Penetration_Testing_POC/books/CVE-2024-41667 OpenAM FreeMarker 模板注入分析.html

<!DOCTYPE html> <html><!--
 Page saved with SingleFile 
 url: https://forum.butian.net/article/580 
--><meta charset=utf-8>
<meta http-equiv=X-UA-Compatible content="IE=edge">
<meta name=viewport content="width=device-width, initial-scale=1">
<meta name=csrf-token content=KBlqCi9iR3cp99NzzsAGOmmMqvT6dwaZVPrSYLox>
<title>CVE-2024-41667 OpenAM FreeMarker 模板注入分析</title>
<meta name=keywords content=奇安信,天眼,补天,漏洞,情报,攻防,安全>
<meta name=description content="奇安信攻防社区-CVE-2024-41667  OpenAM FreeMarker 模板注入分析">
<meta name=author content="QIANXIN Team">
<meta name=copyright content="2021 QIANXIN.com">
<style>@media (max-width:767px){}</style>
<style>/*!
 * Bootstrap v3.4.1 (https://getbootstrap.com/)
 * Copyright 2011-2019 Twitter, Inc.
 * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
 *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}footer,nav{display:block}template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}img{border:0}button,input,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button{text-transform:none}button{-webkit-appearance:button}textarea{overflow:auto}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,:after,:before{color:#000!important;text-shadow:none!important;background:0 0!important;-webkit-box-shadow:none!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" ("attr(href)")"}a[href^="#"]:after,a[href^="javascript:"]:after{content:""}pre{border:1px solid #999;page-break-inside:avoid}img{page-break-inside:avoid}img{max-width:100%!important}h2,h3,p{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}}@font-face{font-family:"Glyphicons Halflings";src:/* original URL: https://forum.butian.net/static/css/bootstrap/fonts/glyphicons-halflings-regular.woff2 */url(data:font/woff2;base64,d09GMgABAAAAAEZsAA8AAAAAsVwAAEYJAAECTQAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACMcggEEQgKgqkkgeVlATYCJAOGdAuEMAAEIAWHIgeVUT93ZWJmBhtljDXsmI+A80Cgwj/+vggK2vaIIBusdPb/n5SghozBk8fY3CwzKw8ycQ3LRhauWU8b7AQmPrHpsWLSbaQ1gVqO5kgksapZihmcvXvsSAlqZIYL1YkM/LIl97nZp395IqcEA/f21yuNQLmMXb2rZZ/7e/rS+3aQoE5jiykOu275k8k/fj/okKRo8gD/nl/nJmkfxsrIHdGdBcGkiz+6PvzlXksg+3a0LRtj240x7fSAEokyS6Dhebf1LCdu5KvgAAco8DNFd2ngQgUXgqAmqf8L6c5UtGxo2DBNGtLY2tKGZOVZ2HLx77Kss250ad5d3Xl1cpW0vK77me4TVlhzag6hop7lZ01uGarTmUiBV5Wpw9QIIHIy9D5pVGBWN7jNUiixqMnPGuD/K6BvNvMnY8XIQrCP5gbrNOe31s653X+Hg4vjv5quVAldYVtRZDwzd3E4LI6F7nJUSRahOOESHI4wPkW4P/kqRajnl6aVI8/6NyeN7N39hlMJDAtvY/vKt+1fizcmIyrRKym9s6DQKzRhAbBBNrZjjOd5sdmjhmYoYhlG6ebk/+m0JDt7IFlBwzF2UC10R/j/jOHAsRXNIvuwldsBQ8JmLSBXgveuAprUmc51S9awSwjjI63tDuSs1ipLhjzb/AQgKNHf69T31/9a/mDZqwzltVuXJepZBVSKrHslr8mKJIitEKBze2/v7RmcF/KIgxjVu+92dCJw4Jw0YMjq36mKz6R9bwxg47PdFPonbhRl3D4K5EceNXMAevNfTvMKklBL06Z2bVXeC8m+e3q93PLu8/+fGfh/+IyHIjNgbA2SHAOWVyPUkL1eGEArjSwHY7nJa2+pjUFPG3AVbnW1p9R685Z6Sin13M6lHveY2zHHfeHh/0893n+ttoB4vlLGxGDBSolgp3GDFaWCVXMvvyv4a9J2xzF4bBrd3+dqEmwFlkVs7FxuRIzIw8a2r1aGseb/0Gpnm3taZOWJCHo3jwsUNf/fIQR4bcI1b8JbBxy9v3Xv+ya3rzHagkgQQmtB4uwIcXLqzlKQxA2jt7AWjyhcZ2j0EBTIN4ns0op5jz2GSLVa81VQaOnQJDgQUmfTBcQYgHrCZ82tyU46i+AAMXWsJNyFr6Shnj5S/V3l+hSXDqasIp/0Zje8lwv1S69efyeYquu9M5MrRS+8xF6JWVU1XahOQhcu3sqLpdI438Urzs2POI/5LHyJe018jEGKEeV1YXzQYYiSf+yO1d7LhdWdJQAKf2xLR6JQ7SwXTnUU5tzUa/5j7zhtWEDa02T/F8yYP3/x/NrzoudZ0ybP/nvq9pT4s8fPDj/bUNworhRHil22v8/G5K/kT+SP5Lfk1+SX5AZyLbmSXExGyQg5lywmp5N55DhyrPu0+zP3H9yfuD9wv+8+6n7b/br7FXPo5P8Fi54S0BCi00THCKR68zH6oT8SXFU1FnE9rdl00XrUkg6GJlqQbmqiJeltTbQifbyJ1nRr3kQbundooi09/22iHb1CE+3p9Tc28fSugyY60rvJcXQiC9YxOpMVrOvQlaypdTv0IktfoS9KZNZjMJZssvUcMB2yxSdeAxZCtvk4VkO21XpnsAayvawPBlsgO8r6ZOwK2VnWF2J/yIN1HQ6HvKl1O5xAnip9AQZ5iXwMLqmsJ0M+E1xnPRvyOeBW68WQrwG3W2+GfGfwoPVekB8MnrY+ivxkvAo5rc/H++QX7tjF+JQKKkV8QaUOj+MbKk2tW+NbKm1P3A7fUel6HD9Q6W7dGz9SKVmPwW9UJlvPAVUqi5U1EMBT2QxNQgv+7AShpfBbsxMKrYTfb1lEaK0Y1Xvs0Sx9MTxmjSYCNmikGIYnj4F/B8qlVSNWqAjeEa28H6GlRftEfyJUwaXeqdAGokFEOYP/ZUK5OqkHBhXEJQ8CT5zBINLQBBPxgofYRhJ1im4gFjc/JVIDRzQihLhmqWfHwUbquoEgDmE9gpEts9VRl+G9eStCvSzE+NAyw8sT1oU1opWH8JmEjHhuoQUVzqoEZiohobPm62zifEdYUfgg3oNVcJTkCsVFdSDCQJ4Bj6blLfCABB9Eby42WVr2gi0mYT5mEj+bAKuTTo9OnKIJXdRPL147XNoOwkrKDc9CBsdFc0pyGQSqkBkBoMSa9cYPFCfyhWcSL+Pj0UIXJZ+hHm8gH0P16rpulTeL3DoFfPV5g0t0sib3JKfYc698ufV3UIj5xFxpXb4kWhJAKwHNDLa21YA5MHhdu3K4rSW+yNUr9gdSVaxFbYcrFtywqqM7d6B1rMA5L0m8BdQ3yDfVprlR/mx1XKZ50A5XixBOKes4idywdlnuKnW0bQKUobG/6eKp4gS6bSgJZgbKRb3y/0c4sgyiaiNJrL1SjswX+XoMI3G437ffAQYJhClZoNckiwvh0JuGY18lv20teyEwLWALO+HlhazxFGh5VvXkwV1IdiEJzx90HGG9XEvvxRAeBqVbzDF7GgMi52ogNkDsljNUMCWlE78P6c6YIsfUmcZaSYZH5AabU5P3jYIusxHEzqNwB4HG06xTxjFl6fvZk8TYm535DFnBHv92uzgaCGSxXLFCoRdsoVP7/lIpBtIT04bn+a+WroALewJJitOG9NIlnZSvPvsw0I7aprNc8CeUY2e9MiU0oFGORKEKMM2SM0KyIslNjtWOJoDbimhJFcfC2qfSUmcQt01FpKGpobaaDUm9zigHqd7VNVWWRF0MffIdmQdi7Tgkl4fsOKg+8+FYIAGyB2
<style>/*!
 *  Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome
 *  License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
 */@font-face{font-family:"FontAwesome";src:/* original URL: https://forum.butian.net/static/css/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 */url(data:font/woff2;base64,d09GMgABAAAAAS1oAA0AAAAChpgAAS0OAAQBywAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACFchEIComZKIe2WAE2AiQDlXALlhAABCAFiQYHtHVbUglyR2H3kYQqug2BJ+096zq1GibTzT1ytyoKAhnlGvH2XQR0B9xFqm6jsv/////kpDFG2w7cQODV9Pt8rYoUCGaTbZJgmyTYkaFAZFtCUREkKFtVPCsorbhAUNA1HuRggbAO2j72UBAaO+EokdExs/1s2/5o1Kiiwimf3Fl5lPJKaenrF62Fznwl24G3XqwUR4KiM7gSbp6V6LraldwKxM2QRIqecFxZciCUTN9Q9A6NG4N0pSnLEZjvE6c2UsJeIlMLTH7xWVLXQ1hSFQmKNIGO5kb6eVxbv+g3bqHirnwdc+C7jHEeo027jiVLyf8XLtu6DiwL+oT3+EzQdP8n9hCQyU0dLBEVY/eIK2L6xNeH50/9c/le2CSFhtd6Lgf1bcWgDPxoJmdi3vDhdu2H8wEOySeKDzajOrC7w/Nz622jYowx2KhtMCLHghqwvypWjKiNHqNjoyQsMEFUUFS0MRID+/SsPAvtO+3z0mAQ5rYn8UgOP/Fzzqk6kQ9ORJ+o/KkQSRGkJIwEVBSLW4GCYjSKEc38f+rs7yyvzrzX772jYmw2kboLSUzpaX3bjCbgNOOUbSwnyxbL8yO916Wzf1J3AaJidcC2LEuWC8YGm+J2iwPbCG1fLcDA5lxIi537jkhI/qrzk+oHxsI/mJbTbfMLOVCIrdgpOedKqIYkxr2InOex9Dj46Mfazs5+uTvEchWNbr89JBEatR+UTmRkbhshJ66m8OM7s/SsOJm8J9lOpu0eIX8tGAZKGcq20y7g2PqR7livPQwsEgQOkJseImA6GKL/Gw8JCSB7je+e3OC8EstLISefAKEtRkiUnAmJIyR+m1pfhLmdEBK1A041VlU4RsivHKKOJRRQ1Pvdq9rb+wYIDIZDcAgCJARRGaK0u9oQnXKs7KLKvZvuumu7a9obpzPZtxPROlIRJR4QtoEye/SH3qn1kh1oJbspOMkR9gD48QEPGApJTEuQNnb0I+37s+7+Biw70KY2h6BOmjLOaHa3Dw4I/u9/zf7rDE9Pkad0IxaFBuJ4VInvqkJmAp2ehHFeFiOcrp+WP3v+NWKKSeLgJS1XWpDruWKkQaMTDF7kMc3ZbjUZ+a7pitemTlGdWSf65t3NEpYE/JFTBNwYH6YhdCIgBmBiM+n3JZMH9O8zNbsCFNFmdjurndXObM6s7jmcOmpnZj9ncpv1cP94nyCAD3wS/CAkCCBlEpQcEpRaFCjFFCR3KFpyU5DodiubWtkcz9Zx9k2i7B6b7s3q3ZltPyZzW/bldJlTklNqjqc5nK/j9z+tfNrqDfHwxT5HDswGLBBiRNW3Xqn0ql6px90bOmyKM469TkGaYKs1C5wyNrMBTPlwU/IJQd+nL1XrCsLWmLS8s7QnOVy0p9WGdLiFEK8h3/b2+rca/RuBbAAGhSBQTVK0mpA5boAKzWAVEhMoyhBA0iBIeSlN0mRNyg2QHDXp1KQTSCfSkZoc8m1TPPro23Ema7wpXM97O+4xxcNt+QebONt74YvVWIQx3S0zx5qQkSmCQiiEkSz7JfWTELC2to0ExAsFBd3923efb36+mHTt8EhXOGyQ1FoRCXKk47//PWWzGuzfMSvmBwUvyY4xVz/WsHLuEg44OVBMxtIBPnVvOSDFGDEgdMOYq8N1Y6edke7EQLP5XUsUEFLvf2JO/7uSdvuTtNQaqqgouCKKg3nrvbt7HAxjrv+P5vNzY3qmGSaucDWn5QShLGqzbiCia07EIYMug25e9/hVdR8AQHz8GD92tT73B7kdudwckXIYVWHcSFIgCxqPEPq51/jVkQCT80kNRInfy4tRv71+cOkKgNyNOzu4bvn5jUwYFyShdPkJOgloRkNZoe3eVE+gRk4dTn59F/ExImCzqPyf2GHPB8sozT9IIBGXlocfxFyWzeV1yjATTNS19fEnte26vb7NlFBibm1Pv5jrtt39jb8CGEpsiz8CAQie5XOr5wWIMCwOOIx4yULy+va+QhnH5ZFGiRAUn1/fG1JpWh34/7fUfmUjFWqwEbF3/WhPYyomRjYMrFlxwZIFe4l9P8nzPvd1Hvu2LvM0Ds5oJQVnlGAEpybX5yC4yxIpqaxSNRjlSIx9saf/y6Swa9yp2xyQJ0qZ3k+/AEmI2xO2nV/vs38FkXFPYifWSMefAEJZRU2jAxw2yHaEgTWqEE5KDeUVAU+ITgcaRgtOeCgxkjoBXLrfq0Pga45joGI4BVH0CRNk4RhbTBQoZWwcKzJ1Le7QYdaYZKKONTuiTiTU9iKiSKqPEKtTRrpv6zJpqCKK2VyzaAQ3SYz2oDxTQ08CrRm4lsiQSKAe4kV3IQEuH9fp/SFCUxJDqmcexJ2JY+MOueRzKtWnc4koNW2UPXHGyoplovvxWZELJOtcPhBmTjiAcZeMeOojdgqlNnVt7wngGZ2wYNtOTS1KAFz0EEa3x3LpRAKAHrVa0zCTByMn6qWIbuwR0kdqTILahlgUG8qMokGqnfFnWXOZKrJZytwHx17ZtZg7ItgdJGhifz25FhnPmxOYMN52SDyXVnZ/gWObXwBcWYoD7KPodztkQhYCg4sDToOEMxshJM7n57Tn4t5JfFCYIH4TJhPkA2TFLsgDG9Sw6QItYQfz+mEZCSsrwhOSOboubVL46TTjY3mvnrkji1XVwkZX7gh1vQ3cCRdpL/Ccr5RmfoA03fBsg+sOWFP0OcOEG/cxRZ3wvTNAkP3aaxOI3BVAFycjo7y2Y6y92W7qqSC68RXvU187rCX77kmK0MEru/gu80wa2EMCeLHr7h4evvrqhrF3CdrNVtuCgIG6qOGkwMP5RXhmfkhgvekwH7whZJToQFF7T2gxiRcXsUjBtkbDq9V6cxqNN/Pdibazxpx0D3J2zOip0mudu4ZoZVMzt9uHdpk5hHF8q0+C75dLKZVVXPKWQdIlo7m7AsRvHntsPIbbS7j/up3NjqKkjmmzj/FI60eASYV6nT02mldXbzDr2Qt8Fd4lQfcaamREKSENgKlwd67I7l+Cs+s7uPGm22OXRCPp/8uBTZDA3k56nPIFtwRwsF6PQ0R43sJ4aimENU/IOfsNoWDR0kVEWO548Y0g3ZJHVcjA7cuvDsSZqgSp79baiZwuJQ23v7bOiLF+DOPx+j3/CBoWQxNvpikNRoQ388rnJFqk/Si3Z8Hrb0Ktpw3bxpzAQN7lJvLD2mXuewbq4uWOo6AIbKCwZopfxlJ4mU5bp10MrpsHOGAtM5lztKbBknt/UGoB3hm4V3VjOe+FuK6phBtbPh3qLZ8uRKLcjln6H/ebFQ+AHmSHDM/C2AeisisYXnuTrrlD7veJsW3gxNnwLKaxQE48spAd2tnQ+PKJrx9/Di6NlFbx5k3w2hFT7CvTXESeK6LaUqJ80Ta1C+IncVxU4N0CppXzHB45h0SEBlg8fyTtcImA3gciu+mFppL8JJvStwveLPlwH7tz+aVU084a3f6vYrv/1E5rSZEeX+ahYNXmCkboiB/qV5OfVv+UJdnRdwitfqmkxETUkNnCy90q87N4afIeuHlbclqqhwCZW1MltEeb3BhzYEY844WjhbOsIKLBVosr/vMhK62W9/WKuNiNizl5n2vFwWZikTgy3gZz3n1sO1spZSTE+IlUnYaWa62DkuApmnaPtqk5rAGE4xune9N1E/J1j3SPyN6zQEXj9D58Q/baPFw0JQiXUnbhDKW26eXE6Kra9EDXukPMOFyR+H4pFCNrfL65LmHrb6q62gO6MDBHlHEwHRQl8fzwE6GZaHCLqboNTP+c3iKMKz6O7Oa1JaoLXk3L
<style>@media (min-width:1200px){.navbar-form{width:235px}}@media (min-width:768px){.navbar-form .form-control{width:100%}}@media (max-width:767px){.global-nav{width:100%;text-align:center;z-index:1000}}@media (max-width:767px){}.global-nav .nav{height:44px;padding:0}.navbar-form .btn{position:absolute;top:8px;right:30px;color:#999;-moz-box-shadow:none;-webkit-box-shadow:none;box-shadow:none}.navbar-form .btn:hover,.navbar-form .btn:focus{color:#777}pre{white-space:pre-wrap}@media (min-width:768px){}@media (min-width:992px){}@media (min-width:1200px){}html{font-size:10px;-webkit-tap-highlight-color:transparent}body{font-family:-apple-system,"Helvetica Neue",Helvetica,Arial,"PingFang SC","Hiragino Sans GB","WenQuanYi Micro Hei","Microsoft Yahei",sans-serif;font-size:14px;line-height:1.5;color:#333;background-color:#f6f6f6;word-break:break-word}button,input,textarea{font-family:inherit;font-size:inherit;line-height:inherit}ul{padding:0}.wrap{padding-bottom:30px;position:relative}.main{background-color:#fff;border-radius:4px}.mb-20{margin-bottom:20px}.mb-50{margin-bottom:50px}.mt-10{margin-top:10px}.mt-15{margin-top:15px}.mt-30{margin-top:30px}.mt-60{margin-top:60px}.ml-10{margin-left:10px}.mr-5{margin-right:5px}.span-line{margin-left:8px;margin-right:8px;color:#999}.logo{float:left;margin:0;display:inline-block;width:150px}.logo a{display:block;height:50px;width:145px;background-image:/* original URL: https://forum.butian.net/css/default/logo.svg */url(data:image/svg+xml;base64,PHN2ZyBpZD0i5Zu+5bGCXzEiIGRhdGEtbmFtZT0i5Zu+5bGCIDEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDQyNi4xMyAxMTEuNDIiPjxkZWZzPjxzdHlsZT4uY2xzLTF7ZmlsbDojZmZmO308L3N0eWxlPjwvZGVmcz48dGl0bGU+5aWH5a6J5L+h5pS76Ziy56S+5Yy6X2xvZ288L3RpdGxlPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTExMiw1Ny4zM3YtNGgzNy43OHY0aC00LjM5VjcxLjE4cS4wOCw1LjUzLTUuMTksNS40NGgtNC44OXYtNGgyLjM0YzEuMiwwLDEuNzgtLjYyLDEuNzUtMS45M1Y1Ny4zM1ptMS44LTExLjkydi00aDEzLjg1VjM4LjkzaDYuNDh2Mi41MWgxMy45M3Y0SDEzNi4zNXEzLDIuNTEsMTAuOTIsNC4zMXYzLjQ3UTEzNiw1MS42NSwxMzAuODcsNDcuNXEtNS4xLDQuMTQtMTYuMzYsNS42OVY0OS43MmM1LjI1LTEuMiw4Ljg4LTIuNjQsMTAuOTItNC4zMVptMi4wOSwyNy4yOFY1OS43NmgxOS4zN3Y3LjM2Yy4xMSwzLjgzLTEuNjcsNS42OC01LjM1LDUuNTdabTUuNDgtNGg2LjQ1YzEuMzkuMDksMi4wNS0uNjEsMi0yLjA5VjYzLjc4aC04LjQxWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE1My42Nyw1OC43MlY1NC41M2g0LjY5VjUwLjMxaDYuNTJ2NC4yMmgxNS42OVY1MC4zMWg2LjUzdjQuMjJoNC44MXY0LjE5aC01LjA2YTE1LjM2LDE1LjM2LDAsMCwxLTcuNTcsMTEuODgsOTIuNiw5Mi42LDAsMCwwLDEyLjIxLDIuMzR2NHEtMTIuMTMtMS4yNS0xOC43OC0zLjQ3LTYuNTcsMi4yMi0xOC43LDMuNDd2LTRhMTA0LDEwNCwwLDAsMCwxMi4xNy0yLjM0LDE1LjA2LDE1LjA2LDAsMCwxLTcuNTctMTEuODhabTM2LjYxLTE2Ljg2djcuMzZoLTYuMTVWNDZIMTYxLjM3djMuMjJoLTYuMTVWNDEuODZoMTMuODlWMzkuMDloNy4ydjIuNzdaTTE3Mi43NSw2OC4yMXE2LjY5LTMuMTgsNy42MS05LjQ5SDE2NS4wOVExNjUuOTMsNjUsMTcyLjc1LDY4LjIxWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE5OSw3N1Y1Mi43M2EyNywyNywwLDAsMS0zLjQ3LDEuNDNWNTAuMzVhMTcuMiwxNy4yLDAsMCwwLDUuOS0xMWg1LjlhMzIuODYsMzIuODYsMCwwLDEtMi42OCw3LjdWNzdabTcuNzQtMzF2LTRoMTBWMzkuM2g2Ljd2Mi43NmgxMC4xMnY0Wm0xLjM0LDMwLjVWNjIuMjNIMjMxLjd2Ny43cS4xNyw2LjgxLTYuMTUsNi42MVptLjEzLTI0di0zLjhoMjMuNDJ2My44Wm0wLDYuN1Y1NS40MWgyMy40MnYzLjgxWm0xNy44NiwxMC42MlY2Ni4ySDIxMy43MXY2LjMyaDEwLjEyQzIyNS4zOSw3Mi42MywyMjYuMTMsNzEuNzQsMjI2LjA1LDY5Ljg0WiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTIzNy43Niw0Ni40NnYtNGgxNC40OHY0SDI0OFY2NS4yNGMxLjQyLS4zLDMtLjcxLDQuNzMtMS4yMXY0LjE0YTU1LjQxLDU1LjQxLDAsMCwxLTE1LjE0LDMuNzdWNjYuNzljMS4yNS0uMDgsMi43OC0uMjQsNC42LS40NlY0Ni40NlptMTMuNDMsOC4wN1Y1MC44MXE0LjY5LTQsNS40NC0xMS41NWg2LjExYTMyLjMxLDMyLjMxLDAsMCwxLTEuMDUsNC40NGgxMy43N3Y0aC0zcS0uODQsMTEuODUtNS44NiwxOC4yYTQzLjI2LDQzLjI2LDAsMCwwLDguNDksNi44MnY0LjQ0YTQ5LjQxLDQ5LjQxLDAsMCwxLTEyLTcuNTMsNTIuMTMsNTIuMTMsMCwwLDEtMTIuNjQsNy41N1Y3Mi44MUE0MC4wNyw0MC4wNywwLDAsMCwyNTkuNzMsNjZhMzQuMzgsMzQuMzgsMCwwLDEtNS42MS0xMi44QTIxLjc4LDIxLjc4LDAsMCwxLDI1MS4xOSw1NC41M1ptOC4yNS0zLjcyYTM2LjQsMzYuNCwwLDAsMCwzLjc2LDEwLjVxMi43MS00Ljg5LDMuNDMtMTMuNTZIMjU5LjlhMTUuMSwxNS4xLDAsMCwxLTIuNDcsMy4wNloiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0yODAuNTYsNzYuOTFWNDAuNjRoMTMuNzN2NGEyNS44NiwyNS44NiwwLDAsMS0yLjY0LDEwLDExLjMyLDExLjMyLDAsMCwxLDMsNy40cS4xNyw4LjUzLTcuOT
<style>a{text-decoration:none}a:focus,a:hover{color:#004e31;text-decoration:underline}.navbar-inverse{background-color:#2a8c70;border-color:#2b7a5c}.navbar-inverse .navbar-nav>li>a{color:#fff;padding-left:6px;padding-right:6px}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#008151}@media (max-width:767px){}@media (max-width:767px){}.tag{display:inline-block;padding:0 8px;color:#017e66;background-color:#E7F2ED;height:24px;line-height:24px;font-weight:400;font-size:13px;text-align:center}.tag[href]:focus,.tag[href]:hover{background-color:#017e66;color:#fff;text-decoration:none}.btn-primary{border-color:#008151;background-color:#009a61;color:#fff}.btn-primary.active,.btn-primary:active,.btn-primary:focus,.btn-primary:hover,.open>.btn-primary.dropdown-toggle{border-color:#00432a;background-color:#006741;color:#fff}.btn-primary.active,.btn-primary:active,.open>.btn-primary.dropdown-toggle{background-image:none}.btn-success{border-color:#4cae4c;background-color:#5cb85c;color:#fff}</style>
<style>@font-face{font-family:qax-design-icons;src:/* original URL: https://forum.butian.net/static/js/qaxd/fonts/qax-design-icons.woff */url(data:font/woff;base64,d09GRgABAAAAAG4oAAsAAAAA2pQAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABHU1VCAAABCAAAADMAAABCsP6z7U9TLzIAAAE8AAAARAAAAFY9Fkm8Y21hcAAAAYAAAAdUAAARKjgK0qlnbHlmAAAI1AAAWZoAALGMK9tC4GhlYWQAAGJwAAAALwAAADYU7r8iaGhlYQAAYqAAAAAdAAAAJAfeBJpobXR4AABiwAAAABUAAARkZAAAAGxvY2EAAGLYAAACNAAAAjR9hqpgbWF4cAAAZQwAAAAfAAAAIAIxAJhuYW1lAABlLAAAAUoAAAJhw4ylAXBvc3QAAGZ4AAAHsAAADQvkcwUbeJxjYGRgYOBikGPQYWB0cfMJYeBgYGGAAJAMY05meiJQDMoDyrGAaQ4gZoOIAgCKIwNPAHicY2BkYWCcwMDKwMHUyXSGgYGhH0IzvmYwYuRgYGBiYGVmwAoC0lxTGByeLXh+irnhfwNDDHMDQwNQmBEkBwD5Vw1OeJzd1/W3l3UWxfH359JdUoPBYMugiNjJDAx2dzMY2N3d3d0oJd1IIx12d+s5JoPiICbuh/0H+Puw1ot17113rfu98ey9D1AHqCX/kNp68xeK3qLmR320rP54LRqu/njtmkV6vxMd9Xk10T+GxKSYFUtjeazKVtk+O2bn7JG9sk8uzCWrVoE+Z0AMjckxO5bFiqzJ1tkhO2WX7Jm9s28urj7nL/4Vfb1ObEJP9mcE45hHsJSVpWHpVrqXfjVdV39OjV5jbX0ndalHfRro9TaiMU1oSjOa04KWtGINWtOGtrSjPX+jA2uyFmuzjr6bv+srrMt6rM8GbMhGbKyv11nfdxc2ZTO6sjnd2ILubMlWbM02bMt2bM8O7MhO7Mwu9OCf/EuvsBf/pje7shu7swd7shd7sw/7sp9e+wEcyEEczCEcymEczhEcyVEczTEcSx/+Q1+O43hO4ET6cRIncwqnchqncwZnchZncw7nch7ncwEXchEXcwmXchmXcwVXchVXcw3Xch3XcwM3chM3cwu3chu3cwd3chd3cw/3ch/38wAP8hAP8wiP8hiP8wT9eZKnGMBABjGYITzNUIYxXD/tkYxiNGMYq5/7eCYwkUk8w2SmMJVpTGcGM5nFs8xmDnP1m5nPAhayiMUs4Tme5wXe4E3e4kXe5h1e4mVe4VVe411e5z3e5wM+5CM+5hM+5TM+5wv9bpMv+Yqv+YZv+U6/6f+yjO/5geX8yP9YwU+s5Gd+4Vd+43f+YFWhlFJTapXapU6pW+qV+qWB/joalcalSWlampXmpUVpWVqVNUrr0qa0Le30B1P3L//u/v//Na7+a9LV71Q/lehv1VMfA0xPFjHQqpSIQVYlRQy2KkFiiOkJJIaankVimOmpJIabnk9ihFXJEiNNzywxyqpXF6NNzzExxvREE2NNzzYxzvSUE+NNzzsxwfTkExNNGUBMMqUBMdmUC8QUU0IQU01ZQUwzqp/PdFN+EDNMSULMNGUKMcuULsRsU84Qc0yJQ8w1ZQ8xz5RCxHxTHhELTMlELDRlFLHIlFbEYlNuEUtMCUY8Z8oy4nlTqhEvmPKNeNGUdMRLpswjXraqDeIVUw4Sr5oSkXjNlI3E66aUJN4w5SXxpik5ibdMGUq8bUpT4h1TrhLvmhKWeM+UtcT7ptQlPjDlL/GhKYmJj0yZTHxsSmfiE1NOE5+aEpv4zJTdxOemFCe+MOU5EaZkJ9KU8cSXprQnvjLlPvG1qQGIb0xdQHxragXiO1M/EEtNTUEsM3UG8b2pPYgfTD1CLDc1CrHC1C3ET6aWIVaa+ob42dQ8xC+mDiJ+NbUR8Zupl4jfTQ1F/GHqKmKVqbXIGlN/kbVMTUbWNnUaWcfUbmRdU8+R9UyNR9Y3dR/ZwNSCZENTH5KNTM1INjZ1JNnE1JZkU1Nvks1MDUo2N3Up2cLUqmRLU7+SrUxNS7Y2dS7ZxtS+ZFtTD5PtTI1Mtjd1M9nB1NLkmqa+JtcyNTe5tqnDyXVMbU52NPU62cnU8OS6pq4n1zO1Prm+qf/JDUxLgNzQtAnIjUzrgNzYtBPITUyLgexs2g5kF9OKIDc17QlyM9OyILuaNga5uWltkN1Mu4PcwrRAyO6mLUJuaVol5FamfUJubVoq5DamzUJua1ov5HamHUNub1o05A6mbUPuaFo55E6mvUPubFo+5C6mDUT2MK0hsqdpF5G9TAuJ7G3aSuSuptVE7mbaT+TupiVF7mHaVOSepnVF7mXaWeTepsVF7mPaXuS+phVG7mfaY+T+pmVGHmDaaOSBprVGHmTabeTBpgVHHmLacuShplVHHmbad+ThpqVHHmHafOSRpvVHHmXageTRpkVIHmPahuSxppVI9jHtRbKvaTmSx5k2JHm8aU2SJ5h2JXmiaWGS/UxbkzzJtDrJk037kzzFtETJU02blDzNtE7J0007lTzDtFjJM03blTzLtGLJs017ljzHtGzJc00blzzPtHbJ8027l7zAtIDJC01bmLzItIrJi037mLzEtJTJS02bmbzMtJ7Jy007mrzCtKjJK03bmrzKtLLJq017m7zGtLzJa00bnLzOtMbJ6027nLzBtNDJG01bnbzJtNrJm037nbzFtOTJW02bnrzNtO7J2007n7zDtPjJO03bn7zLdAWQd5vuAfIe02VA3mu6Ecj7TNcCeb/pbiAfMF0Q5IOmW4J8yHRVkA+b7gvyEdOlQT5qujnIx0zXB/m46Q4hnzBdJGR/021CPmm6UsinTPcKOcB0uZADTTcMOch0zZCDTXcNOcR04ZBPm24dcqjp6iGHme4fcrjpEiJHmG4icqTpOiJHme4kcrTpYiLHGOr1HGvVoZ/jrOidHG+l6vwJVqrOn2il6vxJVqrOf8aqyyonW6k6f4qVqvOnWqk6f5qVqvOnW6k6f4aVqvNnWqk6f5aVqvOftVJ1/mwrVefPsVJ1/lwrVefPs1J1/nwr2v+5wErV/wutVP2/2ErV/0ustPsTkfxhoXicrL0JYFvVlTD87n3aV2u3LVvWYkl2HCu2ZUl2nNjPibM6GyGrQxKFhCRAEkKAsIYIaIeUJYQBSsO0YEjLsJXSQqa0LBVbof0oy7TTUjpQt512Ol9ppzt0Gr3859z7nvTkWCTM9yfWffu9525nv+cKegH+iYdEk+AQ4kKn0C/MEwQS8PcMkWxvMhF1EoM3YDSk6BBJJnrhZk/A74Wb0RnUaPD6e3KEXaZI5RE/J72/sDRYXu/rm3V04HXz7Yeal/STphs7g8HXl7++fHT09ablzWOdh8yeBgu5zmw+7mg1249bGrdZLMftMYv9uDlI7v6F2fz6wNFZfX2vWxo/uLGJ9C9pPtTZvLzp9dFRyOP1pqYNnYcsDR4zNUFJx+3mVshhm6XR8hQ7NQuiIJwsioIoCXVCm9AF9Yr0ZDOu3kQsEjX4XF5/Wu9zkGgimYmlSNI1SHKREAm4HMTYQXxQt2yGjBPB4XY75CKmRCDZlVkitWcJybarx4LkbnITAR6zl2TJ4ZbG27PZ9nF8qchfkvHlcXwOza0DuP4uviYuFDxChzAozAfIEoMkRAzGEBkkmTRAkCIz4EbAn81lE8mEwYiPAwhmwuDh3ZGAR/5AiBgdcDNpNIRIjhJdU2aaranRNTCUlOjYyMgYvdb5qU2bjtR7l69e++XcrFuuW0gkeu7SpfvOeSM02k+Cb2R7t2z95dpV7vmLf3qswfeK3RKzk2JwmjWY6TA2Bdw9EcgDcgptutIo7tpwzv3t8a6l7ea5VyxaeqFRPyZ/840g6R8NvbH7p4vnu1et/eXWLb1jvoZvYx8KRqjnSXGvOCJYBL8wJGwQzhMuFq6G2mZ6E9gDaRhlUWMmzS6bSbonRI0iVD4C9RQTgzQdywxSfyAb4IcQbcbadmCXxTKJGSQWNbSQCLR
<style>@-moz-keyframes blink{50%{background-color:transparent}}@-webkit-keyframes blink{50%{background-color:transparent}}@keyframes blink{50%{background-color:transparent}}@media print{}pre code.hljs{overflow-x:auto}.hljs{color:#000}.hljs-comment{color:green}.hljs-string{color:#a31515}.hljs-attr{color:red}.hljs-bullet{color:#00b0e8}.markdown-body{color-scheme:light;--color-prettylights-syntax-comment:#6e7781;--color-prettylights-syntax-constant:#0550ae;--color-prettylights-syntax-entity:#8250df;--color-prettylights-syntax-storage-modifier-import:#24292f;--color-prettylights-syntax-entity-tag:#116329;--color-prettylights-syntax-keyword:#cf222e;--color-prettylights-syntax-string:#0a3069;--color-prettylights-syntax-variable:#953800;--color-prettylights-syntax-brackethighlighter-unmatched:#82071e;--color-prettylights-syntax-invalid-illegal-text:#f6f8fa;--color-prettylights-syntax-invalid-illegal-bg:#82071e;--color-prettylights-syntax-carriage-return-text:#f6f8fa;--color-prettylights-syntax-carriage-return-bg:#cf222e;--color-prettylights-syntax-string-regexp:#116329;--color-prettylights-syntax-markup-list:#3b2300;--color-prettylights-syntax-markup-heading:#0550ae;--color-prettylights-syntax-markup-italic:#24292f;--color-prettylights-syntax-markup-bold:#24292f;--color-prettylights-syntax-markup-deleted-text:#82071e;--color-prettylights-syntax-markup-deleted-bg:#FFEBE9;--color-prettylights-syntax-markup-inserted-text:#116329;--color-prettylights-syntax-markup-inserted-bg:#dafbe1;--color-prettylights-syntax-markup-changed-text:#953800;--color-prettylights-syntax-markup-changed-bg:#ffd8b5;--color-prettylights-syntax-markup-ignored-text:#eaeef2;--color-prettylights-syntax-markup-ignored-bg:#0550ae;--color-prettylights-syntax-meta-diff-range:#8250df;--color-prettylights-syntax-brackethighlighter-angle:#57606a;--color-prettylights-syntax-sublimelinter-gutter-mark:#8c959f;--color-prettylights-syntax-constant-other-reference-link:#0a3069;--color-fg-default:#24292f;--color-fg-muted:#57606a;--color-fg-subtle:#6e7781;--color-canvas-default:#ffffff;--color-canvas-subtle:#f6f8fa;--color-border-default:#d0d7de;--color-border-muted:hsl(210,18%,87%);--color-neutral-muted:rgba(175,184,193,0.2);--color-accent-fg:#0969da;--color-accent-emphasis:#0969da;--color-attention-subtle:#fff8c5;--color-danger-fg:#cf222e}.markdown-body{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;margin:0;color:var(--color-fg-default);background-color:var(--color-canvas-default);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";font-size:16px;line-height:1.5;word-wrap:break-word}.markdown-body a{background-color:transparent;color:var(--color-accent-fg);text-decoration:none}.markdown-body a:active,.markdown-body a:hover{outline-width:0}.markdown-body img{border-style:none;max-width:100%;-webkit-box-sizing:content-box;box-sizing:content-box;background-color:var(--color-canvas-default)}.markdown-body ::-webkit-input-placeholder{color:inherit;opacity:0.54}.markdown-body ::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}.markdown-body a:hover{text-decoration:underline}.markdown-body h2,.markdown-body h3{margin-top:24px;margin-bottom:16px;line-height:1.25}.markdown-body h2{font-weight:600;padding-bottom:0.3em;font-size:1.5em;border-bottom:1px solid var(--color-border-muted)}.markdown-body h3{font-weight:600;font-size:1.25em}.markdown-body code{font-family:ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace}.markdown-body pre{font-family:ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace;word-wrap:normal}.markdown-body ::-webkit-input-placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body ::placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body::before{display:table;content:""}.markdown-body::after{display:table;clear:both;content:""}.markdown-body>*:first-child{margin-top:0!important}.markdown-body>*:last-child{margin-bottom:0!important}.markdown-body a:not([href]){color:inherit;text-decoration:none}.markdow
<style>#md_view{padding:0 20px}#md_view img:hover{cursor:pointer}</style>
<!--[if lt IE 9]>
    <script src="/static/js/html5shiv.min.js"></script>
    <script src="/static/js/respond.min.js"></script>
    <![endif]-->
<style>.hot{z-index:10}</style>
<style>html #layuicss-skinlayercss{display:none;position:absolute;width:1989px}@-webkit-keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);-ms-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1)}}@-webkit-keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);-ms-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);-ms-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);-ms-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);-ms-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);-ms-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);-ms-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);-ms-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);-ms-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes shake{0%,100%{-webkit-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);transform:translateX(10px)}}@keyframes shake{0%,100%{-webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);-ms-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);-ms-transform:translateX(10px);transform:translateX(10px)}}@-webkit-keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);transform:scale(.7)}30%{-webkit-transform:scale(1.05);transform:scale(1.05)}0%{-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);-ms-transform:scale(.7);transform:scale(.
<body>
<div class="global-nav mb-50">
 <nav class="navbar navbar-inverse navbar-fixed-top">
 <div class="container nav">
 <div class="visible-xs header-response sf-hidden">
 
