diff --git a/src/main/java/com/dsideal/Sso/Controller/WebLoginController.java b/src/main/java/com/dsideal/Sso/Controller/WebLoginController.java
index 61c2e25..08f6ad1 100644
--- a/src/main/java/com/dsideal/Sso/Controller/WebLoginController.java
+++ b/src/main/java/com/dsideal/Sso/Controller/WebLoginController.java
@@ -20,6 +20,7 @@ import java.io.IOException;
 import java.util.Set;
 
 public class WebLoginController extends Controller {
+    BaseModel bm = new BaseModel();
 
     @Before({GET.class})
     public void index() {
@@ -28,28 +29,22 @@ public class WebLoginController extends Controller {
 
     /**
      * http://10.10.21.21:9001/dsssoserver/login?redirect_url=https://www.ccsjy.cn/QingLong/loginPerson/getCaptcha
-       测试账号：stu81
-       测试密码：632342
+     * 测试账号：stu81
+     * 测试密码：632342
+     *
      * @param redirect_url
      */
     @Before({GET.class})
     @EmptyInterface({"redirect_url"})
     public void login(String redirect_url) {
-//        Set<String> _set = RedisKit.SMembers(PropKit.get("SYS_JRXT"));
-//        boolean found = false;
-//        for (String s : _set) {
-//            if (redirect_url.contains(s)) {
-//                found = true;
-//                break;
-//            }
-//        }
-//        if (!found) {
-//            JSONObject resultJson = new JSONObject();
-//            resultJson.put("success", false);
-//            resultJson.put("msg", "回调地址不在指定的IP或域名范围内！");
-//            renderJson(resultJson);
-//            return;
-//        }
+        boolean found = bm.checkUrlExist(redirect_url);
+        if (!found) {
+            JSONObject resultJson = new JSONObject();
+            resultJson.put("success", false);
+            resultJson.put("msg", "回调地址不在指定的IP或域名范围内！");
+            renderJson(resultJson);
+            return;
+        }
         Kv kv = SsoLoginHelper.loginCheck(getRequest());
         if (kv.getBoolean("success")) {
             String ssoSessionId = PropKit.get("sso.sessionid");
@@ -155,7 +150,7 @@ public class WebLoginController extends Controller {
         }
         String passwordEncode = CommonUtil.getLdapPassword(password);
 
-        BaseModel bm = new BaseModel();
+
         Record loginMap = bm.getLoginInfoByUserName(username);
         if (passwordEncode != null && (loginMap == null || !passwordEncode.equals(loginMap.get("pwd").toString()))) {
             //扩展支持连续输入用户名密码错误，停用账号5分钟功能 2022.06.07
diff --git a/src/main/java/com/dsideal/Sso/Model/BaseModel.java b/src/main/java/com/dsideal/Sso/Model/BaseModel.java
index cb2a53f..411b36b 100644
--- a/src/main/java/com/dsideal/Sso/Model/BaseModel.java
+++ b/src/main/java/com/dsideal/Sso/Model/BaseModel.java
@@ -50,4 +50,16 @@ public class BaseModel {
         RedisKit.HSet(redisKey, "person_id", record.getStr("person_id"));
         return record;
     }
+
+    /**
+     * 功能：检查指定的URL是否存在
+     *
+     * @param redirect_url
+     * @return
+     */
+    public boolean checkUrlExist(String redirect_url) {
+        String sql = "select * from t_sso_system where redirect_url=?";
+        List<Record> list = Db.find(sql, redirect_url);
+        return !list.isEmpty();
+    }
 }