UrlAccessDecisionManager.java 25 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412
  1. package com.diagbot.config.security;
  2. import com.diagbot.exception.CommonErrorCode;
  3. import com.diagbot.exception.CommonException;
  4. import com.diagbot.exception.ServiceErrorCode;
  5. import com.diagbot.facade.TokenFacade;
  6. import com.diagbot.util.HttpUtils;
  7. import com.diagbot.util.StringUtil;
  8. import org.springframework.beans.factory.annotation.Autowired;
  9. import org.springframework.security.access.AccessDecisionManager;
  10. import org.springframework.security.access.AccessDeniedException;
  11. import org.springframework.security.access.ConfigAttribute;
  12. import org.springframework.security.authentication.AccountExpiredException;
  13. import org.springframework.security.authentication.InsufficientAuthenticationException;
  14. import org.springframework.security.core.Authentication;
  15. import org.springframework.security.core.GrantedAuthority;
  16. import org.springframework.security.web.FilterInvocation;
  17. import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
  18. import org.springframework.stereotype.Service;
  19. import javax.servlet.http.HttpServletRequest;
  20. import java.util.Collection;
  21. /**
  22. * @Description: 自定义权限拦截
  23. * @author: gaodm
  24. * @time: 2018/8/23 13:46
  25. */
  26. @Service
  27. public class UrlAccessDecisionManager implements AccessDecisionManager {
  28. @Autowired
  29. private TokenFacade tokenFacade;
  30. @Override
  31. public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
  32. HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
  33. String url, method;
  34. String tokenStr = HttpUtils.getHeaders(request).get("Authorization");
  35. if (!request.getMethod().equals("OPTIONS") && StringUtil.isEmpty(tokenStr)) {
  36. tokenStr = HttpUtils.getHeaders(request).get("authorization");
  37. }
  38. //用户是否被顶掉校验
  39. if (StringUtil.isNotEmpty(tokenStr) && !matchNotCheckUrl(request)) {
  40. tokenStr = tokenStr.replaceFirst("Bearer ", "");
  41. int res = tokenFacade.newVerifyToken(tokenStr, 1);
  42. if (-1 == res) {
  43. throw new CommonException(ServiceErrorCode.LONGIN_ERROE);
  44. } else if (-2 == res) {
  45. throw new CommonException(ServiceErrorCode.USER_POWER_UP);
  46. }
  47. }
  48. if (matchPermitAllUrl(request)) {
  49. return;
  50. }
  51. if ("anonymousUser".equals(authentication.getPrincipal())) {
  52. throw new AccessDeniedException("no right");
  53. } else {
  54. if (StringUtil.isNotEmpty(tokenStr)) {
  55. tokenStr = tokenStr.replaceFirst("Bearer ", "");
  56. // Boolean res = tokenFacade.verifyToken(tokenStr, 1);
  57. int res = tokenFacade.newVerifyToken(tokenStr, 1);
  58. if (-1 == res) {
  59. throw new CommonException(ServiceErrorCode.LONGIN_ERROE);
  60. } else if (1 != res) {
  61. throw new AccountExpiredException("token expire");
  62. }
  63. }
  64. for (GrantedAuthority ga : authentication.getAuthorities()) {
  65. String[] authority = ga.getAuthority().split(";");
  66. url = authority[0];
  67. method = authority[1];
  68. if (matchers(url, request)) {
  69. if (method.equals(request.getMethod()) || "ALL".equals(method)) {
  70. return;
  71. }
  72. }
  73. }
  74. }
  75. throw new AccessDeniedException("no right");
  76. }
  77. @Override
  78. public boolean supports(ConfigAttribute attribute) {
  79. return true;
  80. }
  81. @Override
  82. public boolean supports(Class<?> clazz) {
  83. return true;
  84. }
  85. private Boolean matchPermitAllUrl(HttpServletRequest request) {
  86. if (matchers("/swagger/**", request)
  87. || matchers("/v2/**", request)
  88. || matchers("/swagger-ui.html/**", request)
  89. || matchers("/swagger-resources/**", request)