 
 
 
 </div>
 <div class="row hidden-xs">
 <div class="col-sm-9 col-md-9 col-lg-9">
 <div class=navbar-header>
 <button type=button class="navbar-toggle collapsed sf-hidden" data-toggle=collapse data-target=#global-navbar>
 
 
 
 
 </button>
 <div class=logo><a class="navbar-brand logo" href=https://forum.butian.net/></a></div>
 </div>
 <div class="collapse navbar-collapse" id=global-navbar>
 <ul class="nav navbar-nav">
 <li><a href=https://forum.butian.net/>首页 <span class=sr-only>(current)</span></a></li>
 
 
 
 <li><a href=https://forum.butian.net/questions>问答</a></li>
 
 
 
 <li><a href=https://forum.butian.net/shop>商城</a></li>
 
 <li><a href=https://forum.butian.net/community>实战攻防技术</a></li>
 <li><a href=https://forum.butian.net/articles>漏洞分析与复现</a>
 <span class=hot>NEW</span>
 </li>
 <li><a href=https://forum.butian.net/movable>活动</a></li>
 <li><a href=https://forum.butian.net/questions/Play>摸鱼办</a>
 
 </li>
 </ul>
 <form role=search id=top-search-form action=https://forum.butian.net/search method=GET class="navbar-form hidden-sm hidden-xs pull-right">
 <span class="btn btn-link"><span class=sr-only>搜索</span><span class="glyphicon glyphicon-search"></span></span>
 <input type=text name=word id=searchBox class=form-control placeholder value>
 </form>
 </div>
 </div>
 
 </div>
 </div>
 </nav>
</div>
<div class="top-alert mt-60 clearfix text-center">
 <!--[if lt IE 9]>
    <div class="alert alert-danger topframe" role="alert">你的浏览器实在<strong>太太太太太太旧了</strong>，放学别走，升级完浏览器再说
        <a target="_blank" class="alert-link" href="http://browsehappy.com">立即升级</a>
    </div>
    <![endif]-->
 
 </div>
<div class=wrap>
 <div class=container>
 <div class="row mt-10">
 <div class="col-xs-12 col-md-9 main" style=width:100%>
 <div class=widget-article>
 <h3 class="title word-wrap">CVE-2024-41667 OpenAM FreeMarker 模板注入分析</h3>
 <ul class=taglist-inline>
 <li class=tagPopup><a class=tag href=https://forum.butian.net/topic/48>漏洞分析</a></li>
 </ul>
 <div class="content mt-10">
 <div class="quote mb-20">
 OpenAM是一个开放式的访问管理解决方案。在版本15.0.3及之前的版本中，存在一个模板注入漏洞（CVE-2024-41667）。RealmOAuth2ProviderSettings.java中的`getCustomLoginUrlTemplate`方法由于使用了用户输入而容易受到模板注入攻击。
 </div>
 <textarea id=md_view_content style=display:none value="前言
--

OpenAM是一个开放式的访问管理解决方案。在版本15.0.3及之前的版本中，存在一个模板注入漏洞（CVE-2024-41667）。RealmOAuth2ProviderSettings.java中的`getCustomLoginUrlTemplate`方法由于使用了用户输入而容易受到模板注入攻击。虽然开发者意图实现自定义URL以处理登录，以覆盖默认的PingOne Advanced Identity Cloud登录页面，但他们没有对`CustomLoginUrlTemplate`进行限制，使其可以自由设置。

影响版本：&amp;lt;= 15.0.3

环境搭建
----

```yml
//docker-compose.yml
version: '3'
services:
  openam:
    image: openidentityplatform/openam:15.0.3
    ports:
      - &quot;5005:5005&quot;
      - &quot;8080:8080&quot;
    command:
      /opt/java/openjdk/bin/java -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005 -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager --add-exports java.base/sun.security.x509=ALL-UNNAMED --add-exports java.base/sun.security.tools.keytool=ALL-UNNAMED --add-exports java.xml/com.sun.org.apache.xerces.internal.dom=ALL-UNNAMED -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -Dcom.iplanet.services.configpath=/usr/openam/config -Dcom.sun.identity.configuration.directory=/usr/openam/config -Dignore.endorsed.dirs= -classpath /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/tomcat -Dcatalina.home=/usr/local/tomcat -Djava.io.tmpdir=/usr/local/tomcat/temp org.apache.catalina.startup.Bootstrap start
```

docker-compose 启动之后访问<http://127.0.0.1:8080/openam/>，默认配置搭建即可，调试端口为5005

![image-20240829111300913.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-caa38bd5164673fbfd8927734a96150eab9a2def.png)

漏洞复现
----

登录到后台

![image-20240829114932966.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-6de13e8880bdcf0103f050d506d6c68607da52d4.png)

创建了一个Connect Client

![image-20240829121408200.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-a1f41c63340f8a5038a35a991231107a3317cc53.png)

![image-20240829121434435.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-0924f96d4d931edd8b590c7a0cefda8e65e0cb4d.png)

点击刚才创建的Client配置信息，修改Redirection URIs和Scope的值

![image-20240829144902182.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-dd5ea4e34c7f988dd9cacc800f666a4458666f9f.png)

配置一个OAuth2 Provider，在Custom Login URL Template 处填入payload

```php
&amp;lt;#assign value=&quot;freemarker.template.utility.Execute&quot;?new()&amp;gt;${value(&quot;touch /tmp/vuln&quot;)}
```

![image-20240829121553319.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-d3ab70e77338e7d8fdb0f6e693169dae45b3cec6.png)

![image-20240829121629286.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-e586fea8b10c90bba13ef328d14578cec7ed1c97.png)

![image-20240829144822825.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-ba821a50c8f76d8c41792f8af948036081c7b07d.png)

在给出的 [POC](https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-7726-43hg-m23v)中在请求时需要加上csrf参数来绕过CSRF检测，这里只要退出openAM平台的登录再发送请求就不用添加csrf参数，这样并不会影响payload的执行，只是页面不会跳转到 [https://baidu.com](https://baidu.com/)

```php
http://127.0.0.1:8080/openam/oauth2/realms/root/authorize?client_id=1&amp;amp;scope=employeenumber&amp;amp;redirect_uri=https://baidu.com&amp;amp;response_type=code&amp;amp;max_age=200
```

![image-20240829150138114.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-a3fb33ebf84a0ff89cf366aed4a520e695dbc4f3.png)

执行之后，进入到docker容器中，在/tmp目录下可以看到已经成功创建了文件

![image-20240829141854086.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-df6db700d21f2e76dc2371fff13c8155e31903f8.png)

分析过程
----

### 路由分析

根据openam-server-only模块下的web.xml文件可以知道当访问/oauth2/realms/root/authorize接口时，会交由RestEndpointServlet处理

![image-20240828173419208.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-78e13ca96b6442db8361d39dadcd873db2a74d0b.png)

跟进到org.forgerock.openam.rest.RestEndpointServlet，在该Servlet中不存在doGet()和doPost()，容器会调用到service方法

在该方法中，会判断ServletPath的值调用到不同的方法，这里会进入到restletOAuth2ServiceServlet.service()

![image-20240828173950868.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-610ac52ac40dc14b5552b532139c18eec75b6eba.png)

在service()方法中，初始化了一个HttpServerHelper对象，这是Restlet框架下的一个类，它充当了Restlet应用于HTTP服务器之间的桥梁，用来处理HTTP请求并将其转换为Restlet请求

![image-20240828174347971.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-ca1806c18a37905638502afd926c9328dd4b2d93.png)

继续向下执行到关键代码处，将断点下在依赖org.restlet-2.4.0.jar包下的org.restlet.routing.Router#handle()方法下，该方法主要用来处理请求并控制请求的流向

程序会接受request对象作为参数，调用this.getNext()来根据上下文返回下一个处理器，如果不存在next下一个处理器的话会将请求的状态设置为404

![image-20240829103820852.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-da4580d573fd4baf400e01bc307ab994a63605ad.png)

访问接口<http://127.0.0.1:8080/openam/oauth2/realms/root/authorize>，观察next的值

![image-20240829104306081.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-41728bd3d9ea42e68b86323adfd362fc136200d2.png)

![image-20240829104649198.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-57132b8b6058a41ca23bbe8d57208c8b8aa255f4.png)

![image-20240829104708347.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-c2d88f6a991bdf28982a5e499d4f6ed63c8b8d01.png)

![image-20240829104728498.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-d54301e0fced5f24532d5226cb402f3732d7eba3.png)

在Restlet 程序初始化时，会通过一系列的工厂类进行路由注册并将其抽象成树状结构（如下图），假设用户访问的接口为/openam/test/stop，在/openam/test父树下不存在/stop这个子树，那么就证明/openam/test/stop这个请求是不合法的，程序就会返回404

![image-20240829105819218.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-57a8668f4c2b503d929f2d5947246703ee43b99e.png)

跟进到this.getNext()，可以查看到某个父控制器下面的所有子树控制器，这是/openam/oauth2父控制器下的所有子控制器

![image-20240829112705316.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-8ac5dfdac5ab3fbbd1fcf2c1eebe0271b99000f2.png)

POC中的漏洞接口为/openam/oauth2/realms/root/authorize，通过上面的this.routes可以知道，实际上/openam/oauth2/authorize接口也是可以调用到漏洞类的

/authorize路由的注册实现在org.forgerock.openam.oauth2.rest.OAuth2RouterProvider#get()，可以看到当调用到authorize控制器时会交给AuthorizeResource类处理

![image-20240829151229853.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-e1868375aeff87ee7a906d40f8ce3f456c80a252.png)

所以当访问/openam/oauth2/realms/root/authorize，最终的业务逻辑由AuthorizeResource#authorize()处理

### 漏洞分析

在该方法中首先调用requestFactory.create()将原始的http请求转换成OAuth2Request类型的，接着调用到authorizationService.authorize()

![image-20240829151729099.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-04679e5231a75c882fccfab634d162fdd9d03022.png)

在该方法中程序会获取请求时参数的值，调用validateAuthorizationScope()验证传入的值与配置的值是否一致

![image-20240829155612722.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-79bda2f637f3648d38b3ca468e93bbed80dbcad0.png)

跟进到validate()，由于获取到的token的值为null，会进入到下面的else语句中

![image-20240829155009514.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-ce0eeb3f1f46a55b881014c8ad1ea8a400c79dca.png)

isRefreshToken()用来检查传入的 OAuth2 请求是否是一个刷新令牌请求，这里返回的值为false，所以会进入到authenticationRequired()

![image-20240829155027233.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-22f9a0ef2be63396a4f3b0c928ad970f796a64e1.png)

最终会进入到getCustomLoginUrlTemplate()中，首先从设置中获取自定义登录 URL 模板字符串loginUrlTemplateString，接着使用该字符串创建一个模板对象返回

![image-20240829155057611.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-02a1b21cbe28df9c36350a4c326db5fa78f30c8a.png)

![image-20240829155133830.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-9a1ecc74445cf1cb2a3b88fb3f3274520e77647e.png)

漏洞修复
----

设置了一个新的类解析器，用于控制模板中可以使用的类

<https://github.com/OpenIdentityPlatform/OpenAM/commit/fcb8432aa77d5b2e147624fe954cb150c568e0b8>

![image-20240829161427965.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-210763a837cdc5fa91efa3f2cb91ef4813bd2235.png)

参考
--

<https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-7726-43hg-m23v>">前言
--

OpenAM是一个开放式的访问管理解决方案。在版本15.0.3及之前的版本中，存在一个模板注入漏洞（CVE-2024-41667）。RealmOAuth2ProviderSettings.java中的`getCustomLoginUrlTemplate`方法由于使用了用户输入而容易受到模板注入攻击。虽然开发者意图实现自定义URL以处理登录，以覆盖默认的PingOne Advanced Identity Cloud登录页面，但他们没有对`CustomLoginUrlTemplate`进行限制，使其可以自由设置。

影响版本：&amp;lt;= 15.0.3

环境搭建
----

```yml
//docker-compose.yml
version: '3'
services:
  openam:
    image: openidentityplatform/openam:15.0.3
    ports:
      - "5005:5005"
      - "8080:8080"
    command:
      /opt/java/openjdk/bin/java -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005 -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager --add-exports java.base/sun.security.x509=ALL-UNNAMED --add-exports java.base/sun.security.tools.keytool=ALL-UNNAMED --add-exports java.xml/com.sun.org.apache.xerces.internal.dom=ALL-UNNAMED -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -Dcom.iplanet.services.configpath=/usr/openam/config -Dcom.sun.identity.configuration.directory=/usr/openam/config -Dignore.endorsed.dirs= -classpath /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/tomcat -Dcatalina.home=/usr/local/tomcat -Djava.io.tmpdir=/usr/local/tomcat/temp org.apache.catalina.startup.Bootstrap start
```

docker-compose 启动之后访问&lt;http://127.0.0.1:8080/openam/&gt;，默认配置搭建即可，调试端口为5005

![image-20240829111300913.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-caa38bd5164673fbfd8927734a96150eab9a2def.png)

漏洞复现
----

登录到后台

![image-20240829114932966.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-6de13e8880bdcf0103f050d506d6c68607da52d4.png)

创建了一个Connect Client

![image-20240829121408200.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-a1f41c63340f8a5038a35a991231107a3317cc53.png)

![image-20240829121434435.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-0924f96d4d931edd8b590c7a0cefda8e65e0cb4d.png)

点击刚才创建的Client配置信息，修改Redirection URIs和Scope的值

![image-20240829144902182.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-dd5ea4e34c7f988dd9cacc800f666a4458666f9f.png)

配置一个OAuth2 Provider，在Custom Login URL Template 处填入payload

```php
&amp;lt;#assign value="freemarker.template.utility.Execute"?new()&amp;gt;${value("touch /tmp/vuln")}
```

![image-20240829121553319.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-d3ab70e77338e7d8fdb0f6e693169dae45b3cec6.png)

![image-20240829121629286.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-e586fea8b10c90bba13ef328d14578cec7ed1c97.png)

![image-20240829144822825.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-ba821a50c8f76d8c41792f8af948036081c7b07d.png)

在给出的 [POC](https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-7726-43hg-m23v)中在请求时需要加上csrf参数来绕过CSRF检测，这里只要退出openAM平台的登录再发送请求就不用添加csrf参数，这样并不会影响payload的执行，只是页面不会跳转到 [https://baidu.com](https://baidu.com/)

```php
http://127.0.0.1:8080/openam/oauth2/realms/root/authorize?client_id=1&amp;amp;scope=employeenumber&amp;amp;redirect_uri=https://baidu.com&amp;amp;response_type=code&amp;amp;max_age=200
```

![image-20240829150138114.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-a3fb33ebf84a0ff89cf366aed4a520e695dbc4f3.png)

执行之后，进入到docker容器中，在/tmp目录下可以看到已经成功创建了文件

![image-20240829141854086.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-df6db700d21f2e76dc2371fff13c8155e31903f8.png)

分析过程
----

### 路由分析

根据openam-server-only模块下的web.xml文件可以知道当访问/oauth2/realms/root/authorize接口时，会交由RestEndpointServlet处理

![image-20240828173419208.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-78e13ca96b6442db8361d39dadcd873db2a74d0b.png)

跟进到org.forgerock.openam.rest.RestEndpointServlet，在该Servlet中不存在doGet()和doPost()，容器会调用到service方法

在该方法中，会判断ServletPath的值调用到不同的方法，这里会进入到restletOAuth2ServiceServlet.service()

![image-20240828173950868.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-610ac52ac40dc14b5552b532139c18eec75b6eba.png)

在service()方法中，初始化了一个HttpServerHelper对象，这是Restlet框架下的一个类，它充当了Restlet应用于HTTP服务器之间的桥梁，用来处理HTTP请求并将其转换为Restlet请求

![image-20240828174347971.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-ca1806c18a37905638502afd926c9328dd4b2d93.png)

继续向下执行到关键代码处，将断点下在依赖org.restlet-2.4.0.jar包下的org.restlet.routing.Router#handle()方法下，该方法主要用来处理请求并控制请求的流向

程序会接受request对象作为参数，调用this.getNext()来根据上下文返回下一个处理器，如果不存在next下一个处理器的话会将请求的状态设置为404

![image-20240829103820852.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-da4580d573fd4baf400e01bc307ab994a63605ad.png)

访问接口&lt;http://127.0.0.1:8080/openam/oauth2/realms/root/authorize&gt;，观察next的值

![image-20240829104306081.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-41728bd3d9ea42e68b86323adfd362fc136200d2.png)

![image-20240829104649198.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-57132b8b6058a41ca23bbe8d57208c8b8aa255f4.png)

![image-20240829104708347.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-c2d88f6a991bdf28982a5e499d4f6ed63c8b8d01.png)

![image-20240829104728498.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-d54301e0fced5f24532d5226cb402f3732d7eba3.png)

