1

examcloud-exchange-starter/src/main/java/cn/com/qmth/examcloud/exchange/config/ThirdPartyAccessInterceptor.java

@@ -14,6 +14,7 @@ import cn.com.qmth.examcloud.commons.base.logging.ExamCloudLogFactory;
 import cn.com.qmth.examcloud.commons.base.util.ByteUtil;
 import cn.com.qmth.examcloud.commons.base.util.SHA256;
 import cn.com.qmth.examcloud.commons.base.util.StringUtil;
+import cn.com.qmth.examcloud.commons.web.cloud.api.OuterService;
 import cn.com.qmth.examcloud.commons.web.redis.RedisClient;
 import cn.com.qmth.examcloud.commons.web.support.ServletUtil;
 import cn.com.qmth.examcloud.commons.web.support.StatusResponseEntity;
@@ -52,17 +53,18 @@ public final class ThirdPartyAccessInterceptor implements HandlerInterceptor {
 			Object handler) throws Exception {
 		LOG.debug("preHandle... ...");
 
-		String accessToken = request.getHeader("access_token");
-		if (null == accessToken) {
+		Class<?> ctrClass = (Class<?>) request.getAttribute("$ctrClass");
+		if (!ctrClass.isAssignableFrom(OuterService.class)) {
 			return true;
 		}
 
+		String accessToken = request.getHeader("access_token");
 		String rootOrgId = request.getHeader("rootOrgId");
 		String appId = request.getHeader("appId");
 		String timestamp = request.getHeader("timestamp");
 
-		if (StringUtils.isBlank(rootOrgId) || StringUtils.isBlank(appId)
-				|| StringUtils.isBlank(timestamp)) {
+		if (StringUtils.isBlank(accessToken) || StringUtils.isBlank(rootOrgId)
+				|| StringUtils.isBlank(appId) || StringUtils.isBlank(timestamp)) {
 			response.setStatus(HttpStatus.FORBIDDEN.value());
 			ServletUtil.returnJson(
 					new StatusResponseEntity("403",