  90. || matchers("/webjars/**", request)
  91. || matchers("/druid/**", request)
  92. || matchers("/actuator/**", request)
  93. || matchers("/hystrix/**", request)
  94. || matchers("/sys/user/getJwt", request)
  95. || matchers("/sys/user/getCaptcha", request)
  96. || matchers("/sys/user/getHospitalMark", request)
  97. || matchers("/sys/user/getJwtNoPass", request)
  98. || matchers("/sys/user/refreshJwt", request)
  99. || matchers("/sys/dictionaryInfo/getDictionary", request)
  100. || matchers("/sys/user/checkToken", request)
  101. || matchers("/oauth/token", request)
  102. || matchers("/oauth/check_token", request)
  103. || matchers("/cache/clear", request)
  104. || matchers("/qc/behospitalInfo/execule", request)
  105. || matchers("/qc/behospitalInfo/analyze_rpc", request)
  106. || matchers("/qc/behospitalInfo/analyze_api", request)
  107. || matchers("/qc/behospitalInfo/analyze_run", request)
  108. || matchers("/qc/module/getById", request)
  109. || matchers("/qc/module/getModuleMap", request)
  110. || matchers("/qc/cases/getQcCases", request)
  111. || matchers("/qc/behospitalInfo/page", request)
  112. || matchers("/qc/casesEntryHospital/getQcCasesEntryAll", request)
  113. || matchers("/qc/casesEntryHospital/getQcCasesAll", request)
  114. || matchers("/qc/behospitalInfo/getByBehospitalCode", request)
  115. || matchers("/bas/dept/getList", request)
  116. || matchers("/bas/dept/getListUser", request)
  117. || matchers("/qc/behospitalInfo/page_dept", request)
  118. || matchers("/qc/behospitalInfo/page_person", request)
  119. || matchers("/qc/behospitalInfo/page_group", request)
  120. || matchers("/qc/casesEntryHospital/findQcCasesEntry", request)
  121. || matchers("/qc/behospitalInfo/exportExcel", request)
  122. || matchers("/qc/dataimport/import", request)
  123. || matchers("/qc/dataimport/test", request)
  124. || matchers("/qc/behospitalInfo/exportExcel", request)
  125. || matchers("/qc/behospitalInfo/exportQcresult", request)
  126. || matchers("/qc/behospitalInfo/exportQcresultByDept", request)
  127. || matchers("/qc/behospitalInfo/exportQcresultByGroup", request)
  128. || matchers("/qc/abnormal/getQcAnnormalMode", request)
  129. || matchers("/qc/dataimport/import", request)
  130. || matchers("/qc/dataimport/dataimportPrepare", request)
  131. || matchers("/qc/dataimport/test", request)
  132. || matchers("/sys/user/pageset/getPageSet", request)
  133. || matchers("/sys/user/pageset/savePageSet", request)
  134. || matchers("/sys/user/pageset/getDefaultPageSet", request)
  135. || matchers("/consoleByDept/getDept", request)
  136. || matchers("/console/entryRejectPercent", request)
  137. || matchers("/console/qcResultLevelPercent", request)
  138. || matchers("/console/averageStatistics", request)
  139. || matchers("/console/entryByDept", request)
  140. || matchers("/console/entryCountGroupByCase", request)
  141. || matchers("/console/entryCountGroupByCasePage", request)
  142. || matchers("/console/entryCountGroupByEntry", request)
  143. || matchers("/console/entryCountGroupByEntryPage", request)
  144. || matchers("/console/entryCountGroupXYByEntryPage", request)
  145. || matchers("/console/entryGroupByEntryInnerPage", request)
  146. || matchers("/console/getAverageDayNum", request)
  147. || matchers("/console/getAverageDayNumPage", request)
  148. || matchers("/console/getAverageFee", request)
  149. || matchers("/console/getAverageFeePage", request)
  150. || matchers("/console/getAverageScore", request)
  151. || matchers("/console/getAverageScoreByDeptClass", request)
  152. || matchers("/console/getAverageScoreByDeptPage", request)
  153. || matchers("/console/getLevelResultDept", request)
  154. || matchers("/console/homePageLevelLimit", request)