在Restlet 程序初始化时，会通过一系列的工厂类进行路由注册并将其抽象成树状结构（如下图），假设用户访问的接口为/openam/test/stop，在/openam/test父树下不存在/stop这个子树，那么就证明/openam/test/stop这个请求是不合法的，程序就会返回404

![image-20240829105819218.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-57a8668f4c2b503d929f2d5947246703ee43b99e.png)

跟进到this.getNext()，可以查看到某个父控制器下面的所有子树控制器，这是/openam/oauth2父控制器下的所有子控制器

![image-20240829112705316.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-8ac5dfdac5ab3fbbd1fcf2c1eebe0271b99000f2.png)

POC中的漏洞接口为/openam/oauth2/realms/root/authorize，通过上面的this.routes可以知道，实际上/openam/oauth2/authorize接口也是可以调用到漏洞类的

/authorize路由的注册实现在org.forgerock.openam.oauth2.rest.OAuth2RouterProvider#get()，可以看到当调用到authorize控制器时会交给AuthorizeResource类处理

![image-20240829151229853.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-e1868375aeff87ee7a906d40f8ce3f456c80a252.png)

所以当访问/openam/oauth2/realms/root/authorize，最终的业务逻辑由AuthorizeResource#authorize()处理

### 漏洞分析

在该方法中首先调用requestFactory.create()将原始的http请求转换成OAuth2Request类型的，接着调用到authorizationService.authorize()

![image-20240829151729099.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-04679e5231a75c882fccfab634d162fdd9d03022.png)

在该方法中程序会获取请求时参数的值，调用validateAuthorizationScope()验证传入的值与配置的值是否一致

![image-20240829155612722.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-79bda2f637f3648d38b3ca468e93bbed80dbcad0.png)

跟进到validate()，由于获取到的token的值为null，会进入到下面的else语句中

![image-20240829155009514.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-ce0eeb3f1f46a55b881014c8ad1ea8a400c79dca.png)

isRefreshToken()用来检查传入的 OAuth2 请求是否是一个刷新令牌请求，这里返回的值为false，所以会进入到authenticationRequired()

![image-20240829155027233.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-22f9a0ef2be63396a4f3b0c928ad970f796a64e1.png)

最终会进入到getCustomLoginUrlTemplate()中，首先从设置中获取自定义登录 URL 模板字符串loginUrlTemplateString，接着使用该字符串创建一个模板对象返回

![image-20240829155057611.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-02a1b21cbe28df9c36350a4c326db5fa78f30c8a.png)

![image-20240829155133830.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-9a1ecc74445cf1cb2a3b88fb3f3274520e77647e.png)

漏洞修复
----

设置了一个新的类解析器，用于控制模板中可以使用的类

&lt;https://github.com/OpenIdentityPlatform/OpenAM/commit/fcb8432aa77d5b2e147624fe954cb150c568e0b8&gt;

![image-20240829161427965.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-210763a837cdc5fa91efa3f2cb91ef4813bd2235.png)

