'commit'

src/main/java/com/dsideal/sso/Controller/WebLoginController.java

@@ -10,6 +10,7 @@ import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 import com.dsideal.sso.Interceptor.EmptyInterface;
+import com.dsideal.sso.Model.LoginModel;
 import com.dsideal.sso.Util.AesUtil;
 import com.dsideal.sso.Util.CaptchaUtil;
 import com.dsideal.sso.Util.CommonUtil;
@@ -26,6 +27,8 @@ import com.jfinal.kit.PropKit;
 
 @ApiDoc
 public class WebLoginController extends Controller {
+    LoginModel lm = new LoginModel();
+
     /**
      * 跳转到登录页
      */
@@ -46,6 +49,14 @@ public class WebLoginController extends Controller {
                 redirect301(redirect_url + "&" + PropKit.get("sso.sessionid") + "=" + loginMap.get("session_id").toString());
             }
         } else {
+            //检查重定向地址是不是有效
+            if (lm.getSystemByRedirectUrl(redirect_url) == null) {
+                JSONObject resultJson = new JSONObject();
+                resultJson.put("success", false);
+                resultJson.put("msg", "输入的回调地址并不在允许接入的业务系统范围内，请先联系管理员添加到接入系统中再试！");
+                renderJson(resultJson);
+                return;
+            }
             redirect_url = CommonUtil.handleRedirectUrlParas(redirect_url);
             redirect("/html/login.html?redirect_url=" + redirect_url);
         }

src/main/java/com/dsideal/sso/Model/LoginModel.java

@@ -47,4 +47,14 @@ public class LoginModel {
         return record.getStr("global_value");
     }
 
+    /**
+     * 功能：通过重定向地址获取系统信息
+     *
+     * @param redirect_url 重定向地址
+     * @return
+     */
+    public Record getSystemByRedirectUrl(String redirect_url) {
+        String sql = "select * from t_datashare_system where  redirect_url=?";
+        return Db.findFirst(sql, redirect_url);
+    }
 }