  155. || matchers("/console/homePageLevelStatistics", request)
  156. || matchers("/console/homePageLevelStatisticsXY", request)
  157. || matchers("/console/export/homePageLevelXYExport", request)
  158. || matchers("/consoleByDept/homePageLevelStatisticsXYByDept", request)
  159. || matchers("/print/export/homePageLevelXYExportByDept", request)
  160. || matchers("/consoleByDept/entryCountGroupXYByEntryPageDept", request)
  161. || matchers("/print/export/entryCountGroupXYByExportDept", request)
  162. || matchers("/consoleByDept/qcResultShortXYPageByDept", request)
  163. || matchers("/print/export/qcResultShortXYPageExportDept", request)
  164. || matchers("/consoleByDept/badLevelXYPageByDept", request)
  165. || matchers("/print/export/badLevelPageXYExportByDept", request)
  166. || matchers("/console/leaveHosCount", request)
  167. || matchers("/console/levelPercentGroupByDeptPage", request)
  168. || matchers("/console/levelStatistics", request)
  169. || matchers("/console/levelStatisticsByDeptClass", request)
  170. || matchers("/console/mrCount", request)
  171. || matchers("/console/mrStatistics", request)
  172. || matchers("/console/medicalRecordIndicator", request)
  173. || matchers("/console/codingMonthly", request)
  174. || matchers("/console/qcResultShortPage", request)
  175. || matchers("/console/qcResultShortXYPage", request)
  176. || matchers("/console/resultStatistics", request)
  177. || matchers("/console/resultStatisticsByDeptPage", request)
  178. || matchers("/console/homePageMRCount", request)
  179. || matchers("/console/qcCheckStatistics", request)
  180. || matchers("/console/unModifyMRStatistics", request)
  181. || matchers("/console/unModifyMRPage", request)
  182. || matchers("/console/reHos31DaysPage", request)
  183. || matchers("/console/beHosCount", request)
  184. || matchers("/console/casesEntryStatisticsById", request)
  185. || matchers("/console/hmImproveMRPage", request)
  186. || matchers("/console/qcCheckMRPage", request)
  187. || matchers("/consoleByDept/entryCountGroupByCaseAndDept", request)
  188. || matchers("/consoleByDept/entryCountGroupByCaseAndDeptPage", request)
  189. || matchers("/consoleByDept/entryCountGroupByEntryAndDept", request)
  190. || matchers("/consoleByDept/entryCountGroupByEntryAndDeptPage", request)
  191. || matchers("/consoleByDept/entryGroupByEntryAndDeptInnerPage", request)
  192. || matchers("/consoleByDept/homePageLevelByDeptLimit", request)
  193. || matchers("/consoleByDept/homePageLevelStatisticsByDept", request)
  194. || matchers("/consoleByDept/leaveHosCountByDept", request)
  195. || matchers("/consoleByDept/levelStatisticsByDept", request)
  196. || matchers("/consoleByDept/mrCountByDept", request)
  197. || matchers("/consoleByDept/qcResultShortByDeptPage", request)
  198. || matchers("/consoleByDept/resultStatisticsByDeptAndDoctorPage", request)
  199. || matchers("/console/export/homePageLevelExport", request)
  200. || matchers("/console/export/entryGroupByEntryExport", request)
  201. || matchers("/console/export/levelExport", request)
  202. || matchers("/console/entryStatistics", request)
  203. || matchers("/console/export/levelExport_TZ", request)
  204. || matchers("/console/export/getAverageDayNumExport", request)
  205. || matchers("/console/export/getAverageFeeExport", request)
  206. || matchers("/console/export/levelPercentGroupByDeptExport", request)
  207. || matchers("/console/export/entryCountGroupByEntryExport", request)
  208. || matchers("/console/export/entryCountGroupXYByEntryExport", request)
  209. || matchers("/console/export/entryCountGroupByCaseExport", request)
  210. || matchers("/console/export/entryStatisticsExport", request)