参考
--

&lt;https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-7726-43hg-m23v&gt;</textarea>
 <div id=layer-photos-demo>
 <div id=md_view><div class=markdown-body><h2 blockindex=0>前言</h2>
<p blockindex=1>OpenAM是一个开放式的访问管理解决方案。在版本15.0.3及之前的版本中，存在一个模板注入漏洞（CVE-2024-41667）。RealmOAuth2ProviderSettings.java中的<code>getCustomLoginUrlTemplate</code>方法由于使用了用户输入而容易受到模板注入攻击。虽然开发者意图实现自定义URL以处理登录，以覆盖默认的PingOne Advanced Identity Cloud登录页面，但他们没有对<code>CustomLoginUrlTemplate</code>进行限制，使其可以自由设置。</p>
<p blockindex=2>影响版本：&lt;= 15.0.3</p>
<h2 blockindex=3>环境搭建</h2>
<pre blockindex=4><code class="hljs language-yml"><span class=hljs-string>//docker-compose.yml</span>
<span class=hljs-attr>version:</span> <span class=hljs-string>'3'</span>
<span class=hljs-attr>services:</span>
  <span class=hljs-attr>openam:</span>
    <span class=hljs-attr>image:</span> <span class=hljs-string>openidentityplatform/openam:15.0.3</span>
    <span class=hljs-attr>ports:</span>
      <span class=hljs-bullet>-</span> <span class=hljs-string>"5005:5005"</span>
      <span class=hljs-bullet>-</span> <span class=hljs-string>"8080:8080"</span>
    <span class=hljs-attr>command:</span>
      <span class=hljs-string>/opt/java/openjdk/bin/java</span> <span class=hljs-string>-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005</span> <span class=hljs-string>-Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties</span> <span class=hljs-string>-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager</span> <span class=hljs-string>--add-exports</span> <span class=hljs-string>java.base/sun.security.x509=ALL-UNNAMED</span> <span class=hljs-string>--add-exports</span> <span class=hljs-string>java.base/sun.security.tools.keytool=ALL-UNNAMED</span> <span class=hljs-string>--add-exports</span> <span class=hljs-string>java.xml/com.sun.org.apache.xerces.internal.dom=ALL-UNNAMED</span> <span class=hljs-string>-Djdk.tls.ephemeralDHKeySize=2048</span> <span class=hljs-string>-Djava.protocol.handler.pkgs=org.apache.catalina.webresources</span> <span class=hljs-string>-Dorg.apache.catalina.security.SecurityListener.UMASK=0027</span> <span class=hljs-string>-Dcom.iplanet.services.configpath=/usr/openam/config</span> <span class=hljs-string>-Dcom.sun.identity.configuration.directory=/usr/openam/config</span> <span class=hljs-string>-Dignore.endorsed.dirs=</span> <span class=hljs-string>-classpath</span> <span class=hljs-string>/usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar</span> <span class=hljs-string>-Dcatalina.base=/usr/local/tomcat</span> <span class=hljs-string>-Dcatalina.home=/usr/local/tomcat</span> <span class=hljs-string>-Djava.io.tmpdir=/usr/local/tomcat/temp</span> <span class=hljs-string>org.apache.catalina.startup.Bootstrap</span> <span class=hljs-string>start</span>
</code></pre>
<p blockindex=5>docker-compose 启动之后访问<a href=http://127.0.0.1:8080/openam/>http://127.0.0.1:8080/openam/</a>，默认配置搭建即可，调试端口为5005</p>
<p blockindex=6><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABX0AAAIeCAYAAADnKKy6AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3Rc533u+++79wCDShQCBFjFToJiL5ZIUaKKZXXLtmzlxDouxzpXN5GSOI7lRNe+ayVxi67jHJe4rUS515FXjiyrWY7ESBTVqMIikCBIggAJFhSig2hEGUzZ7/1jigASJEESIsjh81lLIjCzZ+93ZvbGAM/+7d9rAoGARURERERERERERESSgjPeAxARERERERERERGRsaPQV0RERERERERERCSJKPQVERERERERERERSSK+8R7ApczzPAYHBwmHw+M9FBERERERERERuQT5fD78fj+Oo9pKuXRobzwNz/Po6+tT4CsiIiIiIiIiIqcVDofp6+vD87zxHopIgkLf0xgcHBzvIYiIiIiIiIiIyGVCWZJcShT6noYqfEVEREREREREZLSUJcmlRKGviIiIiIiIiIiISBJR6CsiIiIiIiIiIiKSRBT6ioiIiIiIiIiIiCQRhb4iIiIiIiIiIiIiScQ33gNIJsFgkNdff51XXnkFgNtvv51bbrmF1NTUcR6ZiIiIiIiIiIicjrWWrVu3ArB27VqMMeM8IpELo9B3DITDYbZs2cLLL7+M4zjcf//9APz+979n8+bN3HXXXdxwww34fBf+cpeVlfHss8/S3Nx8yn1+v581a9bw+c9/Hr/ff8HbEhERERERERG5GM6Udww1efJk7r//fpYuXTqm23/llVd45ZVXsNbS3d3NHXfcMabrF7nYTCAQsOM9iEvRiRMnzrqM53ls3bqVP/zhD/T29nLXXXfx8Y9/PFHZGwwGee2119i4cSPZ2dl88pOf5Nprr8Vxzr+rxqOPPsry5ctZtWrVKff98Ic/BGDBggX85V/+pSqMk1h/fz9Hjx5l9uzZpKenj/dwLqq2tjba29spKSkZ76FckJqaGowxXHXVVeM9lI9cW1sbDQ0NLF++fLyHIiIiIiIil6gz5R1DlZaWUlFRweOPPz5m2/Y8j2984xvcfvvteJ7Hpk2b+Md//Mfzym+ys7PHbFxy+Xn//fd54oknqK+vH9XyM2bM4KGHHuKaa64Z87Go0vcC/PznP2f37t1cf/31fPrTnyYnJ2fY/ampqdx1111cd911PP/88/zbv/0bu3bt4s/+7M/Oe5udnZ2sWrXqjIHXgQMH+NWvfsUjjzyC67rnvS25dB05coTDhw+zaNGi8R7KRbdnz56LGnQPDAxQVlZGa2srg4ODLFq0iLlz5/Laa69RUlLCvHnzznmd4XCYnTt3jumZ6cHBQdra2pg8efKw476/v5/Nmzcnxj0empubOXr06BlD3+PHjwMwceLEizUsERERERG5hIwm74h76623xnTbu3fvpq+vj/Xr1wPwwgsvUF5ezooVK8Z0O5L8/vmf/5mZM2fy1a9+dVTL//a3v+VnP/uZQt9LSX19Pbt37+brX//6WYO33NxcvvKVr7B69Wp+8pOf0NjYyJQpUz7S8ZWXl/P888/zuc997rzX0drayuOPP86kSZN47LHHErdba9m0aROvvvoqjY2NZGdns2rVKr7whS+QmZkJwFe/+tURz2qkpKTw9NNPj7i9wcFBnnzySd555x3C4TDLli3joYceIi8v77Rj3Lt3L7/+9a+pr6+noKCA++67j1tuueWsz23Pnj388Ic/5P777+fuu+8+47K1tbVUVVVx4sQJ0tPTmTlzJiUlJcPO+B08eJCDBw8SCATIyclhxYoVFBQUJO7v6Ohgz549dHR04PP5mDRpEsuWLRsWXra0tFBeXk53dzcZGRmUlJQwe/bs045p+vTpV1yPob6+Ptrb27nuuusu2jZ37dpFd3c3a9aswe/3k5GRgeu65OTknHf4fOzYMTzPY8aMGWM2zsbGRnbs2MG99947LPS90LFeLNu2bWPy5MkKfUVEREREhCeffJK333572G0bNmzgi1/84phto7+/n76+Pnp7e3n99de55pprEn83rV69mtdff53c3FyysrLIzMwkIyNjzLYtyau9vZ3HHnuMZcuWjfoxjz766EcyFoW+5yke+E2dOnXUj/moL+MuLi4e1vvmjTfeOK/Qd2BggM2bN/Pcc8/R29vLpEmTht3f0NDAM888w5133sns2bOpqanhP/7jPwgGg/zFX/wFAF/72tcYHBxMPCYYDPJP//RPXH311afd7q9+9Su2bdvGQw89RFZWFk888QTf/e53+cEPfjBixXJ9fT3f+973WL58OV/+8pcpLS3l5z//ORkZGaxdu3bEbbS3t/Piiy+yadMmQqHQWV+LxsZGtm3bxpIlS5g8eTJdXV3s3LkTay2LFy8GolW3ZWVlLFq0iMLCQqqqqnj77be5/fbbyczMZGBggLfeeospU6Zw0003EQgE2LVrF++//34ioO7u7uadd96huLiYZcuW0djYyAcffEBKSgrTp08fNqa2tjZ6e3uZOXPmWcefbGpra0lNTWXy5MkXbZvNzc1cffXVpxzrGzZsOO911tTUUFxcfFF6b/v9/gsaq4iIiIiIyMV26623smbNmmG35ebmjsm6t2/fzm9+8xsGBgYSt6WmpvL5z38+8f1tt93G97//fb773e8mbktPT+fLX/4yq1evHpNxSPJ75ZVX2LBhwylFWAMDA2zZsoXbbrvtI92+Qt/zFL+Eur6+/pS2DqdTW1uL67oUFxd/JGP63ve+l/i6srIy0eP3XG3bto1XX32Vr3zlK2zatOmU+6dNm8Yvf/lLUlJSAFi+fDmHDx9m3759iWVODiSfeOIJfD4fjzzyyIjbbGtr4+233+ZLX/oSN910ExCtCv72t7/Nrl27TvlhD/Diiy+SlpbG1772Nfx+P0uWLKG6uprnnnvutKHvb3/7W9ra2vjud7/L3/zN35xyf3V1NXv37uWGG26goKCAxsZGJkyYkKjmzsvLo6mpiZaWlkToW1lZyZQpU1iyZAkA+fn5/OEPf+DgwYOsWLGClpYWQqEQy5cvJy0tDYj2Xd65cyeRSATXdTlw4AA+n4+1a9fiui5FRUV0dnZSWVl5SuhbV1dHdnY2+fn5w26rqKigt7eXjIwMFi5cyJw5cxL37927l2PHjhEIBAiHw2RlZVFSUnLK+3T06FGqqqro7+8nMzOTRYsWJapRrbW88847nDhxgkAggLWWCRMmsGzZMoqKihLreOONN+jq6iISiZCVlcXSpUsTgWl3dzelpaX09fURDAYToXZWVhZHjx7lxIkTpKamMmfOnBFPEMQrnOMnATzPo7KykiNHjjA4OEh6ejorV65k8uTJifsOHTpEKBQiJyeH5cuXU1hYOOrn43ke4XCY8vJyysvLAVi8eDElJSU888wzrFy5MtHeYXBwkN27d9PQ0EA4HCYtLY0JEyYMO1sM0R/ura2tXHvttYnbOjs72bVrF52dnfh8PmbOnMmSJUsSz7O7u5udO3fS29tLMBjEcRymTp3KsmXLEvtU3Isvvpj4+p577iEtLe2UsQYCAXbv3k1jYyPWWoqLi1mxYkXizPVoXpv4821qaiIUCpGZmcm6detO+4tYOBxm48aN9PX1kZKSwowZM1i2bNmwEzrV1dVUV1cDMHv2bNasWUNdXV1inwyFQmRkZDB37lz6+/tpbGxM7KvLly//yK+gEBERERGRi2Py5MkfWbHPu+++y8qVK7nppptIT09PVPEO/dtk+vTp/OxnP0tUAw8MDPDGG2+wZcsWhb4yaps3b+all17i8ccfJysrC4De3l4ee+wx0tPTFfpeqhzHYdq0adTV1SXCv7Opq6tj2rRpFzSR28WwYcOGRPA6UugLJALfuOPHj582cGlsbOSVV17hT//0T097OcT+/fsBhjVsX7x4MampqVRWVo4Y+lZWVrJkyZJh1ZIrVqzgqaeeIhAInBKGATz88MNnfP2ttXieh7XR+Q0zMzOpqamhs7OTvLw8wuEwnZ2diRBzYGCA3t5eFixYkFhHamoqBQUFtLe3Ax82cW9oaEgEsa2treTl5SU+
<h2 blockindex=7>漏洞复现</h2>
<p blockindex=8>登录到后台</p>
<p blockindex=9><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABdsAAAKDCAYAAADiltOxAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3gc13no/++ZXWAXvfcOkAAbCBLsVRIpUaRIiZKsYsqSLcuy5RrHznWKkxv/kp+vb5KbOInLta1YjmTL6l0kRUqiJJJgryAIgiB6773sLrAz5/6xILBoSzRWn8/z8CF2dmbOmdmZ2Z33nHmPSE1NlSjKLeTkyZPXuwqKolwHsbGx17sKyk1AHSeKoiiKoiiKoijK1aJd7wooiqIoiqIoiqIoiqIoiqIoys1OBdsVRVEURVEURVEURVEURVEUZZpUsF1RFEVRFEVRFEVRFEVRFEVRpkkF2xVFURRFURRFURRFURRFURRlmlSwXVEURVEURVEURVEURVEURVGmSQXbFUVRFEVRFEVRFEVRFEVRFGWaVLBdURRFURRFURRFURRFURRFUaZJBdsVRVEURVEURVEURVEURVEUZZrM17sCinLTc/YhWhugughRXYRoroXOZuhzIPrsSJMZzF7gGwAhkcjIRGRCBjImBQJCQIjrvQXKtSIlwmEDaYz9ttkbvLxnpixdR/TZJreMEEhvK2im6Zfv7EP0902+fKvf9MtWFEVRFEVRFEVRFEW5DlSwXVGmqrsdUXQG7cIxqLqE6G5DjgguypHLVBaiCQFWX2RoDKRlYsxbiYxPn7kgq3LjaqpG2/Uc2HtGN7IYBjJ9CcbGR0FM/6EjUX0Jbc8L4wb2R5ESTCaMDZ9Hzlo07fK1wzsR5w+DNsFtkRJp8UE+9Y/TLltRFEVRFEVRFEVRFOV6UMF2RZms3i60cwcRJz9C1JUinU5gjMD6OKSUYOuBmmKoKUY78RGkL8ZYcQ8yeT6YZqBXsXJD0vJy4OKJcd8Xna2wcC1EJky/MFs3oqIAqTsntZiITESmZU3viYvudsTZ/a5jfDJl+/hPvUxFURRFURRFURRFUZTrTAXbFWWipESU5aN9+gqiJA+pO4cF2IVmAr9AZFA4BIWDjx/S4gNOJzhsiN5OREczdLQg7T1DC9q6IfcgpuJcjOyNGOsegKCwa755ylXW0eLq6e1JWwNa/hGMmQi2T5FWmofsaEYGR0x5HaLqEqKpasINUEMLqpRKiqIoiqIoiqIoiqLcvFSwXVEmwtmPdmIv2qevITtahgfZA0MxUhdiZCyBuDQIDHPlvTa5nV5SQn8f2LsRLXWIigLExROI6mJkv8M1S08nWs47iNpijC1PIRPSr+02KleVKDqNaKi8YgBanD8ES+6EwNBrUq9RBo7PKQfbpURcPIHsc8xsvRRFURRFURRFURRFUW5wKtiuKFfSZ0f77A20nLeRDvvgZOEXiJF1G8bSO5HRycOD6yMJAd4W8LYgA8OQKQsQK7Ygis4gju5GVFxAOp2uFDMleZhe/3f0e59Bzp5+7mzlBuCwoZ3LmVBKF1Ffjig+i8zecA0qNpp09iMKT0LmmikNlCo6mtHKzk++V7uiKIqiKIqiKIqiKMpNbvqj8CnKrUx3oh14C+3Am4OBdiEEJM9D3/FXGNu+ioyb5TnQPg7p44+xcB364z/E2PRFREDI0HsNlWjv/BJRnj9jm6JcP1plAaKiYELzSqcTcfYzcNiubqU8KTsPrQ1TWlRUXICW2hmukKIoiqIoiqIoiqIoyo1PBdsVxQPt9CdoB99G9vcBrrzsxqLbMHb8pavX+UwMZuobgLH+QfSHv4dwz9XdXIv2/rPQVD39MpTrx9ARuQeH5+m/Aq3yIqLy4lWslGei3dU7fdIMHXHx5OCgwYqiKIqiKIqiKIqiKH9KVLBdUcYhqi4h9r2CtPe6XguBXLIRuf0b0xo8cuzCBDJjCfpD30VEJQ5Nry5G2/fy9e3lrEyLaKxCFJ2e1DLS1oN27iAY+lWq1RXKN3RXKhln/+QWbK2HMvU0hqIoiqIoiqIoiqIof5pUsF1RxuLoRdv/BrQNpdIw0rPRNz2B9PG/asXKpLnoW78yLKWMdv4IIi/nqpWpXF0i7xCyvXnyy106hWisugo1mmD5lRcRk0wHo5XmITqarlKNFEVRFEVRFEVRFEVRbmwq2K4oY9AunnT17L0sNBp59xchMPSqly0zlmKsux8xMDil7HegHd6J6Gy56mUrM0t0NCPOH57SsrK9GXH+0AzXaDjhZUGMM96A7GiBorMTX5mzz5VCxjDGKcsbYVZjciuKoiiKoiiKoiiKcutSwXZFGUHYexEnP0T2OVyvNRNyzb2ugVCvEWPpJmTawqE61ZVC3tUNvCozT1w6Pa3e6SLvMKJj8r3iJ0rGJCM9NCBpl05Dn31C6xJN1YiqwvFniE0D/+DJVlFRFEVRFEVRFEVRFOWmoYLtijJSeT6iomDwpYyfhZF127Wtg18gxorNCG+Lqw6GgZZ7AHq7rm09lCkTDhvi3AGkh7zrl59eGPf9xqrhT1jMMBkciUzIGL/8miJEQ+WE1iVKziE7W8d+z+yFMWcp0uw9pXoqiqIoiqIoiqIoiqLcDFSwXVHcSQORfxTpcPXmFUIgs9aDWw71a2b2YmR8+uBLUV+GqLp07etxNUh565dbno+ouDju28Jixchcg7D4jDuPNHRE7gGEvedq1NDVmJOejdDG/iqQ3R2I4gmkknH0em4UCIlEJs29fp+7oiiKoiiKoiiKoijKNaAS6CqKG9HRPKxXO0FhyPQl16Uu0uqHnLcCUZrneu2wI0pykRkj6iMNV4/3y7myLT7gbR0xj4SuVrSGCmRDlWs77T2u6T5+yMAwZEQ8RCcjg8JAzGA7nKG7UqHUliIaqxHdbWDrdvVy9g2AkChkTDJEJSE9BJ5HkRJs3aA7ARDe1tHL9zkQDRWImmJorUf0dIBmcu3b4AiISYGYlJkf9FbX0XIPIB228asfFofc8Ci0N4KnoHzVJSi/AHOWzWwdAaR0BcEDQ2GcQVzFpdOIVduQVt/x61hfAdXF4xeTNA+CI13HqqIoiqIoiqIoiqIoyi1KBdsVxV1dOaKjmcv9b2XcbGRo9HWrjkzNRPMPQnZ3ACAqCxEO2/Cgclcb2hv/iRgIlsq192Es3zywAgNRV4Y4/Sla0Wloa4A+B3JED2MBaF4WCI7ASMtELrodmTgHxhk8c2KVNxDVRYhT+xBFZxDtTUhn/7AyYeDpAR9/iE11lbtg9cSC3312TO8/i6gtASkxFqxGbnrC9Z6uI0rz0I7ugtI8hK172DYLQBMCLL7ImBSMFZuR81fDQNqe6RIN5Yjis3jqxy0zliCjkzHmLPfYA146bIiz+5GzF0/v8xhz5RIZGo2Mmz1usJ26Ute/lAXjrkYUnRk3xdHlFDKYvWaixoqiKIqiKIqiKIqiKDcsFWxXFDeiphgcvYOvZdKc6xskDI2GsBi4HGxva0B2tYIlbnAWoeuIphporXdN6G53Tbd1Iw6/j3Z8D7K92WPgF0D2O6Cp2jXQ5bkcV+B7/QPIkKjJ17unA+3Qe2jH9yK72lzrH69cKV2B2uJctPILyLxDGHc95jGX+KDOVmR9hevvmBTX/45etIPvIg69OxgAHqtsKSXYe6DsPKaaIozKixh3Pe7qbT9NIi8H2dEy/gy+Ach5K1z1mLsM7cjOcfOdA2jFZ5G1pciE9HHnmTKzF3L2YrQLR0c1wgBg60FcOoUcJ9gubN2IS6fHX39IlKv3vIfc9YqiKIqiKIqiKMr15xU9B6+Y+ZjCkjAFRKFZ/AAwHD3oXQ3oLRX01+XTXz9+hzFF+VOngu2K4kY0Vg4GHIXZCyMy8brWR1r9kOFxQ2lGbN2unvfhQ8H2wS7ig6816G5HvPcbtLxDgwN0Ck2DwFBkVBIyLAb8ggAJXe2IljpEQwV0tyMNV1oacfh9tJoi9K1Pu4KlEyRa6tB2/hfi4smhss1mCI3BiE6GkEhXqhuHDdHW4Eov09aI1J2unu+FJ9GaazDuewbpKXWKyTyiJ7oAhw3TR39EHNmJdDoRQoBfEDI6yZUmxz8YDAPR0QTVxYimale5fQ60o7tBCIwtT4HX1AfyFO1
<p blockindex=10>创建了一个Connect Client</p>
<p blockindex=11><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABiQAAAIfCAYAAADwl7ScAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3Qb15n4/e/MoBIk2HuRKFIkRUoi1SWqWF2y4x65xCVOT7yJN9k4ySbZnO37255486ZsnI3j3ksc2ZbcbfVeqUpREnvv6MDMvH+AEkES7FT1/ZyjEwcAMXcGU+9z7/NIU6ZM0REEQRCEz6C6uror3QThGpGWlnalmyAIgiAIgiAIgiAI1zz5SjdAEARBEARBEARBEARBEARBEITrnwhICIIgCIIgCIIgCIIgCIIgCIJwyRmudAME4bPIrEhkWA1MizJQZDcyKcJAolnCqshEKBI+Tcen6XQFdOo9KhWOAGVdAU51+2n1aWi6yLT2WSFLEjZFQpbCv+/VwKNqE7IsoywToYzub3TApeoEtPHvk2ZFwjLYig6x/C7/xKy/IAiCIAiCIAiCIAiCcGmJgIQgXEbxZoWFcSZWJFooshuJN0kYw/a/9r5YFGVgTZIFR0Cjxq2xv8PHR00ejnUFJqwjWrh6TbYZ+H5uJJEGif5d/ooksaPVx+/PO1AnICBQZDfwl7lRDFxSeBKgAo+fdbC7zTeuZUuSxL0ZEaxKsqCOMOAmAU5V59sH28e1bEEQBEEQBEEQBEEQBOHyEAEJQbgMYkwKa5PM3JZmJT/KwCgHoaPrOjZFIj9SIT/Syq2pVna1eXmlxs3BDj9+TQQmrldrkswsjjcN+n6iWeG9Jg9nHf5xLyvKIFEcbUQeYUDiglVJFva2+8c1cyfOJHNjipX8yNEdHQ51zIsUBEEQBEEQBEEQBEEQLjMRkBCES0iWJGbHmPj6FBtzY0wDOnp1JDr8Gg0elSavRndAw6nqGCWJCEUi1iSTYlFINPVNpROpwOpEM/NjTWys9/BMlYtGT+Ayr51wqSVbDKxKsgz5mRSzxMpE84QEJMZqfpyZZLOTes/YowPT7UaybaMN1THK0IkgCIIgCIIgCIIgCIJwJYmAhCBcIiZZ4s50K1/LjiTeKBHaddrm19nT5mNHm4+T3X6avRouVccXkoJJliTMskSUUSLTqlAcbWRpgpkiuwmjFPwuu0HigawIptkNPFbu4Gjn+NLmCFeXhXFGcmwGhut2X5Vk5s06N83eKzNdIN0iUxJjor7BPaa/lyWJJfEmTKMrHyEIgiAIgiAIgiAIgiBcY0RAQhAugQiDzJcn2XhwUgTmkE7WroDO5kYvf653U+4I9AlA9KfpOm5Vx61Ck0dlf7uP12rdLIo3syHdSkmMEYVgOqfZ0Ub+qSiafzvZxa4276VfQeGSsxlk1iVbR5Q+aWqkgYXxZjbWuS5DywYySLAkwcz7TZ4xFbdONsvMizNfgpYJgiAIgiAIgiAIgiAIVxP5SjdAEK43JkXmi1kRPBQSjJAkicOdfv76aCf/dbqbY52+IYMRg+n0a2xucPODo538usJJu7+383eSVeanBVHMjh283oBw7SiJMVIcbRzRZxVgfbIZm+HKndJnxRhJs4w+5RLArFgTGVZxORIEQRAEQRAEQRAEQbjeiR4gQZhgN6dY+OIkG8aeYISOxDsNbn5S1smuNu+EFKDu8Kk8Venkb493UeXu/b5Mq8IP86KYbBOTn65lBllibZKlT92Q4RRHG5k5wgDGpZBiVpg7hmCYQZZYEm8edaF3QRAEQRAEQRAEQRAE4dojAhKCMIFmRJv4enYkFwZ7S5LExno3/3HaMa6Cv+Fous62Fg9/d7yTypCgREGkgW9k267oaHlhfKbYDCyKH13nvk2RWJdswSBfmUIMEjqL402YRrn8dKvCrBgxq0cQBEEQBEEQBEEQBOGzQPRYCsIEiTTKfGlSBCkhRSO2t3r5VYWDDt+lKzZ8qMPHf5d390nftDrJyuokkZP/WrU6yUKiafSn59J4E1Ou4OyY4hgTk0a5/HmxJlIs4lIkCIIgCIIgCIIgCILwWSB6gQRhgiyNN7MkoTcIUOfR+M1ZJ83eSxeMuGBbi5dnq13oBIMhRknnC5k2UqwiddO1JtVqYGXi2IJJiSaZVZc4EOXXJTTCz4KIN0rMH0XaJrMSTNeEHr4Qtl+HS3/0CIIgCIIgCIIgCIIgCJeLCEgIwgSIMsjcnm7FFFI34sUaF8c6fZdl+bqu80atm73tvcvLjxp7x7Zw5SyKG98sh1WJFlIvYSCq3BmgaYgg2+J4MxEjTBeWbTMwY4i6F6e6A7T5xl9zRRAEQRAEQRAEQRAEQbg6iICEIEyAkhgjxSEdq8e7/Wxq8FzWNrT7VF6tdeG7MNhc11mfbCHGJMoFXyuijArrUixIhJ8xAFycBTOYKTYDi0dZf2I0al0Bjnb6B32/0G5gygircc+LNRFnDL8+AR22tnrxqINvC0EQBEEQBEEQBEEQBOHaIgISgjBOiiyxItHChdIRkiTxbqOHlsuQqqm/3W0+jnUFLv7/vCgD0+2Dj0AfLUmSkKQrUzRZvkLLvpzLLYkxMnOI38urw/tNHjxDTBqQ0FmXbMFuvDSnd6+ms6vNB4Nsk2iDxML44WfmRBrlPinO+qv3qBzu9CNfof1NEARBEARBEARBEARBmHgiwbwgjFOyWe4zO6LJq7Kj9fKkauqvy6/xSbOHWdGRAJglmB9nYltL39kaiiwRbZQvRiRdqo4r0LeXW5YkEswyUyMNTI4wkGJRgp3cuo5D1Wn0qJxzBjjjCNDk01C1iRvJbpAlUiwKeZEGsiMMJJhlogwSXg06/Rr1Ho3TDj9nnSrd/pEHfmRJwm6UMfT0cXs1Bvy9VZHJjTQwLcpARoSBWGOwZkKXX6Peo1LuCHC620+nf2JTCRllmXVJZoaq71zpVPnDeSfpVoWiqMFP39PtwRk7W1u8E9pGAAk43Omn2asOWni7NN7MS9UuugODb6Ncm4GCyMHX4VCHnwaPhiziEYIgCIIgCIIgCIIgCNcNEZAQhHGaGmkkxdKbouZ4V4BqV2CIv7i09nf46QzoRPf0us+wG4kyKn063uNNMn83zU6KOdjuF2pcvFrjAoLBirxIA59LsVIabyLNqmCRJfQwhYf9ukSDR2VPu5dNDR6OdgXwqWPvqFdkiSK7kZtTLCyKN5Ni7g0ehJIkia6Azqme1FgfNXvp8A0fmLAqEj/Ki6IgyoAEfNjs5VdnuoFgQGBOjJG7M6zMiTURbZQHrLMkSTgDOqcdAV6tdfFRkxf3ONY3VG6kMuzMgu2tXk53+/m02TtkQMIiw40pVna3+8f1e4QjSxLVrgDHuwLckBA+NdTUSIW8KAP72wcPzC2MM2EP9+MSTNe0rdWLbwKDXIIgCIIgCIIgCIIgCMKVJwISgjBO06IM2Ay9HfZHuvxXtCO1xhWgxq0S3dNhnWaRiTNJdIek/TdKEpMjDKT1DMeP6xnpHmNSuCfDyufTrX1Gv4cLRgS/RyfTKpNptbImycLmRi/PVDmpGUNAJs6scF9mBHemWYkdpK5AaHuiFJgbY6Qk2sjqJAv/e87BkY7hZ6YkmGSye2ocZFiD/xtplHkg08YXMq0XO8nDrbOu60QoUBJtoNBupzjGw28qHCMKhgxnTbKF+CHWuyug82nPjIetrV7uzYwYtP4CBDv882wKZV0TXxTap+nsbPWyPNEcdjtFKhKLE8yDBiRiTAqlQwRf6j0aR7oCyEPU0hAEQRAEQRAEQRCuPGNKAcbUIpT4SShRychmGwCa14na3YjaWom//hj+hpNXuKWCIFwtREBCEMYpJ9JwsVM2oEOF48rNjgDoDuhUutSLI+jtRpkUi0Kls7dder+OXk0PBiX+Oj+KNUkhRZUliWavSoVTpdqt0uZVkSSIM8pkRRjIjTQEgxm6jt0gcXe6hSK7gf8ud3CwfeTpgibZjDw6NZIl8eaLy1aBWrfGqW4/DV4NZ0DDZpBJtypMtSmkWw3I6BgkWBRnJCsimn8/1TVkmiK/puMJCRbpOtgMMn8xJZK7M6woBGdBtPs0zjgDnHMGaPNpKJJEikVmWpSRbFtwuSYJ7kq3ouk6j5U78IxjJk
