arg2.doFilter(arg0, arg1);//放行，通过了当前过滤器，递交给下一个filter进行过滤
 		}
-		arg2.doFilter(arg0, arg1);
 		DataPolicyEngine.remove();
 	}