  211. || matchers("/console/export/qcResultShortPageExport", request)
  212. || matchers("/console/export/qcResultShortXYPageExport", request)
  213. || matchers("/console/export/leaveHosMrPageExport", request)
  214. || matchers("/console/export/qcCheckStatisticsExport", request)
  215. || matchers("/console/export/unModifyMRPageExport", request)
  216. || matchers("/console/export/unModifyMRStatisticsExport", request)
  217. || matchers("/console/export/reHos31DaysPageExport", request)
  218. || matchers("/console/export/hmImproveMRPageExport", request)
  219. || matchers("/console/export/qcCheckMRPageExport", request)
  220. || matchers("/qc/data/sendDoctorInfos", request)
  221. || matchers("/qc/data/sendDeptInfos", request)
  222. || matchers("/qc/data/sendRecordTypes", request)
  223. || matchers("/qc/data/sendMrRecordIng", request)
  224. || matchers("/qc/data/sendMrContent", request)
  225. || matchers("/qc/data/sendMrRecord", request)
  226. || matchers("/qc/data/sendPatientInfo", request)
  227. || matchers("/qc/data/sendDoctorAdvice", request)
  228. || matchers("/qc/data/sendHomePageIng", request)
  229. || matchers("/qc/data/sendHomePage", request)
  230. || matchers("/qc/data/sendHomeDiagnose", request)
  231. || matchers("/qc/data/sendHomeOperation", request)
  232. || matchers("/qc/data/sendCrisis", request)
  233. || matchers("/qc/data/deleteFlag", request)
  234. || matchers("/qc/data/placeFile", request)
  235. || matchers("/qc/data/sendLisResults", request)
  236. || matchers("/qc/data/sendPacsResults", request)
  237. || matchers("/qc/data/getColumnZhAndCh", request)
  238. || matchers("/qc/data/analyseRec", request)
  239. || matchers("/qc/data/hisDataDeal", request)
  240. || matchers("/qc/data_str/sendAdmissionNote", request)
  241. || matchers("/qc/data_str/sendBloodResult", request)
  242. || matchers("/qc/data_str/sendBloodTransfusion", request)
  243. || matchers("/qc/data_str/sendConsultationApply", request)
  244. || matchers("/qc/data_str/sendConsultationNote", request)
  245. || matchers("/qc/data_str/sendConsultationRecord", request)
  246. || matchers("/qc/data_str/sendConsultationResult", request)
  247. || matchers("/qc/data_str/sendCrisisNote", request)
  248. || matchers("/qc/data_str/sendDeathDiscussion", request)
  249. || matchers("/qc/data_str/sendDeathNote", request)
  250. || matchers("/qc/data_str/sendDifficultCase", request)
  251. || matchers("/qc/data_str/sendFirstRecord", request)
  252. || matchers("/qc/data_str/sendIllCritically", request)
  253. || matchers("/qc/data_str/sendIllSeriousl", request)
  254. || matchers("/qc/data_str/sendLeaveHospital", request)
  255. || matchers("/qc/data_str/sendOperativeFirstRecord", request)
  256. || matchers("/qc/data_str/sendOperativeNote", request)
  257. || matchers("/qc/data_str/sendWardRecord", request)
  258. || matchers("/qc/data_str/sendTransferOutNote", request)
  259. || matchers("/qc/data_str/sendTransferInNote", request)
  260. || matchers("/qc/data_str/sendRescueNote", request)
  261. || matchers("/qc/data_str/sendPeriodConclusion", request)
  262. || matchers("/qc/data_str/sendPreoperativeDiscussion", request)
  263. || matchers("/qc/data_str/sendTalkInform", request)
  264. || matchers("/qc/data_str/sendInformedConsent", request)
  265. || matchers("/qc/data_str/sendContent", request)
  266. || matchers("/qc/doctoradvice/getPage", request)
  267. || matchers("/qc/medPacsInfo/getCheckPage", request)
  268. || matchers("/qc/medLisInfo/getExaminePage", request)
  269. || matchers("/qc/behospitalInfo/analyzeCds", request)
  270. || matchers("/qc/medLisInfo/getExamineSonPage", request)
  271. || matchers("/console/medicalCheckForm", request)
  272. || matchers("/console/medicalCheckTitle", request)