<p blockindex=12><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABxwAAAHVCAYAAADLpo7fAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd5QV5f3H8ffMrdsrSwfpvSsqRVFBxI4aS+wmamKNRhN7T2KLSdTYYmKNosYuigKiFJEqSpcivW7fu7u3zczvj7u77C67dwuLKL/P65x7DuzMPM8zM/f+9Tnf72N07trNoR6WO5HVSxfXd/j/jV4DhuKKlh3oZYiIiIiIiIiIiIiIiDSbcp+fhl4Dhh5078Hd0Am2U28eKSIiIiIiIiIiIiIiIj8jyn1+Gg6299CIwPHHWIaIiIiIiIiIiIiIiIjsb8p9fhoOtvdgNnSC7TgNf6xN/OukXlz7aWm1v1v88OQ4Bl83ncJpV9ErqzW9unWhT7cu9OnWm+s+KsO2NvL08Rl06taHwX270//QM3hkZi6W42Dbu5j54FmM6teboQP7MGT4BB6eU47tRPjm3sMY9+hqIo6D7ZSxctINnH5YX4YO6suwkefw0NStsWPWRp4el0zO6IdZGY2tK7zgVo48+Wm2WI24r4qPiIiIiIiIiIiIiIjIwaCx2Uh9OU3gw0vof85rFDgOthNl1SMjaD34dhZGYtcFJl9Gv1+8Sl50I0+fMIDb5qzjhbN7xvKhzllkp7eiZ7cu9OnWi1+/mUvhty/y+5OGMKhPHwb1G8wpVz/Lwnyb4LSr6H/GC+y2K9dUwGu/6MrVn4aqrTPCdw+PpX+3LvTp1o52KWkc0rULfbp15bAbPyMYL0Oq8Slm5k3DGPvnJQQdB9sJsfShoxl50xcUOUGmXHkIv3y9uOp8K+8lzu56OVNCTh3rbFzu1Nhz6xs/uvMLHrtoJIf268fQ/oM5+doXWVpSedymaMmL/P6UIQzs3ZdDhwzm6FOv5YXFRbEMrsbHpnDRs1wzdhBDBvZjyJCjuOKJr8izHWwnyJQrOu917+d0u5wpue9yVd9Y7tezbUpjAsdGfIz2TJjYky/f/pKSyr9ZP/Dhe1sZe8ZIvIDnqAeZ+f16lq5Zz9I1K3nsxARsBxyzA+e/8i0Ll63ikxvc/PvWf7EyCqGvH+GGd3vw8JwVzF+ygjkfPMj4jq6qOZ2Kl5E/5fdc8GiYy97+hvnfLGP6M2P45vqzeezbcMX4WWTteJEnpxbXuNZpzH05B1/CLCIiIiIiIiIiIiIi/381NhupL6fxDT2C7svmsSQEtl3EosXQK/E7Fu2wsZ0oK79eQtvDDyOZijzG6MiFk1azdM16vnnnKnoP+yMfrFrP0jWreGrEZ1xz7jO4rn6Pr5avYNHi6dw7MsTGXBub2ADV1+RQmQ9Vftz0vWkqS9asZ+nyFzmzzTHcP38dS9esY+6jYwk0kCHt+aRw5C330vN/f+Df30cJr/kXt7/Rk1tvOYqkyqyorrU41LnOxuROjT6/rvEjq3jqgiuZOeRxPvtuGfMXf8x1/qe58Lp32WlDdMtrXPXL5/D89j2+WrGcrxd9zX9v6kPemt1Ea40V3fJfrrrgVbLvmMrXS5Yxb+pDdP3oMn79/Pqqc+u89+TTeXzZepauWcuU245oOHB0nMZ8THJOnEjPmW8zqyT2t+i6D/ho9wROO9xHZZFgfdfjgOO4yDliJF0Kd5FrgZW7m8K0drRJNHAc8LQaSN/2ntg1FQ/XsXfywTMf0/fm+zmhvRfHMUjqezl3X2ry8vMzCTrgGK049eqxLPrbS6yzqs/X+I+IiIiIiIiIiIiIiMjBoLHZSH05DdnDGZL8DQvXWTjhJSzaPZJLT4yweFE5jrWDxYuCDD60C6ZTdyYTWwQ4jsXa//6T78Y+wB3jO+F1wHFnMuCcazm1m6vubIm9x6s9dtX/G5MhVb82YwK33ZzFC7c8yF9veZa0m+5lXIZRNa9D/XM15bm2xPnh+f/mxaLzuOuqoaQAjqstx9x+B8NnPc07GyOsee1plo+9j9vGd8LngOP4aD3yt1x/Vreq9+JUvIM1rz3DsrF3c+PoVpgOGBlHcO1dp7L5Xy/zXaThe698Pg0GjpbjNOpjtzqRU/rP5L0ZxVhOlLUfvEfhhDMZ7IkdD8+6nWP79WRI354MGTiBJ5ZHY9cRq1S0nCA/TJ9J2dgJ9HM7uEZeygXBhzj+8PH86nf38cL0dZRUzuWAg4MV+Z4VazvQv39KxRgOlmPSflB/nJUr2GbFxvcfeQ0Xuv/DM18GiDpNuy9LiaOIiIiIiIiIiIiIiBwkGpuN1JvTuHoxdPB2Fi4qJLR2Hqs7HsH4w3uycf5SgmWLmL9mIMMGuGtlQJWfinzHcbCcMKuWr6fbkAF46llDjWyp72HcNSOEU++aqTlfIzKkmtcbZJ9xPxcUPcI/S3/DHWe2qZrLhlrzxu6jctymPNd9P98mb+UKivoOoaur2nmJ/RnQZS0rvi9j9fL1dBncv97nuucTZvXy9XQbXPMduPoNoceWZawubfjeKz/uhr54hSWBRn5FExg+oT8PvzmZzSN78vZ7RRx1fy9KSwJEyqO4j7yTt186nwyj8vxyCkvKKI9sYdIlQ5ji7GJb6HBuf38YVkmAInMIv313Hicvms28eV/wztVH8b/LP+SFy7tQEraxQmUUlpQTsi2CpQEKS1xVK4mURbCsEMUlZZRbNsFgFidcfhhnP/YiK28IY0VDFJcESGgwbhURERERERERERERETl4NDr3qTen6U6XgT1ZNucr1pXNh36n4XTLI+WxOayYt41v2w/mNwRiGZBlEyoLUFjiASBaFsaKhikuCVDoClIacYiWl1JYkoBRa/q9s6Ui3rtsNAvKAxSWePdeb7icsGNRFghQ6DEg0lCGFKCwVk5kb5nC59vTSfYsZfnOEtJSDCBMacQhEiylsCS2SidQTsSJUlYSoKg8ih0NUlwSwFX7JuJo7HuI7DW+Q2HQwo4EKSoJEKxafMXzLg/EnmuwlMKSAEb0G54+72o+2FJC2ZEP89ljE/BVjR6sdm61d1Aait1foBRXnHsv9ALYlISsRlQ4WlYjPzYpR59C/0Xv88XC95kaHM/4vmbVMcex67zOMdpx+pNf8PHcBbxwfj5P3PYymyIVx51E2g09nom//TNP3HsM6z+ZzraIhW07OLaFZXSh+yFbWba0gGjVmGE2fLsco3tPshwLx3GwLRv/iCuZWPZvXloYxKHutdT3ERERERERERERERERORg0JR+pO6exSR04mLRvZ/PRgjx6DWwFSQPpG17ItDnfYA0aQiunIgNyiOU5VWM64NjYloVlmXTudQjrlnxHWT25U+1syXbAtutbrx3LhCqPNyJDqnF9dDuTH3gW97Xv8Lfxi3j0yYWUVozr8/spLSokUnFutKiYUn8SPjt+BhYvd2pK/lZzfJuUbj1JWbmYNaFq55V8x9INXelxiJfOPQ9hw7crKLcsLGMgV0yaxTv3jMYKlFd7FvW/g+DSxaxt14tDvDa+hHj3XvGxG9FSNRq1Gv2xko9m3KD5PHv720THnkRXKo7ZsSaue19jx0pRLYuoncKA39zOCVv+xasLSgmt+YIp3+wkGLWIRopYt+wHaJVDgm3FyjVtm6iVyTEXHMuqf9zHpxvLiEajFC37D4+8GmXiecMxo3bsXMsi6nTm9F/3Z+a/P6bAtrGacF8iIiIiIiIiIiIiIiIHg8ZmI/FyGqfzUPrsfofXF7WnXzeTqNOJvt3WMOn1tfQa3BujdgZUOW5FKBjLaKDjaZfQ+4sHeOzTjZRGLaLBXJb972k+XhOuM1uy7YrMp84129g42FVzNZQhVb82Sv60v/BM7vn87tRD6HfFbfSfeg+vrgwRjRp0O2wwmya/w5qARTQaYNV7H7F14GGxHKzeDCx+7tTo8+sY3xh4Hmclv8Wjzy6kIGwRLd/CjAcfYfGhFzKujUnH0y6i+4z7eezTjQSiFtFomKKCALZj1xofOp56IT2/+AtPzNxBMGoR2jWXZx76iDbnnU136rn3AYftyQAr1thgS9WmVfglM3zCcB743RrO+2sPDMvCAizLITL3Ps4a8XBFOaaXQTe+w0OnV0+
<p blockindex=13>点击刚才创建的Client配置信息，修改Redirection URIs和Scope的值</p>
<p blockindex=14><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABX8AAAL+CAYAAAD1mWcFAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdeZyW8/7H8dd1z14zNS3TrrSd9kKLkESKEo6QnQ5+9vXgWLPvO8cSOpxDh3A4oUMiaxGVSqGUSttM68w0Net939fvj6mENlST8Xo+HvN4mOu+ru/1+V6654/3/bm/3yAMwxBJkiRJkiRJUqUSqegCJEmSJEmSJEnbn+GvJEmSJEmSJFVChr+SJEmSJEmSVAkZ/kqSJEmSJElSJWT4K0mSJEmSJEmVkOGvJEmSJEmSJFVChr+SJEmSJEmSVAkZ/kqSJEmSJElSJWT4K0mSJEmSJEmVkOGvJEmSJEmSJFVCvyD8jTLx6tYkBQHBJn8SaHDuu5RucYw8nj0irfz8lP15cF4cgNiMW9krOSAIIlQ/5XVKyo8y69U7uenGG7nxlif4aFm4TVWGyz7k4UtP4bB9WpGVlkAkCAiCVA7/Vy7bNoIkSZIkSZIk/f4lVnQBmxdl1n/v4KbhqwmT9iTxqDPpWSdhq1fFFo7hiUeG83V0J5QoSZIkSZIkSbuoXxn+JtLitEd56PjGG7UOB6Q23pOkXzFaZPfjeWjkHuTHA5IadflVY2yoosYeHH3xzZzfpQu1JlzFKQ99SdlvGE+SJEmSJEmSfo9+ZfgbUK1lDw45tC2b7cUNVzPtmav5610vMWFBMZmt+3DGTdfTeBNrL8Tnj+DiPw9hSllAtZNHsuyR1QyqdwqvF687oWwKQzokMgQg9Qiey3mNk6tv+rYJzY7l5nsBYsz6/sZfNz1JkiRJkiRJ+p37leFvyOrZ43h79IIfOn+DZBp1PpD2tQMgxtx/nEifs//H8vJlfSmc+l9uPWYCDWvahytJkiRJkiRJO9ov2PBtY1Hm/OtsDuvXj37rf/ofxwOT1gW7Re9zz82jWR6HIKklpz33JUtzFzPh/m6EK2JbH776ybxWVMxrJ1cjAEjak1umRwnDkLBo812/kiRJkiRJkqRyvzL83bLo1+/zUXZ5yJu074XccmIH6mQ2oNs5N3JG2114jzlJkiRJkiRJqiR+ZfibxF63fkU0DMu7ccOQMLacfxyaDEB81UpWxQEC0ho3oc76uyTsxu67bXaVYEmSJEmSJEnSdrJDOn8jNWtRc93IJatWsWb9Jm9hLitz4zvilpIkSZIkSZKkjWy/Dd+ASM229OzWmNS2B9Kz/l18vTBGyUf/5OmvjuOK9qmsnjCMf38R3cZ7BKRVrULAasJYDrNmriTavs7WC44Xk5+7hrIwTl7hD/cqXbOSlStiEKRQrVYGyb9wxpIkSZIkSZL0e7L9Nnzr14/DrxjJsjiQdiBXDDmE2hEICz7kyq5NaNGmGbsf+He+3eY7JtGh215UCYB4NsOPrUtSEJDc/W6+3cKecbG5j3Bo/SyysurS/eYvKN+CroQxF7QkKyuLrEYn81L+r5u1JEmSJEmSJP1e7JBlHyCBZme+wDtPnsuBLWuSEl9LQdCSEx99gzsPStnGMQLqnfwgT13Qm1ZZVUgMgh1TqiRJkiRJkiRVQkEYhuHWT5MkSZIkSZIk/Z7soM5fSZIkSZIkSVJFMvyVJEmSJEmSpErI8FeSJEmSJEmSKiHDX0mSJEmSJEmqhAx/JUmSJEmSJKkSMvyVJEmSJEmSpErI8FeSJEmSJEmSKiHDX0mSJEmSJEmqhAx/JUmSJEmSJKkSMvyVJEmSJEmSpErI8FeSJEmSJEmSKiHDX0mSJEmSJEmqhAx/JUmSJEmSJKkSStzWE+974MEdWYcqkcsuvWS7jrfPZY9RI7Padh1TlV9u3mo+ve+8ii5DkiRJkiSpwmxz+Atw7KBBO6oOVRIvv/TSdh9zVX4+b9161nYfV5Xb3hfeU9ElSJIkSZIkVahfFP5KFSUWDyu6BEmSJEmSJOl3xfBXvwtRw19JkiRJkiTpF6nADd9iLPhoBO/MLGS7xHrxFUx+7TW+WBHfHqP9TsVYPP4lRn+1evs8011INB76s60/sVV8fHs/ujWpQ6sOF/POlNvp2/pcxhbvArXFi3n7nMYMePg7SnfwvSRJkiRJkv7otm/nb5jLl6PeYlX7Y+nVNGm7Dr1VQVUad+gA6QEAxbPHMnJhUwYe1IzknVvJFpSy6tvJTPpqASvWRomkVKV6rcZ06L4njaoEW7wyzJ/O6DGr6ThwPxomlB/7+RwjVG+2F21TUtnyaL8/0dhWwrzYDB7qvS8PTC/70eGUQ4cx8d8nsfO2iwtZOfzP9HprEOO3eN+Q1dP/zcN3PcboT2eyrCiZWq3249DBV3HRqV2p8Rv+B4Y5/+HhYalcOH4Jx9aNEK6aSO7f1rB7EBKN/fpxf0Ulm3gWiTQ/9ibOqFGLWCzkj/xRjSRJkiRJ0o5WOZZ9CEPCII2sZs0qupItiuVM5cMpeTTt0Y9e9apCyWpWZa/cjncISK/fgvTtOOKuYqudnPGQOCn0fngODx+VseFwkJBMcjwkuoPrWy8WjRILgXBdB+pmziuedhenHf0kVc64j0fvPJBm1ctYNmMMLz0+kkmDunBgyq+vIbp0McurNWO3zKD8uWV2of9JACHR7Zm2hlGiYSKJm/3+QLiJZxFQr8ep1MN1nCVJkiRJkna0HRr+Fn37Dq8tqEXHKitZsGotRWVVaNJtf/ZqmLbhnLBoEVPe/ZrZywpJyGxOl57d2D09AEKKc75m4uRvWJJfSlClDi0678Meu1UlEs/h89c+J9a8AcWLclgdq8vehzZl8ZvjCfY7nD0TZzFuylLKylYw6pUpBGnN6HFoW8qmj2PKdysoKI6TkF6Xlp2706lhFYJtqDW2ZiHTJ05jztLVRIMUqjXek57dm5EebKHOHz2NkKK8XIozd6dFg2okB0CVGtRrXmOjc0pZ+e0kJn21gFVFAam1mrBH9y40zchl2sdfk1sc45OROSRGqtOqSwOW/GyOHSn99BWmZx7KIe2qUby151+czZfjP2Pm8hIS0xvQpnGcGUuy6HdIW9JLlzLj08+ZmbOWWBCQnNGcvQ/uQoMKaqPeeudvSDwEElJISPpxchqNrmL8NQdx3cqrGTF0EHUja5lyW28umn46w4efRaM5d3HcidPY95iAqRMWkbeylKYnPcgt5+5NtQDCvM957trLefrdWRQk1mePY2/kxmv+zG7JEJt5F8edNIMDTgj49O0ZLG/YhYaTP2bt2i8YsNctRGqfwD2vX8+eGzfChzm8dudDLDv8n4y8og8Z67p8G3Y5gUuHhYRBSLRsKZ88cDF3/utDFhWl0Wi/M7nyrivZr27Chnv2OjHC52O/ZfnyMnYf/Ch3n7c3aV/ezeC/PM7c5SEX7v16eUd42WpWxI7iscmPsF9yyJqpj3P9X+/l4yUR6u19OkfWeImRWf9g5LWdCT+9gsOuq8ZDbw+hTSIQm8kTA45gyVUzuOmAkDHnNOOZWpfT+rv/MnlBGv2efIMj5l3H9feP5OtF+UTTW9DjrPu44ZzuZMz+O5fe9tNncSX5l7fhidbv8u9zmxGJb36elH3MrT0uo+iEPuS//zELl64kstdl3H3/6bRM3X7/tiRJkiRJkiqrHd75G1+2lGjf3hxaO5mSRZ/w5sSv2K1+F7IiAHFWzMuh6YH9GVQtysIJb/P5tMU03K8RiQWzGffRXDK69+Xo3apStnQ6H477hNmZB9OqKhBfzeLcthxySBcyEoD4Chavu2eQ2YYeey5h5MKmDNiwJEIxy6q3ZJ9+B1AjNWT13Am898kX1DyyB42Tt1JruJIZ749nSf0eHLp/I6pSTN6qIhIDCLdUZ8bG390PSKudRdUvZjHpyyRaNqhDzZrVSEv44Yzi7z/jg69COvUaSN/qsHLmx3z08VdU79+JTvu3JXvMajr++YdlH5oVZ/9kjrENz2Drz7+EBRPH811yZ/of05S00sVMfvcDypKzgJD82ZP5NmjHocc2Iz0SpTB3NfEKXCF6652/EAfCcFPrvWbS7aqH6HPEGdwwoiu3NxnKkJcbceFrp9MwUn
<p blockindex=15>配置一个OAuth2 Provider，在Custom Login URL Template 处填入payload</p>
<pre blockindex=16><code class="hljs language-php">&amp;lt;<span class=hljs-comment>#assign value="freemarker.template.utility.Execute"?new()&amp;gt;${value("touch /tmp/vuln")}</span>
</code></pre>
<p blockindex=17><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABeoAAAG9CAYAAABqP0b3AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3wUdf7H8dfspveeQAIkECBACL33DgJW7NjOO0VPz/o723l2z356Z+9dQVFBkRZ6h9ASaoBQQgmkJ5u+u/P7I4XQA+gtwvv5ePB4kN3Z73x3tszse77z+RqmaZqInIOqqqpwOp2u7oaIiIiIiIiIiJwHLBYL7u7uru6GyHFZXN0BkRNRSC8iIiIiIiIiIr8VZU1yLlNQLyIiIiIiIiIiIiLiQgrqRURERERERERERERcSEG9iIiIiIiIiIiIiIgLKagXEREREREREREREXEhBfUiIiIiIiIiIiIiIi6koF5ERERERERERERExIUU1IuIiIiIiIiIiIiIuJCCehERERERERERERERF1JQLyIiIiIiIiIiIiLiQgrqRURERERERERERERcSEG9iIiIiIiIiIiIiIgLKagXEREREREREREREXEhBfUiIiIiIiIiIiIiIi6koF5ERERERERERERExIXcXN0Bkf+Jqjx2rE8lfV8BDu8QGrdMIikuSB8AERERERERERERcTnDNE3T1Z0QOZ6KiorfpJ3K/Uv5+qMfWJNdWe9WD8I6jOXm6/vT1MtoUDuOfdN5+eXp7HeeZCHPLtz6r5vo8JufAXCSNfNVXpwZwvh/3UoXz9+6/QaypzPp6Xc5OOxx7uoXzLFbzkHmtBd5dWYWR24mAzevACLiOjBo7Gi6x3gf57G/V5+kjllO9rZU0tIzOVRYSpXhgU9AGDHxiSS1jsT79954zn0smTSP0i7jGNbS63demYiIiIiIiMixPD1dFaqInJwGFMt5zSzZyOT3J7Em7+h0vZKc9T/wgVsAD1zVlKIDxXhGxBDpd+KPhCWkE5fd0oiymlNbjl3z+HJeIR0uu4SOQdUJp2EJopn1d3oyfyCGRzzDrutPk9riWqaDirxtLJ2ziK/fK8P74fEk+SpS/9+yc3DtLJI3VhDWqi3dkoLwopyi7F1sXj2LffmDuahXNL9vfO5FaEwT/PxUdU1EREREREREpD4F9XIeM8lZMYtVx4T0h+8vXPMtL22uxFbqwPBuwsCb7+DSNn7HHZVteEfRukNU3d921vGNpYqo1h3o2OgMg0fTiRMLlvMts7YGE5fUkcQjvmE609bfxrNfbWDt9iqSOnj8/v0wHTiwYj3ftu+ZqMxk89ZC/NqNZEjn8Lov/+imzWnin8zUFevY1rYx7QPPZGM5sNstuLmd4rGWUBL6DjiD9kVEREREREREzm8K6uU8Vknmrn3YT7aIWYattPa/mSycuYp+CYMIO5tgtyqb9TOmMHPVNrJsTnwjWtBpyMWM7tYYT0xsy97lyXkRXN6jgLkzUzlU6Y5/RAu6jric0V0iOZv42izfz8pfpzB3TQbZFR6ENk2k70Vj6d/CD2fmNF58bQlNbnmCG5JqL/MyKVz6Ds9MdnDJY3fRL8RJwda5TJ22hE37beAXSXzXYVw8oiMR7mfRMQAMfBo3JsjYRHm5HRMPDMCek8qMn2ayMj2LUrdAohN6MnLMENqE1Fya4Cggfe7PTF+2mcz8MvAKJrpNb8ZcNoSW/se+UM6Ds3nt5c20u6YlO6bMJr0IfEJb0OeK6xjotZpJk+axOceOT6N2DLv6avo1uTAueTMryyi3g5ePD0de9GHgG9OODkWHOHyRg5OSAxtZszadvfnl4BVIVPP2dElqRoAVwMHuhRNZ5TmAwaGZrErdjXvSRcTu/YUltnZcPDqJurzfeZBVP85iT/QwLu3uZMX3cynpVFv6xqTs4CbWrNlKZm4pTs9Aopon0bVj7XrAUbyH1JRUdhwooMLqQ0jjeDp0SqRx7ah8p429qSmkZhyioMyBu28wjVt3oWubcC6MV1ZEREREREREzgeqPyDnrYqDqWzcd9KY/jjOcsoG08aGSW/x6YKDRPQdx5/+dA2DmhSx/Mu3+HJVQV3rzpwlfD/9IDFDr+fWW8bRJyKbRV+8w3dptjPvgTOX5Z+9ybdr7SSMGs+tN4ylg8dWprz7LjP2VGFtnERSeBlbN2RQV63fLGLT+gxo0YX2wQbl23/mnfdnsTesD+NuvoWrBkSTv+gz/vvVGgrPejYLk7JDByk0gomK9MQAzOJUJr75CYsLmzD42j9x82U9Cc6cxQdv/cDWMhMwyVn8BR9M34lvz8v40x23c+PFSVi3/sKnUzdSfqJVOXYy+8ctNB4zgXvvuoYu3rtI/vRlXvx6B9Ejb+GOP42kmW0NP/64nLwLZJYOwyeMMD+TrPULWbl1H/lljnr3NaZd147EBlSn61VZa0iek0aefyt6DBhAzzbBlGxZyMwlOymte5SJ/eA6lm5zEtOpLx0b+9K4SRTW/H3ssx3eqM6cPWSW+tA0Lpyjq0I5clOZm7yWg17N6TZgEH0SQylNX0hySlb1CbayPSyftYCtpaG07T2QAV3j8c1NY87sVRyorO5D/ob5zN9UTGCbHgwc3JeOjU0yVy1gzYHT/eyLiIiIiIiIiLiORtTLecmetYAP3viB9JLTS2GtxdtZsa4tQztFndFoXGfOSmavthF3ycPcOCCs+kxYu3h8S57n2znL2N95JIEAdgtx427npv6hGECHxDg8//MS0+asYkTimY3or9oxl5lbvOl7521c1rK69+3aNsZ45d/Mn7OBgbckkdQ+jDkpG9htb0NLNzBtW0jNsNBqXHsCyWPJjMUUtLiMv9/Qh1ADoC3x/mW88NVslh7oyKiIBnbGkc+utFSctcmsWUVpzg5WzNtMYK8bGdjMCjjZv3g6qx2duPH2q+noZwDtaBvryZsvTWX26qG06utPQZknLQZdyXXD2uBjALTE98A63tp1kGJn4glqqhvEjbyJy3qEYADRQzey8tPttLr4BkZ08MGgOX77VrNxURY5Dgi5EL4JLRF0GNiLyuXr2bY8mS3L3fAJCadRVGMaNYmlWZRf9Q7BtJGxfiulkd0Y27cVfgZADFFeVUxdkkZ6fiwdg6ubrCjxouslvYn3qVlHdFOirMvI3FdKmwRfDJzkZmZS4hdLbPjRMX0FmRs3kxfQntEDOhBiAWhEYGUeP2/dSXa3SLy2riPDGUv/Ib1o5lXdj+gId8qmriZ1ZyJRra3kHsqHqN50a9Os+mqUSD8s1u2UmVVoFyciIiIiIiIifxRKMeS8tPaXX087pAeozN7AzE93sdt2D7f3izxmBPCpVOzOYB9Nubh96OHLVYxAkjq1YNI3O9ldYpIE4BZLp6SQw7XwrRF069GCaT9ksKt8EGHep9tzB1np2yn0j6dVRBU2W1XN7UHEtwxmzuZMDjo60aR9e0LnrmPDbgctW1iwbVrPDmtrrkr0wyhfw9bdTqJHtcCzxIatpgVLXGuaGBvJ3FsODQzqzcrtzPpk+zG3W4ISubx3PAEGYBawfdtBrM0G0pQSbLUr9IqjVZSThbsP4OgbTPzI24gHTEcZBbk5ZGftZEV6MebJagQZQTSJCazbvlZvbzytkTRr4l1zm4GXrzc4nZxoBoPzkXtwS3qPiqebLZeDWQc4kHWA/Rlr2bFpLWsad2bQwHaEmdkcyHES0jECt4ryuqsWjIhGhBh7yc2rguDqT4YlMIrI+u9Vr2iaRllYsXc/5Qkt8XbmsmdPCQFxsYRa4IiN7czn4KEqAls2Iajuw2IhqP1Irm4DbkYJWw8WYg1rSyjllNd2xD2CqCCTLTkFmK0bERjsh7l5HYvWOGjVpBGRocG06NLtd9yKIiIiIiIiIiK/PQX1cl5K33HCoiinZtrYOiOZLT2up91pFYw3KS8rw2nxx9/vyCHx7oGB+JBJSVnNyQPr0csY+AQE4OHMo7TMBO/THVJvUlJkw1mwjA8eX3bMvUZgKRUmWJsk0T5kPhs27ePi5iFsSduBW5traedrYOYVY7Pb2fHT8zz609EtWIkvK29wWR7Duxu3PXdDvclkHZTlbmfuFx/x48cziHn0UpobNoptTiq2f8WTqce24RZUjh
<p blockindex=18><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABdIAAAHZCAYAAACCfsl3AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3hUZfrG8e+ZmWQy6QlpJPReQ1U6oiAiqIgVC+tiWeuudV1X15/r6rr21V1dC9YFOyoCCkhRaRZ6b6FDCOllksm0c35/TBL6UIRF4f5cF5dmZs6ZZ07OzMB93vd5jWbNmlmInMYyXXbGdE0mM8oGwH82VTJms/skV3XiRNltNItxUC/ShjtgsrEyQLnfrLvfbjPIcjlo6LJjWhZbKgPkeU0syyLGYaNLYiQGsKLcT6kvCIBhGLSLc5DhcrClMkCBN0inhEgsA5aV+qnwB+v23SE+gnqRdjZWBqjwB8lOjGRrZZDNlX4AImw2shMicNgMlpR4aR4bQUaUjdXlAXZXBwCo73LQOs7B+ooAlmXRJj6CDe4AUXaDrCg7NgMswKh5TRZQ4jNJiLBR4TdZUe4nYFpE2gw6J0bitBksK/PtcxzaxEeQ5XJgWqGPSAODgGWxosxPepSNzCgHFhYWUBkIHadCX+g4ZdbUl+MO4NyvJvaqa6M7QD2nnSgbLC314wmaGIZBhtNG4xgHDsNgW1WAndVBgqZFpD10/B0GLC31URkw62pNcdpZUeanrOZ3cixyc3OPeVs5vWRmZp7sEkRERERERET+pxwnuwAR+d9Jddq5o0UcZ6U4sdtCce7qcj//3FDO2nI/TrvBVQ1juLJhNLEOG1gWxX6LNza7mZRbRYrTzsNt40lx2nlkdRmTc6sAiHUY3Ncqns6JEbyxpZIZu6t5vEMCUXaDPy4vZXZBKNxNjrDxl7YJtIix8+wGN+sr/DzdMZHXN7l5Y3MoSHfa4fYWscTYbdy82M+lWS4uzXLxyQ4Pz6yvwG+adE6M5G/t4nl0TTmWZfG39ok8sbaMpjERjMh0YWERZTOwgOpgKL7+eGcV3RIjyXTZ+f2SEtZV+MlOjOTZTkmsLPOxapUfm2FgGBA0LYZmuBjVKBp3wMIkdLHAG7R4YEUJgzNcXJHlwh2wsAwDGxY7PSYvb6xgdkE13ZMieaRdAk+sLadJtJ1LsqL3qclrWhgYvLapgl71oshy2blpUTHVpsVFmS5GN46hntMOloU7aPHh9io+2FaJy25wd8tYmsc4+Pvacibv8mAzDC7NimZQWhR3LSth2c8I0kVERERERERE5OAUpIucJuw2g+uaxHJ+houPd1Qxu6CaNnER/K5ZDDc3jeWBlaWckxrFLc1iWVDi46MdVbhsBtc1ieGelnHsqAqQVx0kCNiw6JUcydQ8DwHTokWMg+ZxEQAELQhYYFoQaUCP5EhmF1QD0C4+goYuOwD+oEnAAjDw7RkITtCEgGkRtFkELQt/zTDuIfVdzCn0MqewGp8ZGgnur/mvZVn4TZiQW8WcQi+xdvhj63jyvSYv51SAAdsqA6wp9/N4+0Quzorm5Y0VXJblAuCDbZVUBkxc9lCQ7jMMAqZFtQnPrK9gU2UAuwF2AzZVBjFNC3fA4h/rytlVbdIsxs4NTWO5p2UcOW4/fqu2JosJuR7mFvlCFxtaxlHkM3llk5uAZZFfHaRHPSemZeEzLbolRnJ3izi2eYL8O6cUvwVXNojmlmax7K42+b7YS9AChwGjm8RS4DXZVhXAYRgYQJTNQEREREREREREjj8F6SKniQynnbNTnSwp9fLaJjcV/iBLS30UeIN4TIsIw2BIhouKgMWLORXkVIRGiJf7TV7snMSgdBfvb6skaEKe1yQ7IZKGLjubKwP0S3FiWRZVwVCQaxEK0/O8JmcmRZLhcpDnCdA/1Ul10MKsaW5iWdQ0RznQ3rdWm1AVMLmxaQyryn017VaMAx6fU+EnBz+pTjteE0r9JktKffjM0N5K/BazCryclx6FJ2jSp56TiblVfF/sI2BaeLEwDAPLCo00Ny3YXR1ghyeIwwAT6trZBC1YWxFgk9vPkhJw2Q3uaRlPdoKTgLmn+o1uPxvdflKcdrymRYnfZEGxF19Na5na2m0GnJPmJNJu8PLGCn4s8gKwqzrIq12TGZzu5KcSLxZQ7LdIjDA4J83JU2u9uAMmJhale7WmERERERERERGR48d2sgsQkf+Nek4bSZE2ctyBup7lPtNiSp6Hb/OribAZZEbZ2OEJkle9pz3INk+QYr9JA5edCFso8F1d7sdhgx7JThIj7fROcbKizB/qMV7XUxyWlfpIjLTTOSGS+lF2zkhysqTUV9dupdbBwnRjr/9WBEw+3lFFsxgHIxvGYD/C17z/+OzqoMm4rZVUmxajm8Sy2xvkox2efYJvq6Z+y4JoOzzeIYn3zqzH+z3qcV/LOCLttgN6nUNopHrAgvouG8ZBBobX3WQd/MJBpAGNoh0UeoNsrdpz/HdVB8n1BMl02Ym2h0ae57j9fJVXzeC0KPqkOKk9nObBdy0iIiIiIiIiIj+TRqSLnCYCpkWwZuT53mIcNkwrNCrabxEKy/e6326EWon4LQvTCgXp26tCofFZqVFUBExSnXY+2eGhacyejxSbYbHBHSAhws6A1EjiIgycNphT6KVTYiSGsSdAt+9Vk2GAzQj1Eq9NrO2GwexCLw1dDi5tEM2UvGqChwikD2d1uY+pedWMbhzNhFwP22oWOd2fYYSOx/TdHnZ7TSJtsKvaJGhZBwT0AE4bGFh4j7VFuWHgr/n9OPZ6AoPQ8Q+1ywm9ZtMy+GBbJZ0SIrihSSzbPEEOXpWIiIiIiIiIiBwPGpEucprY7TXJ85p0SYwgyxUKvGMcNu5pFcff2icQaYMN7gBNou10SIis2657UiRJETbWlPvx1yTu1UGTmfnVtI5z8NvGMWxyB1hd7sO2TwBs4A5YzCqo5oxkJ1c3jGZVuZ8N7kBd5OsOWFQHLZrGOHDUbJwUYSPNaaPUZ+K1qBvd7QlavLPVTanP5ML6UfuEzUcr1xPEbxnkesK3QvGaMCHXw7tb3IzZ5GZybhXBvUev1/w30mbQK9mJhcFGt/9Qg84P81wWaysCpDptdEvcc/w7JkTSKNrBugo/7kAoLjcMyK0O8tZmNw2j7fSpF6nR6CIiIiIiIiIiJ5BGpIucJoq8QT7f6eHOlrE83iGR+UVemkbbGZQexdS8akp8FhN2VtEjOZI/t45nelIkTpvBkIwoNlYGmLa7GsMwsBmhhUsXlfgo9gVpEevguQ0VlPstbIRGk9uM0Mh1u2Ewr7Ca65vE0DTGwZubK6kOWtgMcNhsbK8KsKjEx6C0KPymxQ5PkDOTI0lz2nl3ayW+oImN0Khsu2GwtdLPf7dV8lCbBCJqLgPaDQOjZrHNWoYR2uZQWXuoOYuFcYj+7ACGZeG0wUWZ0eRVB7BhYDdgdmGoT7nLYTA800WR10mb+AjOSXXyfZGXFeV+BqQ4QzXtfWHBqD02+1Zlo+Y2y2Lqbg+D0pz8oWUcreIceE04Ny2K8oDJhJ0eLIzQ6yV0XGYX+Zi2u5rLs1wU+Sy01qiIiIiIiIiIyImhIF3kNPL5zir8pskF9V2MyHJRFTD5ZIeHsdsq8ZsmS8v8PLK6jKsbxnBuWhQW8GOxj7FbK9lRFaBBtINSv4XfDAXzcwt92AyDBcU+AIp9JtVBCwODYl+oDUquJ8j3RT7axjlYWubDZTMo8pn4gyY+0+KFDRVc18Ska1IkvVMMirwmL+ZU8NWuagCqgxaFPrMu9J6ZX02PZCfdEiMwa9qd5HuD+7R6MTAo8QWpCJgH7Vfut6DAaxJuPLrXgjK/xaA0J+Cs2S9srgpQFYRyv8V56VFYFnhMi4m5oeNYFTAJAPne4D6910PHJIg7aNWE6RaGAe6ASbHPqLlQEOCR1WVc2yiGfilRgEWO288H26tYUeYjPsJGqT9IRcDCbhh4giYfbKuiXVwEETbjoK9VRERERERERER+PqNZs2ZqCCCntUyXnTFdk8mMCg1x/s+mSsZsdp/kqk4cwzCIcxjEOWx4TYtSv7lP4AvgsttIjDCwDINibxBfzf0RtlDblaqgRYkvSEKEjWi7QYHPxMAgzWmjMm
<p blockindex=19><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABOUAAAKwCAYAAADXzMv5AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd1RUZ/7H8fcUei/SRRQUUFHE3hUReywxyWr6L8nGJKZqEhNTNJumm2RTzKZ3XTWxJbFhwS7YsCKo2BFBQHqfmfv7g66AgBSV7+scz5GZuc995s5t85mnqBRFURBCCCGEEEIIIYQQQjQZdXNXQAghhBBCCCGEEEKIlkZCOSGEEEIIIYQQQgghmpiEckIIIYQQQgghhBBCNDEJ5YQQQgghhBBCCCGEaGISygkhhBBCCCGEEEII0cQklBNCCCGEEEIIIYQQoolJKCeEEEIIIYQQQgghRBOTUE4IIYQQQgghhBBCiCYmoZwQQgghhBBCCCGEEE1MQjkhhBBCCCGEEEIIIZqYhHJCCCGEEEIIIYQQQjQxCeWEEEIIIYQQQgghhGhi2uaugBCiZckrLCTuymXOpVzhUloqSZnpXM3JJiMvl/zCQor0OgCMNFpMjY2xMTPH3sISZ2tb3O0c8HJ0wsfJFTNj42Z+J0IIIYQQQgghRP2pFEVRmrsSQog7W8zleKLOneZo/HlOJiU0SJkdnN0I8GhDkJc3/q4eDVKmEEIIIYQQQgjRVCSUE0I0iktpqWyNPcauuBgSM9IbdV0uNrb09/FniF9n3O0cGnVdQgghhBBCCCFEQ5BQTgjRoI7Gn2fd0QNEnj7ZLOvv492BUQHdCfBo0yzrF0IIIYQQQgghakNCOSFEg4i5HM+KAxEcOHe6uasCQHcvbyZ17ytdW4UQQgghhBBC3JIklBNC3JSsvDwWRW5jQ/Sh5q5KlUI7BXJ/n8FYmZk1d1WEEEIIIYQQQogyEsoJIept24lj/LQznMy83OauSo2szcx5dEAwg307N3dVhBBCCCGEEEIIQEI5IUQ9fb1l/S3bOq46oZ0CmTZ0ZHNXQwghhBBCCCGEkFCumEJRbibZhRrMrSww0ajqtLQh+wBv/7qRaEPJAyotVtau9OwyhIe6uGNdt+IqKTi1kseOt2XB+EBsr3mu6MzfPHbIjY8ndqfVTayj7vREhn3BWrfHmBNghbopVy2a3aW0VL7YtIaTSQnNXZV66eDsxrMhY2SWViGEEEIIIYQQzUrb3BVoTkpeAlGb1xMecYQzmca0si4iJUOLq18Q/UNGMMjPvvYbSO3K1HvuYYSVCkWfT1LCERbu+J33dffzbnenlr2hxR3jaPx5Pg7785bvrlqTk0kJzF6xiBkjxssMrUIIIYQQQgghmk2LzYoK4rfx81e/E5WiA7T4TZ3LC/2T+ePtj9h8dCtLj+0hMvgxnp4cgG1tmoKpNJiYmGFlqgLMsG4/mJe1WbywOYJ9ncfT16SR31Aj0Rn0aNWa5q6GuAXsPXOSeWtXcCc0rc3My2XOqsW8OnoSvdp1aIQ1FJCw929WbjxA3OUMCtTmOHj40nvkREZ2cSw+8SqZ7Pj8NRYe112/uKYdd895hVAnFeiO8OPML9mTV/EFKrTm9nh2G8dDU/riaqTnzPI5zN9wFb/73+P5QbaoAJRsIv/7Oj8dtWDoi//iH74aUjd/xJu/n8Fp9Gu8Od6T4qNboeDyAdb+tZF9sQlk6IywdfejZ8g4RnV3xaSkJa7+1FLe+Dicq1XsBOZ9p/PvRwJa7kVFCCGEEEIIIeqoRX5/UjIOsPDLjRhPfI03DWF8+fM+zu9czorEbA6lKRi1G8NzD/lzauE3fL3+OWaM9sSoHuuxbO1PoGodR5L19PWAy3Fb+HZPNDEZRRhbtCIoaATTAlwwxcCVM9v4JvIYMZk6zGzbMG7waMa7mhbXV8nmUMQSlh67RIbGgV69x/B0p1YlX7qziNr9P1Ycu0yemSNBXYbzeKAblihcvbiLHyKOcSwtH1Mbd/r1DOF+bzu0QH7KYX7aHkFEUhZFRtb4+Axg2sBOuGv0HAz/mtUOI+lyaTN/aQbx1QgfrsZt59s90cRmgUvbnnQrvBOiGVFbe8+c5MO1K5q7Gg1KAT5cu4JZDR7MKeQeWcxnP0aQZelJQM9OWOQnEHN0P39/fZG8F9/gnvbGFV5vgkvHrrSxqtAHXe1EyeFfTuNA++4+2KtA0WdzKeY4Z3YtZrFnB14c4oBn1wAcN27mzPGT5A3shbkKKDzN8dOFqGz70s1bW/Kur6dLCOe/H/1BbI4GSxcvOtjrSYo7wLrvT3A++2WmD3GhYjSvsm1HkG+rShcQE++SIFAIIYQQQgghRK20wFCugBNrlrMvTUVftQYNakAh78IeNuUP5tF7u7F8nwaNRoNaVci5dcvY2fNFhtZn0DaNNU4WBZzKLsKQf5pftpzFJeQhZnqYk5u4i3lrt7PL516CVcf5cfNpXEMfYoabEZcOr+Sd7QcIurc/zoAu4TB7vCfz0WOO5J5eyxtbI4jqcBfdAV1iFJudx/HWQ+6orxzgy41/8F+zx5nheoIv1h/Fou94PvGxIevCdv6z+U/MbR7iHodMNm7bwnm3iXwyzg3TnNP88ncYyy748nxbFaAn7sghfIfex5duNpC4hfc3n8F/6H0852nCxWNr+TiyCE+vBv1gxC3qaPx55t1hgVxF89auYM6EKQ3YlVXP6ajDZGBD/0dn8mAnE0AhY9eXvPXrMaIOnGNS+w7lIZfKmoCxjzDZ+wYtUrXtGPbw/9GtuJkd2bu/ZNYvR7lw9hL6IQ5ovboRYB/OllPHiSvqRRdj0J07zslcsOkeSLvqzvZKJvtW/k1sjgaPkOd4YbIvVioojF/DJx/+RczazZwccD/+FZbXuA9k6qP9sJQUTgghhBBCCCHqreWFcvnH2bXvKoqisPu7Oewue0KFtX8grYv+JivuIPPf/Kvk8Th2709k8CjXekxooCprOaI29uaxe72wsrHAVCmi0MQUM/LJLlTAGAyKnsysTLIUd9r3mMpPQQpqFRQBGpsA7unkjIUaLLza0dZwjKySHm9qc3+m9GmPuxZo05+HO8YwJ+4s8fkxnHDsxeed3HBQgUOHodwd9zUrTiczydGBQcMfZbCFDdYaA3kaUyyMdFwq0EFJm0CtezcmeNhgjIHjp2LJbBvMwx2cMAdsg4YSemIhsfX8CMTt41JaKh+H/XlHdFmtjgJ8HPYn7026v8EmfzAyNgYlm7NRUZx1DaKNvQk2fZ9kfpAOg8aYhusQrsbG1rr4PKNtS2CAHVu2nSD6rI4uvioSYk6QgTX9u3lX39o3/wSHT+SBeRAjR3WgtMGesftQHnjcjnO5NtgZqltYCCGEEEIIIUR9tbhQTp90notGvox6MJCsLSvYGV9Y8owpPr6tOLM7Hj2AypbOY8fRMXkTq89dpABXzOq6MkMmSbkmOFoaAdmcP7GFZaeSyFab0crWhIySl6nMOvLkqByWRG3g9V0ZqO3aMKDrYO7zdUQFqCytsCtLBFWoK/Zys7TDuewbvhpXOzuUy7kk5eZibGWLTdlrjXG2MSMrJwcFB7KSDvDrwTjii7TYWtujKYTy3nJq7KysSnYOhczcfOzs7CgbFk9tj4etWkK5FuCLTWtu60kdaiszL5cvNq3hw3seaoDStLTrPwTvfX8St/NnPtz5KyY2zni0aYtv4ECG9mlX+VyiJLNx/tNsrPCQxncq7784GNuKLdF0Z9ny288cVgGGHC5FR6M4BDF6UOm4cFraBXbGZttOTsRcQt/ejNjYKyjWfenmU7G7bGWG9GRSdaBxbYOneYUVqszxCOyHRxXL6KJ/Yca0Xyq81pYhL77PFF8Zf1IIIYQQQgghaqvFhXIUFqB37sLAfv1JvbSJXfEpKCor/EY/xPiORURtLGkTpHElcGB/esWfJXxzIToF6jpgUu7FWA4bPPm/VhqyTm3m81OWvDjxCbqZq0Efx+c/F7fTU/LTSTHx5bHxvXnGkEf8+d18unE99q73E0pxe7vqVm3ITidZD25aAANXMjLQWFjiam5GYWI6mQo4qAAKSc7Mw9LOHCXzIF9tuUjA+IeY5WyKmjzC//6KiArlqlSla1Rha2FOeno6BRS
<p blockindex=20>在给出的 <a href=https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-7726-43hg-m23v>POC</a>中在请求时需要加上csrf参数来绕过CSRF检测，这里只要退出openAM平台的登录再发送请求就不用添加csrf参数，这样并不会影响payload的执行，只是页面不会跳转到 <a href=https://baidu.com/>https://baidu.com</a></p>
<pre blockindex=21><code class="hljs language-php">http:<span class=hljs-comment>//127.0.0.1:8080/openam/oauth2/realms/root/authorize?client_id=1&amp;amp;scope=employeenumber&amp;amp;redirect_uri=https://baidu.com&amp;amp;response_type=code&amp;amp;max_age=200</span>
</code></pre>
<p blockindex=22><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABn4AAAHxCAYAAABDB8JyAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzddXwURx/H8c9dBHdIQhKSkCDBpRDc3SluRUrloQKFllL3lroLbSlUoFAo0NIixUpx1+BuAYKEhHjubp8/sMvFLhBICN/368UfXPZ2Z2dnZvfmtzNjMgzDQERERERERERERERERO565uxOgIiIiIiIiIiIiIiIiGQNBX5ERERERERERERERERyCQV+REREREREREREREREcgkFfkRERERERERERERERHIJBX5ERERERERERERERERyCQV+REREREREREREREREcgkFfkRERERERERERERERHIJBX5ERERERERERERERERyCQV+REREREREREREREREcgkFfkRERERERERERERERHIJBX5ERERERERERERERERyCQV+REREREREREREREREcgkFfkRERERERERERERERHIJBX5ERERERERERERERERyCQV+REREREREREREREREcgkFfkRERERERERERERERHIJBX5ERERERERE7kVJlzlzNhJLdqdDRERERLKUAj8iIiKSaZaLh1i/+E9+/vpDXhr1CH07tGHQd4ewZnfCJBvYCF/zDSPahVA+oDK12z3BV2vOYcvuZKUlaQ3PVS+DRymf6/9K13+bLer1TCH25DaW/vEr37z/Gk89NJBOTRrz2OxIh63usuufXWIPMueVgTSuUpHAKs3p98qfHIjN7kTJvcg4v5Ff3n2ZkUP70a7hfQT6B1Pnib+4aGR3ykREREQkK7lmdwJERETkbmMjbOYz9HhpA0nXP3OlWhuFfe5FtqM/MWLAW6yMufL/yC1zeH3AOfIun8bwgJz4jlEe8uZN/oktMoJLilQ4SGLX948z8OujdkEcd4omGhiA6eond9/1zw6xrHh9EI9NOnE1OH6AZd88ycGE4vz3XhMKZHPq5N5iPbWUbz+dxH67W7Z79iVHRERERG4T/RoTERERkZtkcHHVEtbHOHwcs4HFqyLImS+QJ5GYmPwTk3te8phS3xrAFneJyLjbm6q70914/bOQNY5LUQkZb5cUyuIlpxxGRFo5uWQpoUlpfEdEREREROQWaMSPiIhILhY752EqPjIfJ7omM2CixKApbP+kud4MlmRc3FxTeZPIjItbDn2/yHKR8w7De8xe3nhdT66N02t+ZfriUPbtP8D+/Qc4dCKeDpN2MqFjnjue3Jzurrv+tyDpyDJ+/H0Ve/bvZ/++A+w/fIZCQ2ey7q0Q3NL7oskVN7eUkUWTmxuu6QQcRUREREREbpYCPyIiIiJyk0wUbX4/bUstZe65G+M7TKVa07N5UXJin7Y17CjHk0VCTZSsXo0yLtf+b2HPzPd4d8pFuxErmowrdXff9b8VCZt/4Y33F9kF0s0UcuaLrlXo2j2YiR/tIv76h3mp1L0zVfVrTEREREREbgP91BARERGRm2by7MZnf5gp+/5PLN0XTaGKLXjw2Sfp6pkzu/1jd25nv8XuA1MpWrW/TyPZbtLddv2zRx5qPjOFGcU+4rPZmwijNHV7PMmzw2ugMWQiIiIiInI7KPAjIiIiIrfARIEKXXlxYldezO6kZCiBras3Yb8kjUtQLwY1yZ9tKbr73U3XPxu5elD/0feo/2h2J0RERERERO4FCvyIiIjkYu7V+/LqmyEOi4oDGESsncxn848n+5tLxft5blAN8qbY3kS+SuX04CB3t4QtLFwafmMKN1NRWo8aTi0N9xEREREREZFcRP03IiIiuZhrUGseCkrtLzaOmxbwhUPgx9W/GUP/15simT6SldPz32TgP8fZdzSM8Mgk3AqVwDuoKiEtOzNwSDfqejrXu25EH+bf32fw58L/WBd6jDMXYrDmKYxX2UrUatSaHoP60i64SCoLyjsnKfIo29dvYuv2UEL37OfwsVOcOh3OxcgY4iwm8hQoiqdfeaqHNKFdj950qe9NvnT2F39qIwvnr2DDtl3sO3SMEyfPcD4yhthEG275ilDKN5DKdRrTrkdfejb1w6mxJZaLhP4zi5l/LWPN1r0cOX2R6AQT7vnyU6hYKbx8ffAvW55K1WpQu24IIdV8KeSS9u5ua54m/seYmgOZYrfGCwW6MXnf13RKbR6ruJOs/n0qM+avZEPoYcLOXybB5E7+QsXxDgiiQqVq3NegCe3aN6ZcEbsUGfGc3bOJ9Ru3sX3nHvYfPsHJsDDOnI8iNi6eBKsLeQsVxyugIvc1bkvPB3rTIrBAsnVmjCgr3s1bE7J2MzsOXSRv07G83tvLifOOYfaQQGY7fmz2539//ccbIW6ZyDBIOLeX9StXs3rtZraH7uPQiTOcv3SZ2ETIU7gU3v4BlK9UnWYDHuPBhqVSpC/u5Fr+mPYHC5atZduhMC5EWXArXIoyFarToHVXBgzsRM1Szjzmx3FsxUx+mjqP5Rt3ceRMJPGm/JQoU4l6bdpS7mhcxrvIxPW3xZwmdO0qVq7dwJZtu9l35CRnzkcSE2/FlK8IHt5+BFWsRK22gxnZvwaFHWaLy9pybOH89gVM/+1vlqzexr5j4VyKN3DPXwTPgIpUb9Cc9h3b0aZeEEXSzEobJ769H59vHT93pdbLy5g/MgiXq9sd/7YnDV7aQJLdNtWeX8yiMRW4UXWtRJ/cxYb1m9m2Yxd7Dhzj+IlThIVHEB0bT3yiDdd8hSjhE0iVuk3p1GcAPRp6pxKoT00CZzYv4LeZC1i+fgf7j54lItaCOU8+8hcuhmdpH3wDAqlYuSo1a9ehft1KeOXPTItwNe0btrBjx2527TvEsRNhhJ09z6XLcSThTv6iJSlTrgp1mrShW++uNA0smME6UElEHNrCyhVrWL9xGzv2HOTYqXNEXI4j0eZGwZJe+JUtR3C1EHo+9hityzim10rEnqXM+n0e/yzfxL4TZ7kYa6ZQCS/8qoTQsn0XevdoSmDBdFKRcJEDWzawcetOQnftYf+Rk5w8dZpzEZeJibfikrcQxUv7EVyzPi063k+vDjXwcDqQnET41vlMnzmfJSu2cODkeS4lmClY0ody1evSonMfBt1fD+/0LrD1Mse3rWXFynVs3LKDXfuPcSr8IlExCVhd8lPcywf/csFUrdORh0d2oYIThcWImM3QWk+yINnQyGCeXvwP46qlUhli5vNojYeZE2n3Wd6mfLjpVwZrykcRERGRbGMyDMPIeDMRERHJXVLriIQ8bT8ldGpGgZ/Uv5seU+GqPPj5JN7s5JPOWydJnFj0PiPHfM/qs+ns2aUEIY98wNcvt8Mvc/3tQAyzBldjxIKEjDcFIA/eTYYz/pNn6OCfWhTDIGL6UGo8ucRu0fa0uOPbZizffj2CukXT6gwziNg0iedHf8CcvZdx7iGtCH2mbuXLtqml7w7kaSY6/mN2TWH08Ff541AGuWXyZOjv63i/6Y0eVMv2d2ne7gv2pxy+ljp3H9q8MIGvH6tNkVSyO+HicS64lsHbMbpAIstG30f/KRczzv9MB37iWf5iG4ZNPEyMLaNt3Wg4fg2zH/K+EciwnWfN588w6qPFHEsnC02Fq9D/nS95p2+FNAONRtR2Jo4cwVvzjuFEeOcqd9p8sZUp/Yre6LB36vobhM8ZRftRszkZl3GpLtD5a3ZM7kah659kbTm2XdjIt+Oe4f25B4lJLznujXlv0zSGlb5yBaJ/H0alEYvIuPW4ycBPanmZrvyU6/kmkz7pR3A60WnLmZV8/vQ4Plvk7LU2U/axOax6vQ5ONweZTbtrCe574BU+ebUnwQVSqaCWbXzccSAfbr2EJeVfk3MJZszif3jOLihhRO9m2kujeW1aKJfSqWuuHnUZPv4TXuxaNpUAWubvdfkD2/HUh+N5oolnum9YGpE7mDxuFG/N3k90OlmWP7ATL074gIdqFUkRJLMe+olBXV9jaXhihukyeT7AzC3v0tQ99bbUvfl7bJkxCA8TYJzllz4NeXq5fSPjRr23VvLno2VSBFYT17xEvfsnc8oun90bvcW62cP
<p blockindex=23>执行之后，进入到docker容器中，在/tmp目录下可以看到已经成功创建了文件</p>
<p blockindex=24><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAdUAAABsCAYAAAA8Cyj+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOydd3hURdfAf/du301vEEIHQRAEBQsvqEgT8FMEERClKSAIqIAVlarSFORVUUSKiqCCgAooRQyE3kkoodf0nmySrfd+f+xmU9gkG8T3xZf7e548yu7s3Ll35s6Zc+bMOcLBgwdlu92OzWbjpZdegtNmFBQUFBQUFKqO+N9uwE2HYKLps+N4bdidqG903ap6dHx7AoM6BiPc6Lpvdm7le1dQULhlUIRqWYRAWgwYSu+HaqKqtLCKsIdfZOa2rWxNOcbuhBh+2vwRve8o55fqxjwy7lkevN146wmWm+zexUYvsCxzD1O7GUt/YYqiedf2NAn7z7RS220W21Lm0kH3H7mcgoLC38wtKVQNjf+PsavXsyX1OLsvbODf0zoTpa16PUJIN9749iVapP/EzL4DGdHvLT5bvJXTKZLvlagaMWzXSQ7nnynxd4y5fU1VK1MCXdNnmHc2nv07RlLPi3zXNXyMyYdjWTezdYXaeGX13BgEjA3b88zsT1l8aAfbEhbTO/LvFmgq6j3RjUbZf7Jpe0Hpb5o8w7TlE+hS929+NYz1eWT6QpbN74afqRszLu9i7ea3eSj8ZlhyKCgoXC833MJ5syPWfIyp696n4c45TO66kxRjc/p+OIO5zlSenXwUW1XqqtuYBsZENs1ewMY9jutskBE/PyfHZj3P1JXpyABImK8WVq2MG3XDp5ixdgyNJJu7XDGq0KZ0GjmSYaM6UdcokFJBsyqq58aho96A6cx5rxkJq1ayZuJ3XLqazNXMv++KAKga0rFnI3J+m8OB/L/3Ut7Rc/fEL3lvUA4/vfECU45kIQRG0bCFmqtZf/O9Kygo/K2UvxxXV6fNa3P59uQh9mYcZP2fc3i+Q/Vik6gQxL8mL2J57G52ZMazP30fP2+cyYAHwktXKgbTYsQ0Pt+zje3pcUQf+55po1sRJJSoZ+KXfH1wG1uTj7E/6wgbd3/OqO5RpSS+EN6Vd/dsJzrtJAezY9ly+GsmDLgdo7seVcshzNu/kx3pR/nj4CLenfMpK84fZvuJZYx9pKhNelqNG8+DGYuZ8MJSdhw6w5kdq5n74W5qDOhNqxImONXdz/HJwT3szopj6+GlvN7vNvRFX2ru5Y34eA7EjKCerhYD/ijSIk/w9Uu1i+/f2IBuM5ew5lIc+9L3sfbXYdxRdhkjBBAQKJFy/DBnTpzm7InTnD1xluRcqWplACHgHkZ/O5aAL0cyfV12GWGoosHwKYxpX8Cvz41jxfnytemK66m8L3y9d929Y5g5OZiV3XowevxCfl23m9gjF8i0lihU2fjxNCqEB+euIzphA28/GlqhiVl1R1c63Z7FttX7sBR9WNSn24ZRR1ePwdvi3X16iq2fPYAGH8eYL++Fqg6t20chbf+aT77ZxfHYkxyL2cLaT3/n3HWuzRQUFG4OyhGqfrR+bwkfv9qQC5++yctPvc335xvz/KqljH3Az1VEMFKnTRsaZqxlYq+BjOz/ARuyWzN6zRJealu0T2Wg+dtLmD+hMRcXTmLMI0OY8lUaLaYsYNrAGu5JyEidtu1oat7EzIHDGdVvEqsT72DI0tn0aVBsc5SzT7Jx1kTGP/oUzz4yis+2B9D9k38z/F4NAKrIJrRscIXveg7gvT+r8/jAcGKGD2PGtgj6zX6eZhpA14ouPcI5uXw1p2wBNBs+nUVHdvPb5x0wBNehVmjx4xA0+cR/OZVXe4/ny52BPLZgEW89GuSarO2xLOzejacG/kiiLYE1Ax+l512P0POuR3njm0QkACGY9nMXM3VAIIemj+flZ6bw/UEz6rKzvT6EYFMBNlUEoQEa78LAlzJiOJ3mzabTyam8OSeOgmsUHienZ/ThsU5v8PXmq9jKU4gqrafyvvDp3oVA2o/pRx1bEF2+3Ux00gE2HVjKW4OaYvKU82H8FKGuS+tODQkMqk+bB+pWsB+uolHPrtRN+4PNOy3FH5fbp10ZNPUADnwcY768F1Imacl21G2fZkiXKJTtVAWF/x28mn+FyEcZ8lwdTs98jCmfncMJ7Nl+Fs1tvzB0fHeW7viRdHdZOSGOndH7sAIHouMhejUDx3fn212ryAzvzrDRNdn9Uhdm/ZDp0ngOnkLTahvTnu5IxLffkuyuR7pymOhNu1z1HPOjVdwE2j0UzIpzbnOn/RL7Vl/ytPFknJ7WT82j5X2RiHsvuyvJ4PyhWHYY48gfHMjFPQfYzH7GP1Wf2kY4Vq0ZTYLTiTucTGDPmXw8vQkxY15ktvY5vpgThqbEvqpj7w98tmADVoA/T6G5fQOjXuzO/N+WkyJZyDx/gZyQHOyyjZxL57h42lnqGYo1/4/+vUOJnfQs739xBQnYHe3k7uH3EFqyXJgB6aqF1nPWsWmRirxTO1n7/vvMX33RY4quvIxIxFOTea1VDJMf2kiapKKOt46V5UpMuT7WU1lf+HLvmmbc085E2r5NrPh8JxcyVNR6/GXe+vdXmLK68+4v2RDhw/gpUrjtR/h6xFQsHQT2LDhMuQqf5g46P1GHjHVTOWwp+UXlfQpUOsZi89yPuoL3IkNOY/2ED2j749s8t3oLvU9uZ91X3/D9tzu5WnDtJRUUFP45eBWq6qbNaaxNZH3MJTzTiuMi+2MSGNmvOQ00P5LubdaynWVXdCJD+95JA80qcpu1pKnRn6AvYtjzeXExQa1BvFCDcJHiSbEEUtoVEswCjUICEXAJVTG8Nf0mjabHw42pHixSkFqA3iCQpPfiYSTJyAgIIiBJyAiIooAqsgYRpJOabKTNqI74xUzjkxWHyXs4Gwdh5T8l6SpH9iSg6t+EempI8WHjVdX4dhqqkvhlr1tzLa/q8ysY13IFIGKIak6H8ZN4c9Ei9JmPMyM636cyQkgHxkxtwYE3H2f3X9iT87WeyvrCl3sXTNWICJS4/PuPbIrOQAZOn5hK7UfW8Xyfthh/WY+tSuNHImPncubvrPge1Xd1o0PdVKLXHKzS/vk1lDPGvFLmvciwge3E97zaaivNH+9FzyF96PnhEp4c8RPvPvY2W65WwdFNQUHhpqJcR6Xy96QqmrRlkCQQBLdpVwDnVdY+N4Jlx8us+u05JDkoxwAtITlBKJqkxJr0XrqQV+ruZsG7L7PrVC5CaDtGLh9XSusrboYTp1NCLtNUwWhAjw2rI5CQMBXm+CTyfJJBguteKtX0SrZBRqpoor0GicKEo6x/430ad15G914t+Ch6F3Yfyug6P0nnqDBUi2LouMjdYrUGtfAyPyS2ZkaLoaxOrrzlJl/qSY2qvC98uHfZbschi4SEBCDgEqo4k0lOlNCGheIvQoYv46dKaGjWsws1EjezeW95ItXHPi5njJVXZ6n3oghrKnErvyBu5SK+7P4Ony7ry+uvr2P7Szv/msBXUFD4r+FVqDpOxBFv68XdD9RBtc9l/kVdl3seiMIed4xzdrxLXbEmLdtE4Tx5kgsOcByP5ZStF3feqSdpTRxWLz/xCU1j7rxbz9mP57Jk9RmX9qMNJskiexWq9i3v0Kma+6clPpctVqwYMOrNpGRLGAL90UAZweXt+vW478Eo7LFxnK20sIuie7+nY0M0e+Mrv0YRooBQmRwuU6ZgwxT63j27RJeoafbmUiY2X8e4Z5dwNM23pYBP9fjQFz7du+U8Zy/AfW1bETznAhkyoKlPg9tUmPdfJkuq6vgRCW3blz4dRPYuWMGhVC/anrYFnR+PJOWX34krT2pZLNgEP/wCRMCL+ddNeWPMe9NKvxdeaiN543I2nerD87UiMQqUv+etoKBwU+NVqMpJ61iyeAifvT6PybZP+S1epOHToxna7DKre2wgXcYjVNX392PUCIH95+xEPfEiw1tnsLH/BlIlkJPXsfCLAXw+dgHzAxeyctMpMu0Gwm6LJGfDcnZe9tHM5ThH/DE7nfu+QN+47zmSUIAY0JRquqqd6XNevkQSXaldt5ANmw/D27149Lat/O
<h2 blockindex=25>分析过程</h2>
<h3 blockindex=26>路由分析</h3>
<p blockindex=27>根据openam-server-only模块下的web.xml文件可以知道当访问/oauth2/realms/root/authorize接口时，会交由RestEndpointServlet处理</p>