  273. || matchers("/console/export/medicalCheckExport", request)
  274. || matchers("/console/export/medicalCheckInnerExport", request)
  275. || matchers("/console/badLevelPage", request)
  276. || matchers("/console/badLevelXYPage", request)
  277. || matchers("/console/export/badLevelPagePageExport", request)
  278. || matchers("/console/export/badLevelPageXYExport", request)
  279. || matchers("/qc/medNurse/getMedNursePage", request)
  280. || matchers("/qc/medRecordOther/getMedRecordOtherPage", request)
  281. || matchers("/qc/medRecordOther/getMedRecordContentOther", request)
  282. || matchers("/qc/behospitalInfo/exportQcresultByPerson", request)
  283. || matchers("/consoleByDept/beHosCountByDept", request)
  284. || matchers("/consoleByDept/casesEntryStatisticsByDept", request)
  285. || matchers("/bas/doctor/getList", request)
  286. || matchers("/consoleByDept/homePageOrGoodLevelByDept", request)
  287. || matchers("/print/export/homePageLevelExportByDept", request)
  288. || matchers("/print/export/homePageOrLevelExportByDept", request)
  289. || matchers("/print/export/entryGroupExportByDeptPage", request)
  290. || matchers("/print/export/entryGroupExportByDeptCase", request)
  291. || matchers("/print/export/entryGroupExportByDeptEntry", request)
  292. || matchers("/print/export/qcResultShortExportByDeptPage", request)
  293. || matchers("/print/export/levelExportByDept", request)
  294. || matchers("/consoleByDept/entryStatisticsByDept", request)
  295. || matchers("/print/export/entryStatisticsExportByDept", request)
  296. || matchers("/consoleByDept/leaveHosMRPageByDept", request)
  297. || matchers("/print/export/leaveHosMrPageExportByDept", request)
  298. || matchers("/consoleByDept/qcCheckStatisticsByDept", request)
  299. || matchers("/print/export/qcCheckStaExportByDept", request)
  300. || matchers("/consoleByDept/qcCheckMRPageByDept", request)
  301. || matchers("/print/export/qcCheckMRPageExportByDept", request)
  302. || matchers("/consoleByDept/hmImproveMRPageByDept", request)
  303. || matchers("/print/export/improveMRExportByDept", request)
  304. || matchers("/consoleByDept/reHos31DaysPageByDept", request)
  305. || matchers("/print/export/reHos31DaysPageExportByDept", request)
  306. || matchers("/consoleByDept/unModifyMRSByDept", request)
  307. || matchers("/print/export/unModifyMRSExportByDept", request)
  308. || matchers("/consoleByDept/unModifyMRPageByDept", request)
  309. || matchers("/print/export/unModifyMRPageExportByDept", request)
  310. || matchers("/consoleByDept/medicalCheckFormKs", request)
  311. || matchers("/print/export/medicalCheckExportByDept", request)
  312. || matchers("/consoleByDept/medicalCheckTitleKs", request)
  313. || matchers("/console/qualityControl", request)
  314. || matchers("/console/export/qualityControlExport", request)
  315. || matchers("/consoleByDept/qualityControlByDept", request)
  316. || matchers("/print/export/qualityControlExportByDept", request)
  317. || matchers("/qc/behospitalInfo/getMedQualityCoList", request)
  318. || matchers("/console/saveMedicaIndicator", request)
  319. || matchers("/qc/medCheckInfo/createMedBeHospitalInfoType", request)
  320. || matchers("/qc/medCheckInfo/addMedCheckInfo", request)
  321. || matchers("/qc/dataEdit/getDataEdit", request)
  322. || matchers("/qc/dataEdit/saveDataEdit", request)
  323. || matchers("/qc/analysis/addMedClickInfo", request)
  324. || matchers("/qc/analysis/getQcClickDeptList", request)
  325. || matchers("/qc/analysis/getQcClick", request)
  326. || matchers("/qc/analysis/getQcClickByExport", request)
  327. || matchers("/qc/analysis/getQcClickInnerPage", request)
  328. || matchers("/qc/analysis/getQcClickInnerPageByExport", request)
  329. || matchers("/qc/analysis/getEntryDefectImprove", request)