<p blockindex=28><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABWEAAAG9CAYAAAB02rQBAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3hc1Zn48e+dot57lyxZcrflirvBBhuMqcEhlAAJyyZLEtiwlOQXIAkJyYawCWVJQshCwFSbXgy2wSUuGDfcLVm9l1Gd0Uijaef3h2RpJEt4RliWbd7P8/h5PKMz977n3jNnzn3n3DPahEm5iiGwmM1DeZk4zaJj42g01Y90GEIIIYQQQgghhBBCnFJyShpVleUjHcYZpxvpAIQQQgghhBBCCCGEEOJ8JklYIYQQQgghhBBCCCGEGEaShBVCCCGEEEIIIYQQQohhJElYIYQQQgghhBBCCCGEGEaShBVCCCGEEEIIIYQQQohhJElYIYQQQgghhBBCCCGEGEaShBVCCCGEEEIIIYQQQohhJElYIYQQQgghhBBCCCGEGEaShBVCCCGEEEIIIYQQQohhJElYIYQQQgghhBBCCCGEGEaShBVCCCGEEEIIIYQQQohhJElYIYQQQgghhBBCCCGEGEaShBVCCCGEEEIIIYQQQohhpLv+otEEKdXzhFKBpE1bwjW3/IA7b/82i7PD0ZRCkcnFt97G8qmjmXX5zSMYshBCCCGEEEIIIYQQQpw7tOLSclX6xj3856oCnIQx964/cf/SRFRrHWZjLNH+daz95V385dAcfv3ePeSYzQTrXSxeftVpD0bpgonJyCYxzA9aizhc0uhzGaXALzKN5MRogowaTruV1tpS6pptoGkAhI+aSVrEyZOALWW7KG1SJz1/NouOjaPRVD/SYXyjjLnuMp64OLTnsbKX8duf7GRHd/saKqVg/IJJzKGKVVsbcXzN7QkhhBBCCCGEEEKcbZJT0qiqLB/pMM44w+sFGt9Zuoxxqwo4FJhKSmgrh998kt+/eAirfhb3vvRLFi6exF8Odb0gtOUz7rnnH6c/EmM4yVnZRBk7aLf7ETTEMrqwDEZlROM0VVFldWAITyQ+Yyw6xwFqrF1l2mqP05u71WGMTCUpAtpt51YCVoyMiu17+E2BEYDYmVP5weTTtWUDOTPHch1WXt/aiON0bVYIIYQQQgghhBBCjCjdFwdrIDKWeD1otqOs/v1DPLMrjItuuIOf/PQaxgVASFwCId35yerdWyjoPP0z9MKSc4jQGqnIO0pTx9DKKAVhMbEYzeWUVdbQ2tJIQ2kBDTZ/ImMie8q5OlppM3f9s7pCiY7QYynPo84qSdiREpQcz8Soc+P4t9eY2HGgmh0Hqjlocp7RfSfnxJNsPDeOkxBCCCGEEEIIIYToYnA4HYCGBij/8Xz/sd9wbaaRjsYqqmpqMZsh3uMFTufwzM9ztpZSXF5Ph0sjcshldDjaaqi1teDqvpVb0zqx2RQ6g7FrbVvPW7z940gfFYe79hjlTZ1ocvv3GReUnMLKFeNZMcWfzU+8z+GmrueV8mPqpVP53sIE0iP80Dtt1JZWsfqNfWyo7n29UorI7BzuuGY0U5ODCHS2k/9lHn9/s5hijy8LVNYUVt2bzp4X9+Kan8viND/sLc1s+2APz+6y4NQ0lCGFhx6fw/g9W7hxVV3P8hVKn8ADjy1gyr4t3PRy7/Pe8CY+NWE6a36cSWjPdmfw1rMzul/vZvvza3h0d9ffshbN4747zPxr41Fe/bSKKoe0WSGEEEIIIYQQQoiznaHPo8nLuDQT9v31dh75qB6nNpYf/t9Mss9AIO3NJuCrE0qnKqNpbtpNlbR7PKdUAAEBGi6rrU8CVik/YtLSCdF10KT8CdC3YXN/vToI7/UmX0NoLyjl5afy+CifntPrPy2XX1ydSMWWQzyV34HdP5S5Sydw93+4KH9wP/knkuxxOTx81xTiSgpY83oz1rAYli+bwe/CXPzwL2W09EmYauRemMnefYd4Zqs/YxeMZcWts6kv28CaesBRxbajDuZOSmGKVseB7lfpxqUwPcjGtr31PiVgvY6vvJgnn6/DiJ7cS2exlGKe+KQOe/c26gt7t/evVz7FuHQCKy+Zy98Wt0gyVgghhBBCCCGEEOIc0DcJ29yKBT/ix89mTouNtLlXsCQOOId/98kQlUZ0gI2mMnO/vyic1hbMLgMh8aOJjA6jNL8Eq1uSWcMpKDGFlVeOZ8XkYCzHS/jnn7bwSYGta+ayR4IzNT2K4I5qXn+tkF3dz+8sbmRXuobFALi6yo2el8VYRwWP/u9+tjs0oJwv2oNZdWM2S6LKeKvZc+9+NOz+gmc+60pvfnYMRv8hl2nj/VhT70DTFNv31WKbmsy80Xs5UNg1k3V6biKhliq25ilO9UVBf97Ep1ma2b67GaUMhM8HaGbbrgrae46Hxz7bzXz27ud8ti6Miy4Zz7cvPpGMPcwrG2qodkr7FUIIIYQQQgghhDjb9E3CFqzmmTfHc++1P+CBRS4sFTs4WpTJ9BEK7msLSCA9NRynKZ/6dtUnyadpDlqrC2gF8E8gc2wqcdFVlJjk55CG06wrLuCa5Epe+J/NvF/U2TU7eYDZpVXlzVgDE7np1gkkFrRSabJQUmpic72GZ1IyJTYYTOWU6Y0E6buec9S20qClkxgP9EnC2qms6ex9fauFaquLlOAA6P4ZLPv+SvZ1pjJzagwUNgKxzJ0YQMvBSvb7noP1MT4fdJjZ9P5ONq4PZeHSKdx++Sy+VfIeT+cNcXtCCCGEEEIIIYQQYtgYyl7+EVe8DKChaW18+eK93LI6htggK3UN7SjtDz2Ff3XFxhEL1FdKH05KVir+1nIKq1r7rgXbv6ytgVZrGvFBQdCVlhXDpLqsCevkVG6+RU/Ux0dY80ULbQNkNjv27uPR2Fyun57O9dOCiQzQ4bZb2ffhDh5Z14Sj+3waDBpaxkSee2Jin9cr1YlB33+rCuWx5ISm1fL4vW/3LXJiSYLJyYxe3UBBdjIzw23sHMJSBL7H5xsVEMqCJeO4fmE8Ea01FA81oSuEEEIIIYQQQgghhpVhoCddHQ3UdjCkpNPZQBFMfGY2Ea46SkpqceC5FqyR4OhIDO0mzLYTvzLvQinQtK+ZFROndHzdJm7bG8fVyydy9XeXsuKyKtZ+cow3dzbRSt+ZyvvX7Wb/OlAKAiPCmL58Nj+7Kpfln2/kPUtXOadToaoLeHR137WAwU19ue/xeS5JMD/lAMbcZGIs1Ww9NoRpsMMQHwBBYSy+eDwrF6WQaGtgw4dbeHiriSbXufl+FUIIIYQQQgghhDjfDZiEPZcp5UdEZjaxfq1UHi+j/aQ1XnWExGUQ2W7DXNbalWjWgvEPgM4m24jE/E3jaKhnzUsbeXdtdzL25otZvryCvz/9OetMXecrbdYkrohvZPX7VZg0DVurmW17TZgXJhEXDXQnYStNVsiE1rx6DncnSVVoGNPTjLiHuLLEiSUJZk1LQZsYTMvBikGXInA43aDT0A2yLd/ic+N2A3pt0HRv5qI5/OyqZOI6GtjwwWZ+0ZN8lQSsEEIIIYQQQgghxNnqrEnCGoIiCfLrSiQFGgEVQliEAhzYWszY0U5ZplNpBCbmkBKuo62mAVdgBCGB3TtQnXSYO3BpnTQ3tRGbmEm6o4qWDgiITCLKYKW2yYoks86cvsnYLKLDAVPX36xBUSy7LINkYyAbSjpwGAOZsjiNyPY6jtX0bqNwexF5iydzz50O3t3TgiUwjNmLxjDPv5SfP9RAzUA7PmVgXUsS3DdtIvr4Tnaurh90OYuqkkbM+lSuuDYDVexAAXS0sie/Dbum+RSfprkprm6HeaO4baGdIzYFuKnKq6LA0rX/uGgDB97fzGuSfBVCCCGEEEIIIYQ4Z2gTJuWqUxc7mcVsPq2BhI+aSVrEyfMJlbJQc/gIjU7tlGUaHBpRWbNICT85MaUcdZQcKsGqaSiMhCRkkBAdir8enB0WmmtLqTfb0c6xJRiiY+NoNNWPdBinnSKI+ddO46YZMSSHG9G57DRW17L27X2sPt47hVQpRWT2GO64NoupSUEEumxUFJbz+luH2VHf27RV1hRW3ZvO7iff4+m8U59j44zZvH
<p blockindex=29>跟进到org.forgerock.openam.rest.RestEndpointServlet，在该Servlet中不存在doGet()和doPost()，容器会调用到service方法</p>
<p blockindex=30>在该方法中，会判断ServletPath的值调用到不同的方法，这里会进入到restletOAuth2ServiceServlet.service()</p>
<p blockindex=31><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABZUAAAFBCAYAAAAPLUGAAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3Qc1fnw8e9sUe+rXizJluTee8fGNsZA6MX0BBI6CZDwBlKAJMCPBEISWsB0EzqYjgGDuy1b7pabZDWra1VX2qJt8/6htpLbypYsy34+5/j4aPbu3DJ37s48c/euMnzkGLXRZKIn6QLCCfBRAAiMTsOgVnLI2Ag4sNWbaFYV/ONGMCjWh6byAmqs7o43q81YTVZcioI+ehgZcT40VZVSbwW/8HgiQ5xU7M+mplnp0TL3N4aoaGqMVX1djF6h6v3wxYrd0XKMVa0vvnobdlvHMVc1EQy+chKR1TvYtKIcl3J29wchhBBCCCGEEEKI01lC4gBKSw71dTFED9H1xk4DY9IYEKbx2BJLclAsqtpIefYemh3gHxCARlEIic8gxCOl6qikYHcBZsBelUuhJoVYQxIJWnBaG6nKL6TaBhJDPHMpDht2Og6w4mrG7up8wANGZhDj30DRFgkoCyGEEEIIIYQQQghxKvVKULmhIIvdR31VQVGgLn8zdUdNorSmdGCuyCWvouvLEkQ8m6n6GAaOCMORm8WhekC6gxBCCCGEEEIIIYQQp4zm+EmEOH2oKgSPySBKW03RtmqZsi6EEEIIIYQQQgghxCnWKzOVhegtigJNWWtZlQUyRVkIIYQQQgghhBBCiFNPZioLIYQQQgghhBBCCCGE8JoElYUQQgghhBBCCCGEEEJ4TYLKQgghhBBCCCGEEEIIIbwmQWUhhBBCCCGEEEIIIYQQXpOgshBCCCGEEEIIIYQQQgivSVBZCCGEEEIIIYQQQgghhNckqCyEEEIIIYQQQgghhBDCaxJUFkIIIYQQQgghhBBCCOE1CSoLIYQQQgghhBBCCCGE8JoElYUQQgghhBBCCCGEEEJ4TYLKQgghhBBCCCGEEEIIIbymmXTB9X1dBiHOaKqqoNOqfV0MIYQQQgghhBBCCCF6hO4PN5zHj++92OM7VjWBRKakExfiAw15ZBfUdH5dBZ/wASTEGQjQKzjtZhoqCqmss4GiHL7DwGQy0iMw5++g1CQBuv5GVSFiWCIXz4thSII/fhonDaX1ZH6Xx7f77J2OeVBqPJddFMeQOF98mps5tLeET7+ooMR2hH5xmlNVXxb8ehwXJzXz3XNb+fLQ8eugjhvCc9f78e0T2/m2uv/VWQghhBBCCCGEEEKc2TS/vakXZirrQ0nIGEpcoAOL/SgZh6SQmhKFxlRO6aEiaqx6DClDiAs6PIimqn5EJ0WjM5VQ0eDu+fKKXhc8ejAP3DqANFcdq748wP8+OcROSxDn3TqKK9M7VmFRw2L4+a8GMVStY8UnOXy0ph7/0RncdXUkAWp/fJig4nC4cdrdOPpj8YUQQgghhBBCCCGE6EKX29zzMyFDEjIIU6op3l+IkjiRgC6vqyqERkahNxWSV1KFS1FQ65rQ+o8mMjKccnNdp/R6QwqRvlaMhS1pRf+iEsT5l0Sj37ufv75aRVPrMdycacR45wQuXxDD17nlWBQFw4RYBmtrWfpqHpusClDNAQL52wWxjPGpZoOjb+vSXYpiZ9VLm1jV8lffFkYIIYQQQgghhBBCiB6g642dOhsKyT9UhdWlEH7EFBocTeVU2Orbg8SK0ozNpqLR6VFUFbV1u6oJJzY+BGftPoxWJC7XH8VFMCTMxqa3OwLKKqBR7GzLbuLqBcEkUc4BICrCF0wNVFhoP9Z1FVasSgjR0UApqFoDv/rbMAZu38VDH9S3L52hasO5+bERZOzaxR9at6uqSvDABC6/KI7Bcf74Oa0U7irmk88qKXV0dCY1NZXH74km+92DuKemMilJj6O+ie3Lc/hkq629n3qdbtwQnrs+Cm3b3+ZyXvxDDnu7PBRRVYifMojF86NIDIbavFI+3N3SPp3TeVcPIYQQQgghhBBCCCF6W68ElS11Ro4V/VUUNxZjCRaPbarqh5+fgsts6wgoqxAQm0QYdRSXmY681rI4/YX7EoqVytKWY5o4cyi/vNCAwW1m9Q4Hbr0G39akeq0G3F2Cqm43KgqKtvVvZw3bDjgZPdxAulJPbutmzeBIhgU0s317Q3tfUaIS+NXtAzEUlfLDJ41YQkKZNXcw9war/PW1jiB3C4UhM2PZu7OI9zfqSZ2axOzFQ6kv3s73RrqX7mAxr75ehQJEThzEpYOO3DS6lBR+dVUcupxiPvvWjMMQwYIZgai4OqXrXj2EEEIIIYQQQgghhOg9vRJUPhG6iAEY/GzUFpk6NvrFEhfli6V8Pw0uBVU1kDx2EBRt5lDd0fclTjMaDRrcOOyAzsAFF0Wi2ZfHa1scpM8fhEap69YEdEWBnTvrsI+KZMzAPHLzW2byDh0RTmBTDdtyVdoeaiROiWOgw8irS/LZ4WhZTiPb6sfjV8QzJbyKFfWee9ZTv+0AH652ApB1AAY8NojBg/V8b3R2K51iMrMr2wxA8qBUOEpQOWGUgSh7Na++VsgOZ0v5DunH8VBc53Tdq4cQQgghhBBCCCGEEL1Hc/wkp4BfLMlJoTiNhVRZWuaoqqqG8Ph4AuwVlFU193EBRY+JCCBSb2HLd6XsyDby6XrTYUs9eMOxy8i+Zl9Gjgpp3RLC6GG+mLKryfHYYbTBH2otlGu1+Plp8PPT4Ko006D4YYg8bK9Ulnss2myyYjS78Avs+uzF23THFxaihwYrRo/dlVZYD2uT7tVDCCGEEEIIIYQQQoje0+czlVVtKImDkvA1H+JgaUP70hcQTGCwDkulEYdWT8vKBxoUDl9vVvQjOgUtLhytQVSn031ix7NtCYxhBgYsM1E0MJIRIXZ27WjotEyKTgtKUip/fjK109tV1Y72sN6vonoURlHqePtPG46Qubfpjq+tpJ5toKrqYW3SvXoIIYQQQgghhBBCCNF7+jQcpRJIzMB0wlyVFBRU4DjCIgiB8aMZFt95W8MpKp/oBS4VNxo0resjK4qC4nTTtriEy6WCpsuK3BoNCipuj2WGO5bAMDAmoQDtaANhTdVsz+lY+gLA6QK1ooRXP63G2qkgKnUlvVHB7mkLHnda2VlRDjsTTvd6CCGEEEIIIYQQQoizR58FlVXVh7CB6UT5NFCSU4TF3TWM1ogxbx/1nRboCCVmUJcIs+hfaixUOQIYNjGUjWudDB8bjGospaz15apaG4QEEusPRbaWbWGx/virNoxVnXfVsgRGFMNHR6IM8ceUncuBzjFlqmqskAKNuQ3ktb6gBgcwJEGL6qTP1ZscEOpPlB5KW8uTEOuPgrtTutO9HkIIIYQQQgghhBDi7NErQWVdQDgBPi2BL389oAYREqYCDmz1JppVBf+4DBJDNTSVV+PyDyPIv/XNajNWkxWX4sZubsTusV9V9cHQGwUWvcvlxokevQ9gr+GrL2q565LR/PVcBbe5ge/eKKOudcmK6i2V5MxL55JbBxKQ2Yg1JJSZc0Np2r2XHXY6T+ltXQLj5tHJaKPt7P6089IXACWZ5eTPHMiNt7r4cVsTFr8ARs1MZIxvJf/5mwljL1U5JCmc1NCWskRGaEDrQ8pIA3oAp42cfWasikLp7lqqz0ng8ltSCMky44iMYMJILe4uQeW+qocQQgghhBBCCCGEEF31SlA5MCaNAWGeU4xjSQ6KRVUbKc/eQ7MD/AMC0CgKIfEZhHikVB2VFOwuwNwbBRN9o8ZGA2HEJYJSAOXr9/LoDl8SDFrqyy00ePxIHXXlvL5Ey+UXxrLgijj0tmaKd+Xy4hfVWLoEjNuWwHCMiiLWXMFHXZa+AFCNpbzyMlx+YRznX5WEr7OZyvwyXvuyiIOHzY7vOennDucXoz3PAX8uuKXlkYhaV8I/H8sjH3AWFLLkIx3XzIvjkmugobCCj9c1kn6Z32lRDyGEEEIIIYQQQgghulKGjxyjNppMfV0O0U2GqGhquq4HcZpS1QAufWg80+tyePzlCuqPsHa2EEIIIYQQQgghhDhzJSQOoLTkUF8XQ/QQbXRM7KP25ua
<p blockindex=32>在service()方法中，初始化了一个HttpServerHelper对象，这是Restlet框架下的一个类，它充当了Restlet应用于HTTP服务器之间的桥梁，用来处理HTTP请求并将其转换为Restlet请求</p>
<p blockindex=33><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABvAAAAE+CAYAAABbdVehAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3gc1b34//dsk7RNvctWs+TeG9gYYzoGQhJaSCAkIb1C2jfhJr+Um4QbEm5ucgMkuWkEAgkplNBCB2PcjYssW733vl3bzu+PVVlJLrtCWBg+r+fx81ir0cw5Z86cmZ3PKdripSsUMXI6HLFuKqYpPTOLvp7u2U6GEEIIIYQQQgghhBCnlF8wl7bW5tlOhhBCCBE3m90+20k4Kd1sJ0AIIYQQQgghhBBCCCGEEEIIMU4CeEIIIYQQQgghhBBCCCGEEEK8jRhm8+CJucsoy0ma8vlAw05aBzUAlIKE1Lnk5aZjNmoEAx6cHY10DHhB08b+RuksZBSVkWs3wVAdFQ19pysbQgghhBBCCCGEEEIIIYQQQsyYWQ3gAShfNy1t/YSiPgt6xv+v2YsoKkon1NdGmzOAyZZLZtECCB2kwzmyfJ8xmfzSMtKMXjx+E+bTmgMhhBBCCCGEEEIIIYQQQgghZs6sB/AIenEPDRKMGk0H46PvUtIzMTqbqG/uIqhpqIEhgqaV5KWn0u7oQ9M07PnlpGi9tBxrRCtYKwE8IYQQQgghhBBCCCGEEEIIccaa/QDeSZfhM2Ewavjd7rEAn6YF8XqH0SyJGIEgEBxqpL65G29II/V0JFkIIYQQQgghhBBCCCGEEEKIt8jsB/D0Gjq9Di2sUMf5tU4DpSITbCo1suydAjSN0TF7noEeQDvOXwshhBBCCCGEEEIIIYQQQghxZpn1AJ6WVMD85QUoFSYc9OLqbqSty0lImxiQU7ZCFpWkMVj/BgOzlFYhhBBCCCGEEEIIIYQQQggh3mqzGsDz9dZR7xiZQlNnIMGWQ3ZeObn+Q7QOBidu7GyjtrqToFeRYD39aRVCCCGEEEIIIYQQQgghhBDidJjdEXgBN+7A+I8uhxPNsorsZBsMThxnpxEk4A0iU2UKIYQQQgghhBBCCCGEEEKIdzLdL35xNytWrDjtB1ZKw5BkJTEqhKhpQQL+MDqDMbLgHRBWoGn6iX+sAcddMU8IIYQQQgghhBBCCCGEEEKIM5vuwT//mY999BNTfqGUCVuaHRMKvTmTHJv+OH/+ZuhJLlhEcX7qWLBOKRNGk45QYBg0DfATDChMSRYMY9sYSEpKQAWGCZxk70IIIYQQQgghhBBCCCGEEEKciQyNTY2kpqVO/Y3+HL5y3yV0/DXM2RfPwZycxGVbLpqxA2taEMegk5y8IoryjQx4QpjsuWRaAgx2Oka2AUdfD4HSAgrn6uh1BjDYcsmyBRmsHxgJ8oHBnIrZFPl/khFQVuwpCgjgG3Tgl2k3hRBCCCGEEEIIIYQQQgghxBniFGvgLWal7dt84eb9DJd/csYP7u+uoUErJCejgPxMCPrdDDTV0uEIjwXnwo5GGhsVebk55KcZUH43g821dAyFxraxZM9jboouas85FFpzUMpJR8UR+oIznnQhhBBCCCGEEEIIIYQQQggh3hKnCOA18eq/9uNUGurY3hk/uKYF8XTXUd895RcT/usfbKJxsOmE2ww17OHwiY8yE0kVQgghhBBCCCGEEEIIIYQQ4rTQnfzXXtzO0f+H3+q0CCGEEEIIIYQQQgghhBBCCPGud4oAnhBCCCGEEEIIIYQQQgghhBDidJIAnhBCCCGEEEIIIYQQQgghhBBvI7qM9Azcbvdsp0MIIYQQQgghhBBCCCGEEEIIARi+dOutPPjgn6f8Qgu/yHevfBHQIj9rB09z0oQQQgghhBBCCCGEEEIIIYR49zF84hMfm+00CCGEEEIIIYQQQgghhBBCCCFGyBp4QgghhBBCCCGEEEIIIYQQQryNSABPCCGEEEIIIYQQQgghhBBCiLcRCeAJIYQQQgghhBBCCCGEEEII8TYiATwhhBBCCCGEEEIIIYQQQggh3kYkgBeny3KyeWjdasqtltlOihBCCCGEEEIIIYQQQgghhHgHkgDecRjNGeiN5imfX5aTzZfnlZCVkMCdSxdLEE8IIYQQQgghhBBCCCGEEELMOMNsJ+DtwpK9hNyVt5A895yx4F3A3UNf7dO0vH4XF2Skctu8Up7v7uHi7Exe7+vnzqWLee+O3bOcciHE24Iln6XFOqoON+PXtNlOjRBCCCHEtChLEcsKvdRUduJDnmmEEEJMpRQYTEbw+wnJ918hhBDiTVFKYTDo0WkaYaUIBkNoI/dXCeBpGgVrP0/emk8x2Pgyza/fhc/RhU6nIzGlkIzyrRjNaaQaDdxZXUPP8DAXZ2fy05o6Pu4PzHbqRRyU0jDpwwTCZ/bD5TslHzNNKSM6QwAVOs3Hxc6S936Mmy5ZQWb73/nK4Wb8pzcJQgghhBAzJ2UV13/1PSS37+Zff/gjz9Z5ZjtFQrwrKGXAaAwSDM52SsRservXA0Um6274CO/bWE6WuYmHb/1PnnXMdqqEEEKIM5emQVJiwljADsBkNOAb9kc6zMxi2kjMXUZZTtKUzwcadtI6GEmwUpCQOpe83HTMRo1gwIOzo5GOAW8kdyPbmFLnkj+6jd/NUGcjXQO+sW1OJG/Np8hecRO1L34Hd8+xCb/zOTsZbN2FPjGDv7VVArA82Q5AWCl+09j0ZotATLJw0xbuWNjDd399mAMnOHdl52zmp6utYz+rQCv/dfcBdp7kXCtl5urrNvHhLC9//9srPNB9Zga/ppMPVb6SRy618Jf7tvHw0JmZ71NRqpDcz/2NwrwOWu99D21tpyefSllZecu3+OzGRGr//SvueWY3g1H1sPgDd/Ktc2r42ed+Q8Voe3X2l/j9J9L45//7/3iyR4val455W65hBft47KVagieoz7FuF1v6IXXpVXzo6s0szE9G5+ujYf8z/PUvL9Dsm926UvyBO/n2JTljP6vhHdz9qXvY/yZ7d8ZSfpOPHRwepKtuD0//+S+83v7O7Lgxk/Xq3Wg2yk/al+mT9kWIU2h9nJ/8sJcrPnQ913/tG1jv+gH/rHlz3ZOUggVL5rOeTh6qGCRwnOsjlu8B7yTSTh6/nUy+5HZ+9oEFx/nbEPt+/RHu2XXm1I147qtKZbP1W//JNYV9PHHHN3ik4czJJ4Ba/3l++6m16CflUbm3TXhWAbCWXcIHrr2ARQWpmHx9NB36Nw//5UWaouq91IO3bz1Iv/jjfPzCbI7+6z7+WttKs3u2U/TuYM1bRI6xi4bG3tMy4jGxdAubF3g5+OQOOkdG46vMlVxwVjYtrz5NzaR3S7Gmb6byoZQiIX0+5QuKybAnYsSPo6uao4dqcYRm97oxl13AuQtTxn5WqovDT26jfQY64Z+q/BJLt3De4rSxn8MhP96BNuoq3qDdod708d+uTlYuqUu2ss52lOdfryeoz2fFJWeR07+fZ3c2ENbPZfXWlQT3/otDne/c8jkRpSAps5x58wrJSLVg1IcYdvbSfuwgtZ3uCXGXhPQyyucXk5achCnsw9nTwLGKKoYC0e8dNJIyy5hXXkSaPQmTGsbZ20D1oWMMBKbWV6UUlpLNnL3ERteuf1PRPbHnStbKK1k1x3T8tA9Vsu3lSjyTnzt0aczfvJnCcA27XjmM4wyYTUTTICnBBJqGzWrDYrXgdrlxupwkJZjwDvtnfwSe8nXT0tZP9KCZYFQnT81eRFFROqG+NtqcAUy2XDKLFkDoIB3OyMWlsxdRXJROsKeNNncAQ3Iu2UUL0AUO0nGSh4mk1FLy13yWxld/iLvnGAm2XHJX3IQ1cwGhgBdn50E6Dj5AyO9Bn5RGyNv/1hSCiEvbkcPc0R6pupnzF3NLcSx/FcYfCBEMBc/w0VHvlHzMtDBhvw8V9HE6b7kJKz/IzeekUP/373PXky1v8kHaRPH6y9nKAE++VMuJO1zGul0MCq7kS198H8n1z/HYH+vxZS7nkstu5itWD7f/7w7cs/jyrPPV+/hldQIAaes/xA3LZ2rPsZWf8hzmkd+9QDsaBnsh6y7byi1fs+L71j3sd7/9HwDiN4P16l3p7V5+0r
<p blockindex=34>继续向下执行到关键代码处，将断点下在依赖org.restlet-2.4.0.jar包下的org.restlet.routing.Router#handle()方法下，该方法主要用来处理请求并控制请求的流向</p>
<p blockindex=35>程序会接受request对象作为参数，调用this.getNext()来根据上下文返回下一个处理器，如果不存在next下一个处理器的话会将请求的状态设置为404</p>
<p blockindex=36><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA+MAAAEWCAYAAAANREZTAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3xUVd748c+dSe+9hxR66CAgXRAUAXtBFGy4q6urz7quPro/99H1WfXRlXXdFeyrCGtbFSwgIkpRJIAJNaGEMOm9zSRTMu3+/khIJgnIJKRQvu/XK39k5sxpc+6d+733nHuVYSNGq7ioNxjoTqrqRUhqGgl+RoqOHkVvU9q970300FGEmg5zJF8PioJKAHHD0vCvOcixUpNbaS5k4ZFRVFdW9HU1hBBCCCGEEEK4yaMnM1dV8I0dREKwhobSKhy+IQT4nnizEbPBjENppLamgcjYVJJsxdSZwSc0jjAPI2U1RkBBcSONEEIIIYQQQghxrujRYBzA188PjaIQFDeIIJfXVVs5ugM6jIC1Ioc8TTIx4YnEa8FurqfieB5VFlCa42x30gghhBBCCCGEEOcCpaenqYueJ9PUhRBCCCGEEOLcounrCgghhBBCCCGEEBcaCcaFEEIIIYQQQoheJsG4EEIIIYQQQgjRyyQYF0IIIYQQQgghepkE40IIIYQQQgghRC+TYFwIIYQQQgghhOhlEowLIYQQQgghhBC9TIJxIYQQQgghhBCil0kwLoQQQgghhBBC9DIJxoUQQgghhBBCiF4mwfhJXBETzQcTxjEowL+vqyKEEEIIIYQQ4jx0wQbjnn4RaD39Orx+RUw0vx+QSpS3Ny+MGCYBuRBCCCGEEEKIbufR1xXoTf7Rw4kds5TgflNbAnGbsZLqY19T+NMyLo0I5aEB/dlUUcll0ZH8VF3DCyOGcc2OXX1ccyHEOcU/nhEpGo4cKMCqKH1dGyGEOK+o/smMTDKTk12GhZ7Zx6oqeHh5gtWKQ/bjQogecmEE44pCwvjfEnfRPdTlbaHgp2VYDOVoNBp8QpKIGDQPT78wQj09eOFoDpWNjVwWHcmLObncbbX1de1FH1JVBS+tE5vz3P4hPl/acbZTCWL4NXex5PLRRJZ8wsMHCrD2daWEEOJ8EzKWhX+4iuCSXXz5zrtszDV1W9YqkUxYdAfXThlElF8+H//uf9lo6LbshRCiDWXYiNGq6wv1hu7d46gqeIX2Iz42HD9PBbvViL4sj/JaCzSfaQxOGU+/kI4z5uvzd5FXo3Z4Hf8kBg0Mw3h8L8WGk7zfTtz4e4kdcxe6bc9jrDzcMYECGlTMVdkAjAoO4m8jh3PpDz91rrF9JDwyiurKir6uRp8ZOm0mzw2t5KnXD7D3FGevB06dwYvjAlr+V21F/N/yvaT/wtluVfXj+pumcVuUmU/+s5XVFedmINuVdqiDxrBmrj8frvyBj/Wda7f/ld8wfHQ6h57+Hwx9fDVBHfU3Ji7qR+EL11Nao+C3YD0jpyW2vm/9miNPPEJdN9RTVQMYs/R/uG+KD8e+eZ8PN+yiwOBseT/l5hf40+UxLf/bG+soz93N1//+kJ9Kzs+TfqqqYcDMGxhNBp9vPoZdri51Sl/034U4TsW5R1U9CBkwmQW3LmRWXDXrlv2Fz3K659Rn2GWP89zCaA59+QmbjxVRcEhHrUP2XUKIntHjV8Y1QcmkJIdjryym2GjDIziW6OQhaGz7KDU2pWkoO4quuuUTeIYmEhcCJkvHQFtVfYhOjMLDkEeZ3tkS0J+Kb2h/4i+6j7xtz2CsPIx3YCyxo5cQEDkEh81Mfdk+SvetxmE1ofUNw2Gu6d4OEGeF4qwDPFfSNNwjBw9jaYo7n3JitTmwO+zn+NXN86UdZ65x19McPt50UsZ71KMkp3Vf3t5jbuH2qSEc/+Rplq0rPOm0RtV0gDVvf0cJCh5BSUy4Yh5LHwnA8sQKMo3n48GeFykT5zOPWtZtPoa9r6tzzumb/rvwxqk41yiKHX3uNlY/V0jjE08w767r2fP4++i6Ycp6TFwsHnW7+HLND+QqCvTQNHghhIAeDsZVFYIjIvE05JFbVIFDUVBrG9D6jiIiIpRSYy0ADrOeBnPTZxT/fvQP0VJfkEW5UUVpd0DrGZ5MhLeZyrwKt9bwRI+6lYayvRjKDuLlH8nAy56jvnQv+dv/jsbTh5jhNzJg1lMc3fg4Hr7ROCz6bu+HzvL08sJmPXXYpNVqAXA4HL1VpbOfqvJLcyRMtTWkNw03kqMGgxvBuKJY+GrtJr5q+u/M69hHzpd2dAdHRTp1zZNIfBPv77Z8VdWPyZdOIKjyO/6x/uSBeFMFqjmekUG2ogAZ7NJpeebJeVw66d9kbpJ5kOIsIeNUnCMUm461/9nO5N9PZ/bY//Bm5pmfsrJYLODti0831E8IIU6nh6+Ma7A1lFJmqWs5OFWURiwWFY2HJ4qqoroetHpHkZQShbPsEAU1jR0CcVUTSkxcEPaaQ1SacSuuCEqYROWhtQBED7uBRkMx+TtebjpTAJiqjjJkwT8I6TeV2rytaLwC4BfDup4VFR3DxElT2bF9K1WVlR3e9/HxZdqMmRQXFZGdtb8PanjmTkwrf3mTnTnTExngp1JVVsL73x3iR31r34+eNYunkst4/O0sDjWPBTV1FB8vCOHL97ewusplAKgQ1H8of5nWj0H+DqpKS1j9/SF+6sK5laYp2rFoT5RpKeDp1/aTeZIAKygmkdsnpzAmyhd/1UpxSTEfb8shXd+5MaRqovnjPeMYcnQnt2+qapnxoWoiefhX4xlxbCd3Nr+uqhCakMLSKf0YEe6Dl9WCLl/Huz/kk9PYWkd326GqCsnD0vjNhDhS/KCy+Dhv5P7yyQ13eI96gmHzFuDn10hjwTcUfPZX6mpaD5RU1Q//ix8hacp0/EJDUKyVmHM/p/CrV3FdLXNi2vvxz61E/WJ+3viNf5zUSy/FLwAaj39AXpaTrlJV8Ey5nX5X3ERIbAxaWykNB1eS99XHmG3tx8IABqR6Upu+p1NXZtS84xTaNKRGxgCGlnKDB81l4Y2zGJoQho+9Bl3Gej74cDNFrt+v6kXizCXcNm8sCUFQk/Md7++J46HF0Xzx2BN82bwcIe32l3l4ZAbP/X4lx06MhbH38OpvU9n05KN8Vqh0stwA0hbczg0z04gLDUBrM1Cpy2Dd6vf4qbipv9URd/HPh2YQ0DLWlrDi3SXNn3eQ8fodrNjZuRND6sBbWfb4xex/ayWOGYuYnByItVZHxtp3+GBHactvjPRf9zuzcXr69gIMWLSMxydl8da7ZmbcPJ2kIDu1ut2seed9dle4bucQnLaARddPZ3BcKF6WWgoPfsvHH21E53LV/kR+/1plZ8bCyST6W6k+vpM1Kz8go8LZ6fq52163+7Tbx/OF28+2g5kcMs+g/6AkyMzt9HfRnr6+AXwDCdYCXf8JEUIIt/RoMK4oTkyVRbjeVkNVffDxUXAYLW0CcVX1IqJfEgEaMzWqNz7aBixO18+BX0wiIdRSWGI47fT0E7wCorEZqwDwC0tBX7S7JRAHsFnqMNXk4heWQm3eVhSNF9B4Js0+IxXlZeTrjjNpyowOAfmJQLyx0crRI9l9VsduoYQzf2Q1P+08wCbvEOaMT+V3VzSi++AYxV1ZF6lEcNWoanbs2s/3zfk9PLeRvA9zKelsfkXH+L+vitEAMUOHc0fCyZOpQYk8eu0IkmvyWbOtmmpNIFPGDeCRqz148t9ZHOzMGjNHOT/m25mYEsMIqjjQ/LKmXwxjvRv56Wh1y5hXQlP44zVDiCjN47PNtZj8wrj8ouH82d/J/WsLqT3RXjfb4REzmMcu7YdnwXHeS9djC4zi+pHBqJzBzAvNeKIvzqT622epCLiI6JmLGHRLNfv/+TqWE+0Y+RRDr52Aafs75OWXofokEzb1bgbfambfinfa3oXcnfySHmTQ9VejyVlFwcajOMOmEzspDejijX3Cb2fw0ofwKvyI4rUHsQeOJeaSP5EWYGHfe1+0Xb/rGUKQL9RWdzyB9otCogj3BEN96/IYJXou9z+8kEjdJr5efRxTyGAumXcnjwRZ+dM/tresw/cYeD33L5mC9sB6PllThC1yNJfN7EdX91/ulu