  330. || matchers("/qc/analysis/getEntryDefectImproveByExport", request)
  331. || matchers("/qc/analysis/getEntryDefectImproveInner", request)
  332. || matchers("/qc/analysis/getDefectImproveInnerByExport", request)
  333. || matchers("/qc/analysisDept/getEntryDefectImproveDept", request)
  334. || matchers("/qc/analysisDept/getEntryDefectImproveByDeptExport", request)
  335. || matchers("/qc/analysisDept/getEntryDefectImproveInnerDept", request)
  336. || matchers("/qc/analysisDept/getDefectImproveInnerByDeptExport", request)
  337. || matchers("/qc/behospitalInfo/historyAnalyze", request)
  338. || matchers("/qc/behospitalInfo/operationLog", request)
  339. || matchers("/qc/appealExamineInfo/getComplaintRecord", request)
  340. || matchers("/qc/appealExamineInfo/getAppealReview", request)
  341. || matchers("/qc/appealExamineInfo/approved", request)
  342. || matchers("/qc/appealExamineInfo/rejected", request)
  343. || matchers("/qc/appealExamineInfo/getApprovedView", request)
  344. || matchers("/qc/appealExamineInfo/getAppealReviewDictionary", request)
  345. || matchers("/qc/appealExamineInfo/getAuditNumber", request)
  346. || matchers("/qc/appealExamineInfo/getAppealReviewExport", request)
  347. || matchers("/qc/appealExamineInfo/getComplaintRecordExport", request)
  348. || matchers("/qc/appealExamineInfo/getComplaintDetailMsg", request)
  349. || matchers("/qc/appealInfo/addAppealInfo", request)
  350. || matchers("/qc/appealInfo/addAppealInfoApi", request)
  351. || matchers("/qc/appealInfo/getReviewer", request)
  352. || matchers("/qc/appealInfo/getReviewerApi", request)
  353. || matchers("/qc/behospitalInfo/addCase", request)
  354. || matchers("/qc/behospitalInfo/delCase", request)
  355. || matchers("/qc/behospitalInfo/logicDelCase", request)
  356. || matchers("/qc/behospitalInfo/updCase", request)
  357. || matchers("/qc/appealInfo/getAppealOperationType", request)
  358. || matchers("/qc/appealInfo/cancelAppealInfo", request)
  359. || matchers("/qc/appealInfo/cancelAppealInfoApi", request)
  360. || matchers("/qc/appealInfo/getAppealInfo", request)
  361. || matchers("/qc/appealInfo/getAppealDept", request)
  362. || matchers("/qc/appealInfo/getAppealMode", request)
  363. || matchers("/qc/appealInfo/getUserRole", request)
  364. || matchers("/qc/mode/getModes", request)
  365. || matchers("/", request)) {
  366. return true;
  367. }
  368. return false;
  369. }
  370. private boolean matchers(String url, HttpServletRequest request) {
  371. AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
  372. if (matcher.matches(request)) {
  373. return true;
  374. }
  375. return false;
  376. }
  377. private boolean matchNotCheckUrl(HttpServletRequest request) {
  378. if (matchers("/swagger/**", request)
  379. || matchers("/v2/**", request)
  380. || matchers("/swagger-ui.html/**", request)
  381. || matchers("/swagger-resources/**", request)
  382. || matchers("/webjars/**", request)
  383. || matchers("/druid/**", request)
  384. || matchers("/actuator/**", request)
  385. || matchers("/hystrix/**", request)
  386. || matchers("/sys/user/getJwt", request)
  387. || matchers("/sys/user/logout", request)
  388. || matchers("/sys/user/getCaptcha", request)
  389. || matchers("/sys/user/getHospitalMark", request)
  390. || matchers("/sys/user/getJwtNoPass", request)
  391. || matchers("/sys/user/refreshJwt", request)
  392. || matchers("/sys/dictionaryInfo/getDictionary", request)
  393. || matchers("/sys/user/checkToken", request)
  394. || matchers("/oauth/token", request)
  395. || matchers("/oauth/check_token", request)
  396. || matchers("/cache/clear", request)) {
  397. return true;
  398. }
  399. return false;
  400. }
  401. }