<p blockindex=37>访问接口<a href=http://127.0.0.1:8080/openam/oauth2/realms/root/authorize>http://127.0.0.1:8080/openam/oauth2/realms/root/authorize</a>，观察next的值</p>
<p blockindex=38><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABrUAAACpCAYAAACF8rYKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3RbVbr4/e+RLNty791x4vTeC+kJCYHQhhpKQhlg4DcM3Ol3mJd7p8NlZrjcmYHQGUJoAwyhhZqQQiDVaS5JHDt24iq5yraKrbLfP+QilxDZ2IkDz2etrCxJ55z97KOtY2k/Z++tDcnIVIjzRmx8AjVV5nMdhhBCCCGEEEIIIYQQZ5SaNoSy0lPnOgwhhBDnifCIiK99XXeW4hDfEbHxCec6BCGEEEIIIYQQQgghhBBCfAtJUksIIYQQQgghhBBCCCGEEEIMepLUEkIIIYQQQgghhBBCCCGEEIOeJLWEEEIIIYQQQgghhBBCCCHEoCdJLSGEEEIIIYQQQgghhBBCCDHoSVJLCCGEEEIIIYQQQgghhBBCDHqS1BJCfLeEpjJxQjqBSp3rSIToFRU6lInjEglG2q4QQgghhBBCCCGE+G4KONcBCCHE2aCIYML3vs+aFVOIL3+Ln2WfouVcByVEb0RNY9XPryCyfA/v//NFPi20neuIhBBCCCGEEEIIIYQ4q/o1qaUUBEYPITU5lhCDhqvFiqWyGFOdAzQNgMhhMxkS1X2AWOPJPRTXeu8+D06exMgkY7dt6op2UVqv9WfIQnynjLjxUR64IJdH73uePO3cfpbU7B/x3N2JvPerB3nfrDHshj/zXyuSOl5v3skTd69lfz/EqVQYU+94kB/OC6bgk6dY+/Ee6s9x/c81pXSMWHItU8ji3S0FuL7j5+O8UPoef/lTNZfdvIpVv/gVYY/+kbePS2pWCCGEEEIIIYQQQnx39GtSSxcxlGFDY3FVlVFmdRIQmUzi0DHonIeosHq3aarMp6imfQ8M0emkRIHN0Xk6JeUwU1JWi9vnOZfclC7Et1bl9nU8nh8EQMzsm7lxcv8dO2jqTdw6P4oTb/2eRzeW4JYEDhDIsNmXspI6Nm4pwHWuwxFnpGkuLIXbefnhEpoffJCV37+GAw+8ShHSnoUQQgghhBBCCCHEd0O/ramlFETExWNoOMXJ0gos9TVUFx+n2hFEdFx0+3Zuu4WmBu8/qzuc2Cg9jaeOYrJ2WSPEZcdqqW/ftqnBgsMlHXdCfFvZy3PZv38/+/fv56ipud+Oq1QIcy+cRUTVFv71oSS0xPlPcxbxzptf0pC4kGXTDOc6HCGEEEIIIYQQQgghzpp+HKmlw9lUQaWjvr3TWNOacTgUugADmlIo387koAQyhiXgqTzCqdpmtG4dzf2WbxPitJQyMHnGeG6dFE96mAG9uxlTRSX/3pbL5tqO7aYsXcpvh1bywPO5HGltqypzMm9cFsX7r27l5Wrvc2MXLOHhsVX8bZOL5QvTGRGiqK4s59XNR9hhUT7lKqJThnL7vKFMjjdidNs5XlDI89tLKPJJ3qrksbxwXSr7P83GNWEcixIMOJvq2bkrh+eOWfs8ZVz0rFv59aq5pIe2UHNiNxvWvUaW2eMTXyDDLryJa5dOJSM+FL2jnvJjO9jw2jvk1nUcp206wxfWu1j0tcczkLZwDbdcPp30CKjN/4xX9iu6pLL9phREjrqYVdctZWxaDMGuWoqyPuS117dQ2tz1nIxgRKaBul0HTjuiRY28mUcfmMPh59bhXnQjc4eG01JXRNY7/+S1nRXt1zR/y1UqkPQla7hl5TTSIqD2+GZePZDCT1Z3TLcIMO7Wv/GzSVk8/NN1FLSVMe1unvxRJpt+80veLultuWGMu+xWrl0yjpToMPTOBqqKstj48kt8VeZ9P9TE7/OPnywirL3trGHti2ta93eT9fRtrN09MIm//j/PZ64vdLTT5160s+iGhWREuKgr2suGf77KXrPL53gQOe4ybrxmIaNTogl01FGS8xlv/OtTiqxat+Odud37F1/v2rOXM2c/R+yLGD4qA/YX9rhNxKy7+a87ZhFSvZW1v32JXKckdIUQQgghhBBCCCHE+a3fMkea5sFWVUpNo7P9OaWCCQ7WcLc4OiW0lAokdkgGYToHDhVEsL6HA+o1dHqdTKokBlTQiHH8al4C7qJjrP1wH49+foKC0DTuvXwMI1UfUy5aLJdOCmDf7mye+qoUS+xQfnxJJqk+x9OihvKrq8Yx0W3m7S2HeWZfNUEjJ/H7i1OJ6lauxsTJ6WgnjvHM58f40hbOxcuncEVUHyutG8PSJUEcemcdL79/EOfQi/jBPZeS5FNu4Mw7+NnqaehyP+L155/mxQ3bqE5Zyb33XEJC1/j8OF7A8Gu497b5xFRu49/r1vNJQRIrl2bgoW+0xIu592erGOs+xEcvP88rH+cROPN2fvGDeUR0jc8QRYQR6mqqznBUPeOWLUY7uIH16/7NXksKS+64B59lvvwuN2DkNdy7Zh5R5Vt4a916PjmewEVLhvSxtv6XGzhzNT+8ZgLug++y7sm/8fRLH1McPo/v37+KYW3bnfycF59ey1NPPcv2UoUq3crzTz3BU089wdNPP8knx/scpp/67zz7Vd82ujFcuDSEQ++uY/2GnTQkL+XO/9e5nWrJl3LfT65ltNNb7mubcgiYupqf3r2EyD60e3/j61V7bqOqqauHiKjonl8HgqNjCTcEEBwVS3jg17wlQgghhBBCCCGEEEKcJ/p1Ta1uB48ZQmywg9qTDV1eUbis9TS4AwhLHEF0bATFx4qwejpSWJoxjdGT01DKg8dlp8lcTJmpUaYOE/0qLSGSkJZK3thykn2tbWtPRT17EzWa9NCnrEtQM198ms27Ng2oZLc7nPVLEpgVVsCG1rXlMsdnMMZdziPv5bHTrQHl7G0x8sLSDJaElbVv52Wg5tghnjroTRhvOQnD7xrP1AwDbx/uw0pIRit7n32Gj+s0YCfH9UN4+KrJTIh8j8rWj6orez0P/thFU0ML+uBAdGSTq43kb6snMT7kQ8z23h0vfcY0Eh1ZrP37v8hyacAuigwP8bu03ocPkLFwMSNce3nif19mv9Nb7iFbHH9ds4y5sV/ysc8oOwIM6AG323mao7UJoW7XM7z8qTfonbkw9LGbGDchjA9N1l6Vmz5tKgmOvTzx+Jvs96nvxNSBrW9yRgYh9oN8sP4TDre254OFhRwaqsNqAFygNRSzf3cxSgUTsfhOoISsXbtwtF9bB/oa23/n2Z/6tjM2sOfZ5/jU4n0/DjpT+fvqKUyNeYePWkcfZixYSGbLHp9yd3HAlsBjtyxibsyW9u28xztzu/c3vl6153YtuNyg1/V0V4iX6eM/8/MDcQQ1maixyd9OIYQQQgghhBBCCHH+G7ikVnASGemRuKqOYbYp8ElGaZoTS/lxLABBSWSOSSchtoyiKm+ns6O6kBMNrYPIdAEEhSeRmDKK5JbDlNb3oRNfiNMor7JgC0zkxotGkVxqoazeRpG5li8sGn3u3Hc0UWzt2L2p3oaVRGLDgdZkVUpUCNSXcUqnx9ja1J21TdSQSlJUx3atr1Be29JxQJuNCoebtOAgOvfa+8leTkltx+FM5ZU4GUp4ONDaGe/R4pl98/e5dFo64QEdAzqVOklYOGDv3fGio8KhoRqTs2O70vIKFAm9jx9ITIiDql2U643tIz1d5WXUa3OJTwR6TAKciZXKcktHgPUmzNZmksI63hB/y42OCgdLDeazXN/Kk6ewGSdz5Z1Xk3CslEpTBSXFR9hj+gbtud/133nuVX1tFZTWdzxtNVVhZTKRsUBrsioxPhZqdlLq83GzlpRhYS5xSR3bAX61e3/jG5j2DJrmoslcSVPfdhdCCCGEEEIIIYQQYtAZkKSW0keSNjydIOspCsosndfS6rqtoxqLdQiJISHgTXOB04rVZ1BFU0MjWug0EiPDob6ux+MI0Rf247k88qXi2lEpXDtiBFGBOjxOGwd2ZfFQlqXPa1Z13UvRKa+LQaehJY1h7Q/HdN5OtaDv9qlU+M5ApmlV/N8zn/QpLgA87s5rWSmFBw1N1/ZQx4QbfsyqqQ52/ftxdp6yewesjb6cn1we2uvjeWPWoMs0as
<p blockindex=39><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABrYAAACpCAYAAABuxQ0JAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3gc1dn4/e9skbS76mVX1XLv3QaDjW1sTDMtBIIh9BLgIeWX/iR5SU9ISOBJxfQEMCUQwPRqMB03uVtukiVZddXbFmnLef9YlVWxNStLlg3357q4LrQ+O6fMfc7szJk5o02bMVvRS0tzc++PxAkuJc1OXU31SBdDCCGEEEIIIYQQQogBZWWPorzs8EgXQwghxEkiLj6+6/8NI1gOIYQQQgghhBBCCCGEEEIIIXSTiS0hhBBCCCGEEEIIIYQQQghxUpCJLXFcpKTZR7oIQgghhBBCCCGEEEIIIYQ4ycnElhBCCCGEEEIIIYQQQgghhDgpyMSWEEIIIYQQQgghhBBCCCGEOCnIxJYQQgghhBBCCCGEEEIIIYQ4KcjElhBCCCGEEEIIIYQQQgghhDgpyMSWEEIIIYQQQgghhBBCCCGEOCnIxJYQQgDYspgxPYcopUa6JEJERNlGM2OqgxgkdoUQQgghhBBCCCHEF59ppAsghBAjSRHP9K/cxLXnziat4nl+sOsw7SNdKCEikTiXVT+8mISKTbz678d4p9A90iUSQgghhBBCCCGEEGLYHJeJLaUgKmkUWRkpWM0a/nYXTVXFOBu8oGkAJIw5hVGJfR8gaynZRHF96C70mIyZTEi39EnTULSBskZteCshxBfY+Kvu5aen7+Hebz9KvjayfUkt+BaP3ObglZ/cyavVGmOu/BM/Pze9+9/bPue+21azdQjKqVQsc26+kzsWxVDw9gOsfmsTjSNc/5GmlIHxyy5nNnm8vL4A/5e8PU4KZa/w59/XcuHVq1j1o58Qe+/vePGgTM8KIYQQQgghhBBCiC+m4zKxZYgfzZjRKfhryil3+TAlZOAYPRmDbweVrlCa1qoDFNV1fQNzUg6ZieD29lxaSXmrKS2vJxD2mV9uThfiC6vqo8f554FoAJIXXM1Vs4Zu29Fzvs71ZyRy6PnfcO/rpQRkEgeIYsyCC1hJA6+vL8A/0sURA9I0P02FH/HkH0ppu/NOVt50Gdt++jRFSDwLIYQQQgghhBBCiC+eYX/HllIQn5qGufkwJWWVNDXWUVt8kFpvNEmpSV3pAp4mWptD/7kCcaQkGmk5vA+nq9c7Q/weXE2NXWlbm5vw+uXinRBfVJ6KPWzdupWtW7eyz9k2ZNtVysrCs04lvmY9z74hk1ri5Kf5injpv5/S7FjCirnmkS6OEEIIIYQQQgghhBDDwmQyGoc5CwO+1kqqvI1dF441rQ2vV2EwmdGUQoVfUI62kzvGTrBqL4fr29D6XGwe9rk4IVDKzKz507h+Zho5sWaMgTaclVW88OEe3qvvTjd7+XJ+NbqKnz66h70dsarGzuK5CxN59ekPeLI29NmUxcv4w5Qa/rbOz9lLchhvVdRWVfD0e3v5pEmF5atIyhzNjYtGMyvNgiXg4WBBIY9+VEpR2ASuypjCv76WxdZ3duGfPpWldjO+1kY+37CbR/a7Br18XNKp1/OzVQvJsbVTd2gjax9/hrzqYFj5ohhz1te5fPkcctNsGL2NVOz/hLXPvMSehu7tdC5t+K81fpYedXtmspdcy3UXzSMnHuoPvMtTWxW9prN1UwoSJp7Hqq8tZ0p2MjH+eory3uCZ/6ynrK13m4xn/FgzDRu2HfHJFjXhau796WnsfORxAkuvYuHoONobish76d8883ll15imN1+loshZdi3XrZxLdjzUH3yPp7dl8r1rupdeBJh6/d/4wcw8/vD9xynozGPubdz/rbGs++WPebE00nxjmXrh9Vy+bCqZSbEYfc3UFOXx+pNP8Fl5aH+oGTfxj+8tJbYrdq5l9WPXdnw/QN6DN7B64/BM/g19Ow9cX+iO00ce87D0yiXkxvtpKNrM2n8/zeZqf9j2IGHqhVx12RImZSYR5W2gdPe7PPfsOxS5tD7bGzju9ZUvsngO8e3eyl7PUsZNzIWthf2miT/1Nn5+86lYaz9g9a+eYI9PJnWFEEIIIYQQQgghxMnDMGrUKML/G2qaFsRdU0Zdi6/rM6ViiInRCLR7e0xqKRVFyqhcYg1evCqamP7m3IwaBqNBFlgSwyp6/FR+sshOoGg/q9/Ywr3vH6LAls03L5rMBDXIaRcthQtmmtiycRcPfFZGU8povnv+WLLCtqcljuYnl05lRqCaF9fv5KEttURPmMlvzssisU++GjNm5aAd2s9D7+/nU3cc5509m4sTB1lpw2SWL4tmx0uP8+Sr2/GNPodbb7+A9LB8o065mR9cMxfDnjf5z6MP8tjaD6nNXMk3bz8fe+/y6dieadxlfPOGM0iu+pAXHl/D2wXprFyeS5DB0Rzn8c0frGJKYAdvPvkoT72VT9QpN/KjWxcR37t85kTiLdBQVzPAVo1MXXEm2va1rHn8BTY3ZbLs5tsJe+2X7nxNEy7jm9cuIrFiPc8/voa3D9o5Z9ngx129+Uadcg13XDadwPaXefz+v/HgE29RHLeIm76zijGd6Ure57EHV/PAAw/zUZlClX3Aow/cxwMP3MeDD97P2wcHXUydhq6dddW3k2EyZy23suPlx1mz9nOaM5Zzy//0jFMt4wK+/b3LmeQL5fvMut2Y5lzD929bRsIg4l5v+SKK506qloZGiE9M6v/fgZikFOLMJmISU4iLOsouEUIIIYQQQgghhBDiBHRc3rHVJ9PkUaTEeKkvae71Lwq/q5HmgIlYx3iSUuIp3l+EK9g9jaVZspk0KxulggT9Hlqriyl3tsgyYmJIZdsTsLZX8dz6ErZ0xNamykY2OzRajTComZfoNj5+ZxcvuzWgio2BONYss3NqbAFrO941N3ZaLpMDFdz9Sj6fBzSggs3tFv61PJdlseVd6ULM1O3fwQPbQ5PG60tg3DemMSfXzIs7B/FmJIuLzQ8/xFsNGvA5B42j+MOls5ie8ApVHV3Vv2sNd37XT2tzO8aYKAzsYo82gb9dM5Np1jeo9kS2vZz5c3F481j992fJ82vABorMd/Hr7MiLD5C75EzG+zdz3/89yVZfKN8d7lTuuXYFC1M+5a2wp+0wmTECgYDvCFvrZKVhw0M8+U6o0J/vgdF/+TpTp8fyhtMVUb45c+dg927mvn/+l61h9Z2RNbz1zcjNxerZzmtr3mZnRzxvLyxkx2gDLjPgB625mK0bi1EqhvgzbwFKyduwAW/X2DrcY+zQtbOe+naxNLPp4Ud4pym0P7b7svj7NbOZk/wSb3Y8hZi7eAlj2zeF5buBbW47f7luKQuT13elC21v4LjXW76I4rlLO/4AGA1Hfhrb+daf+OG2VKJbndS55dgphBBCCCGEEEIIIU4ux39iKyad3JwE/DX7qXYrCJuQ0jQfTRUHaQKITmfs5BzsKeUU1YQuPHtrCznU3LEUocFEdFw6jsyJZLTvpKxxEBfyhTiCipom3FEOrjpnIhllTZQ3uimqrufjJo1BX+D3tlLs6v56a6MbFw5S4oCOCavMRCs0lnPYYMTSEeq++lbqyCI9sTtdx79QUd/evUG3m0pvgOyYaHpeudfJU0FpfffmnBVV+BhNXBzQcUE+qKWx4OqbuGBuDnGm7mVBlSohNg7wRLa9pMQ4aK7F6etOV1ZRicIeefkBhz0VajZQYbR0PfHpryinUVtImgPodyJgIC6qKpq6C9jopNrVRnps9w7Rm29SYhw01VF9nOtbVXIYt2UWl9zyVez7y6hyVlJavJdNzmOI5yE3dO0cUX3dlZQ1dn/sctbgYhYJKUDHhJUjLQXqPqcsrLu5SstpYiGp6d3pAF1xr7d8wxPPoGl+WquraB3c14UQQgghhBBCCCGEGFHHdWJLGRPIHpdDtOswBeVNPd+t1Tutt5Ym1ygcViuEprrA58IV9nBFa3MLmm0ujoQ4aGzodztCDIbn4B7u/lRx+cRMLh8/nsQoA0Gfm20b8rgrr2nQ77Dq/S1Fj7ldzAYNLX0yq++Y3DOdasfYp7cqwlcj07Qa/vr
<p blockindex=40><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABrEAAACpCAYAAACMGRZwAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3Rcxd3w8e/dImlXva26Zcu9dwzG4ILBxrRQgmmmEwgkeULaS/KQ8iSBNAgpYHq1gVBNM2AwmO4qV1kukizJqqvetkhb5v1jVVbFeFdIlkx+n3M4B61n752ZOzP37rSrTZ46Q9GuuakJcXKJT7RQW1011NEQQgghhBBCCCGEEOK40tJHUFZ6dKijIYQQ4iShG+oICCGEEEIIIYQQQgghhBBCCNGTDGIJIYQQQgghhBBCCCGEEEKIYUcGscSgik+0DHUUhBBCCCGEEEIIIYQQQghxEpJBLCGEEEIIIYQQQgghhBBCCDHsyCCWEEIIIYQQQgghhBBCCCGEGHZkEEsIIYQQQgghhBBCCCGEEEIMOzKIJYQQQgghhBBCCCGEEEIIIYYdGcQSQgghhBBCCCGEEEIIIYQQw44MYgkh/ruFpzF1SgYhSg11TIQIigofydRJSYQhZVcIIYQQQgghhBBCfDsZhjoCQggxFBRRTPnOjaxaNoPE8lf56b6jtA11pIQIRswsVv7sQqLLt/H208/wQYF9qGMkhBBCCCGEEEIIIcSAGtRBLKUgJHYEaSnxmI0a7jYbjZVFWOudoGkARI+ay4iY3gvCmou3UVTnm10eljKNscmmXmHqC7dQ2qANZhKE+FYbc+X9/PK0/dz/wyfJ1Ya2Lql5P+CJW5N46667ebtKY9QVf+XXy5K7/r11Mw/dupqdAxBPpSKYedPd3H56GPkbHmH1+9toGOL0DzWldIxZfBkzyObNTfm4/8vz46RQ+hZ/u6eG869eycqf30XE/X/k9TwZihVCCCGEEEIIIYQQ3x6DOoilixrJqJHxuKvLKLO5MESnkDRyAjrXHipsvjAtlYcprO38BsbYDFJjwO7svj2SclZRUlaHx+8zt0w6F+Jbq/KzZ3nwcCgAcfOu5srpA3fs0JlXcd2CGI68+nvuX1+CRwZsgBBGzTuPFdSzflM+7qGOjjguTXPTWPAZa/9UQuvdd7PixkvZ9csXKETKsxBCCCGEEEIIIYT4dhi0d2IpBVEJiRibjlJcWkFjQy01RXnUOEOJTYjtDOdxNNLS5PvP5okkPkZP89GDWG093vHhdmBrbOgM29LUiNMtHXVCfFs5yvezc+dOdu7cyUFr64AdVykz8886hajqTbz0rgxgiZOf5irkjVe+pCnpTJbOMg51dIQQQgghhBBCCCGEGDAGg14/SIfW4WqpoNLZ0NlJrGmtOJ0KncGIphTKv/M41ELmKAveygMcrWtF69WxPGjjbUJ0UsrI9DmTuW5aIhkRRvSeVqwVlbz26X4+qusKN2PJEn43spJfPrmfA+1lVWVN5+XzY3j7hU9YW+P7bOIZi/nTxGr+udHN2WdmMMasqKks54WPDvBFo/I7ryI2dSQ3nD6S6YkmTB4HefkFPPlZCYV+g7UqZSJPfTeNnR/swz1lEgstRlwtDWzeksMTh2z93gIu9pTr+NXK+WSEt1F7ZCvrnn2R7CqvX/xCGHXWVVy2ZCaZieHonQ2UH/qCdS++wf76ruN0bE/41Bo3C7/2eEbSz1zFtRfMJiMK6g5/yPM7FT2GrgOmFESPW87K7y5hYnocYe46CrPf5cX/bKK0tWeejGFMlpH6LbuOuWJFjb2a+395KnufeBbPwiuZPzKStvpCst94mhc3V3S2aYGeV6kQMhav4toVs0iPgrq8j3hhVyp3XtO1fSLApOv+yU+nZfOnnzxLfsc5Zt3Kwz/IYuNvf8HrJcGeN4JJ51/HZYsnkRobgd7VRHVhNuvXPsdXZb7roabeyL/vXEhEZ9lZxepnVrV/30P2o9ezeuvgDPQNfD4fP73QVU6feMbBwivOJDPKTX3hdtY9/QLbq9x+x4PoSedz5aVnMj41lhBnPSU5H/LySx9QaNN6He/45T6w+AVXnn1cOTs54FjI6HGZsLOgzzBRp9zKr286BXPNJ6z+3XPsd8kArhBCCCGEEEIIIYQY3nQjRoxgxIgRA35gTfNiry6lttnV+ZlSYYSFaXjanN0GsJQKIX5EJhE6J04VSlhf42p6DZ1eJ5skiUEVOmYSd51uwVN4iNXv7uD+j4+QH57OHRdMYKzq5xCLFs950wzs2LqPR74qpTF+JD8+N4s0v+NpMSO56+JJTPVU8fqmvTy2o4bQsdP4/fI0YnqdV2Pq9Ay0I4d47ONDfGmPZPnZM7gwpp+J1k1gyeJQ9rzxLGvf3o1r5Dl877bzSPY7b8jcm/jpNbPQ7X+P/zz5KM+s+5Sa1BXccdu5WHrGL4DjGUZfyh3XLyCu8lNee3YNG/KTWbEkEy/9oyUt546frmSiZw/vrX2S59/PJWTuDfz8e6cT1TN+xhiiTFBfW32co+qZtHQR2u51rHn2NbY3prL4ptvwe01XwOc1jL2UO1adTkz5Jl59dg0b8iycs7j/7W6g5w2Zew23XzoFz+43efbhf/Loc+9TFHk6N/5oJaM6whV/zDOPruaRRx7ns1KFKv2EJx95iEceeYhHH32YDXn9jmaABi6fA0pvB90EzlpiZs+bz7Jm3WaaUpZw8/e7l1Mt5Tx+eOdljHf5zvvixhwMM6/hJ7cuJrof5T7Q+AVVnjuoGuobIComtu9/B8Ji44k0GgiLiScy5GsuiRBCCCGEEEIIIYQQw8SgvhOr18niRhAf5qSuuKnHvyjctgaaPAYiksYQGx9F0aFCbN6uISvNlM746eko5cXrdtBSVUSZtVm2AhMDKt0Sjbmtkpc3FbOjvWxtq2hge5JGix76NcoS2srnH+zjTbsGVLLVE8maxRZOichnXfu74bImZzLBU85f3spls0cDytneZuKpJZksjijrDOdjpPbQHh7Z7Rsg3lQMo2+ZzMxMI6/v7cebjEw2tj/+GO/Xa8Bm8vQj+NPF05kS/RaV7VXVvW8Nd//YTUtTG/qwEHTsY782ln9eM43J5nepcgR3vIw5s0hyZrP6Xy+R7daALRQa7+X/0oOPPkDmmYsY497OQ39fy06X77x77Anct2op8+O/5H2/VXQYjOgBj8d1jKN1MFO/5THWfuCL9Ob9MPKBq5g0JYJ3rbagzpsxayYW53YeevAVdvqld2ra4KY3JTMTs2M376zZwN728ry7oIA9I3XYjIAbtKYidm4tQqkwohbdDJSQvWULzs62dbDb2IHL50DS28nUxLbHn+CDRt/12O1K41/XzGBm3Bu81766MPOMM8lq2+Z33i3sslt44NqFzI/b1BnOd7zjl/tA4xdUee7UhtsDet2xV1db3/8rP9uVQGiLlVq73DuFEEIIIYQQQgghxPB34gaxwpLJzIjGXX2IKrsCv8EnTXPRWJ5HI0BoMlkTMrDEl1FY7etkdtYUcKSpfTtBnYHQyGSSUseR0raX0oZ+dNoLcQzl1Y3YQ5K48pxxpJQ2UtZgp7Cqjs8bNfrdme9socjW9fWWBjs2koiPBNoHp1JjzNBQxlGdHlN7UXfVtVBLGskxXeHa/4XyurauA9rtVDg9pIeF0r2XPkCOckrqug5nLa/ExUgiI4H2znevlsi8q2/kvFkZRBq6tvZUqpiISMAR3PFiYyKhqQarqytcaXkFCkvw8QeSLAlQvYVyvalzJae7vIwGbT6JSUCfnf7HY6OyvLErgg1WqmytJEd0XZBAzxsbEwmNtVSd4PRWFh/FbprORTdfguVQKZXWCkqKDrDN+g3K84AbuHwOKr32Ckobuj62WauxMZ3oeKB9cCopMR5qN1PqV91sJWU0Mp+E5K5wQEDlPtD4DU55Bk1z01JVSUv/vi6EEEIIIYQQQgghxAl3QgaxlD6a9NEZhNqOkl/W2P1dWD3DOmtotI0gyWwG37AWuGzY/BZNtDQ1o4XPIik6Ehrq+zyOEP3hyNvPX75UXDYulcvGjCEmRIfXZWfXlmzuzW7s9zunen5L0W0cF6NOQ0uewOrbJ3QPp9rQ96qlCv8dxTStmn88tqFf8QLA6+
<p blockindex=41><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABrUAAAClCAYAAADyMHZxAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3xUdb74/9eZkmQmk0aSmVRC7x0UBQFBsIBlLSsW7O7q1d39rlvude/PvVvurtv0ug3sawF7wV5R7NRQQ6ghgdRJbzOZZMrn98ekTArmTExIcN/Px8PHwwyfOZ9yPudzznza0SZPnaFo1VBfjzi1JCbbqaooH+xkCCGEEEIIIYQQQgjRq/SM4RQXHR/sZAghhDhFxMTGdvrbMEjpEP8mEpPtg50EIYQQQgghhBBCCCGEEEJ8C8iglhBCCCGEEEIIIYQQQgghhBjyZFBLCCGEEEIIIYQQQgghhBBCDHkyqCWEEEIIIYQQQgghhBBCCCGGPBnUEkIIIYQQQgghhBBCCCGEEEOeDGoJIYQQQgghhBBCCCGEEEKIIU8GtYQQ/96i05k6JZMIpQY7JUKERUWPYOokB1FI3RVCCCGEEEIIIYQQ/x5Mg50AIYQYDIpYpnznZq47bwbJJS/z073HaRnsRAkRjvhZrPzZxcSVbOXNJ57kgzz3YKdICCGEEEIIIYQQQogBNaCDWkpBRMJw0lMTsZo1fC0u6soKcNZ4QNMAiBt5GsPjuy8Yazi2lYLq4OzzqNRpjE2xdAtTk7+ZolptILMgxLfamKvv5xdn7uP+Hz5Orja415Ka+wMeu83BG3ffw5vlGiOv+jO/PC+l49+bN7H6tjXs6Id0KmVj5i33cMf8KI68/xBr3ttK7SDnf7ApZWDM4iuYQTavbzyC79+8PE4JRW/wl99XcuG1K1n587ux3f87Xj0sQ7NCCCGEEEIIIYQQ4ttrQAe1DLEjGDkiEV9FMcUuL6a4VBwjJmDw7qbUFQzTWHaI/Kr2b2BOyCQtHtyeztspKU85hcXV+EM+88mkdCG+tco+e4p/HooEYNjca7l6ev8dO3LmNdxwVjxHX/4t979diF8GcIAIRs5dwXJqeHvjEXyDnRzRK03zUZf3Gev+UEjzPfew/ObL2fmLZ8lH6rMQQgghhBBCCCGE+HYasHdqKQWxScmY649zrKiUutoqKgsOU+mJJCEpoT2cv6mOxvrgfy5/DInxRhqOH8Dp6vKOEF8Trrra9rCN9XV4fNJxJ8S3VVPJPnbs2MGOHTs44Gzut+MqZWXeOacTW7GRF96RAS1x6tO8+bz20pfUOxaydJZ5sJMjhBBCCCGEEEIIIcSAMZmMxgE6tAFvYyllntr2TmNNa8bjURhMZjSlUKGdyZF2skbaCZTt53h1M1q3juYBG38Top1SZqbPmcwN05LJtJkx+ptxlpbxyqf7+Ki6I9yMJUv49YgyfvH4Pva31lU1ajovXhjPm89+wrrK4GcTFyzmDxMr+NsGH8sWZjLGqqgsK+HZj/bzRZ0KiVeRkDaCm+aPYHqyBYu/icNH8nj8s0LyQwZvVepE/vXddHZ8sBfflEksspvxNtayaXMOjx109XnLuITTb+C/V84jM7qFqqNbWP/Uc2SXB0LSF8HIc67hiiUzyUqOxuippeTgF6x/7jX21XQcp207w3+t9bHoa49nJmPhdVx/0WwyY6H60Ic8s0PRZShbN6Ugbtz5rPzuEiZmDCPKV01+9js89/xGipq7lskYxowyU7N55wlXtKix13L/L85gz2NP4V90NfNGxNBSk0/2a0/w3KbS9jZNb7xKRZC5+DquXz6LjFioPvwRz+5M465VHdstAky64W/8dFo2f/jJUxxpi2PWbTz4g1Fs+NV/8mphuPHamHThDVyxeBJpCTaM3noq8rN5e93TfFUcPB9q6s38465F2NrrznWsefK61u/7yX74RtZsGZiBv/4v597zCx319LEnm1h01UKyYn3U5G9j/RPPsq3cF3I8iJt0IVdfvpDxaQlEeGoozPmQF1/4gHyX1u14vdd7fekLrz4HeXN2sL9pEaPHZcGOvB7DxJ5+G7+85XSslZ+w5tdPs88rA7pCCCGEEEIIIYQQ4tRiGD58OMOHD+/3A2taAHdFEVUN3vbPlIoiKkrD3+LpNKClVASJw7OwGTx4VCRRPY2zGTUMRoNsqiQGVOSYSdw9344//yBr3tnO/R8f5Uh0BndeNIGxqo9DLloiK6aZ2L5lLw99VURd4gh+fMEo0kOOp8WP4O5LJzHVX86rG/fwyPZKIsdO47fnpxPfLV6NqdMz0Y4e5JGPD/KlO4bzl83g4vg+ZtowgSWLI9n92lOse3MX3hHn8v3bV5ASEm/Eabfw01WzMOx7l+cff5gn139KZdpy7rz9Auxd06fjeKbRl3PnjWcxrOxTXnlqLe8fSWH5kiwC9I3mOJ87f7qSif7dvLvucZ55L5eI027i59+fT2zX9JnjibVATVVFL0c1Mmnp2Wi71rP2qVfYVpfG4ltuJ+Q1X7rjNY29nDuvm098yUZefmot7x+2c+7ivre7euONOG0Vd1w+Bf+u13nqwb/x8NPvURAzn5t/tJKRbeGOfcyTD6/hoYce5bMihSr6hMcfWs1DD63m4Ycf5P3DfU6mTv1Xzrry28YwgXOWWNn9+lOsXb+J+tQl3PofneuplrqCH951BeO9wXif25CDaeYqfnLbYuL6UO/1pi+s+txGVVJTC7HxCT3/OxCVkEiM2URUfCIxEV9zSoQQQgghhBBCCCGEGKIG9J1a3SIbNpzEKA/Vx+q7/IvC56ql3m/C5hhDQmIsBQfzcQU6hrA0Swbjp2egVICAr4nG8gKKnQ2ydZjoVxn2OKwtZby48RjbW+vW1tJatjk0Go3Qp1GXyGY+/2Avr7s1oIwt/hjWLrZzuu0I61vfLTdqchYT/CX86Y1cNvk1oIRtLRb+tSSLxbbi9nBBZqoO7uahXcEB443HYPT3JjMzy8yre/rwJiSLi22PPsJ7NRqwicPG4fzh0ulMiXuDstZL1bd3Lff82EdjfQvGqAgM7GWfNpa/rZrGZOs7lDeFd7zMObNweLJZ8/cXyPZpwGbyzffym4zwkw+QtfBsxvi2sfr/1rHDG4x3tzuJ+65byrzEL3kvZJUdJjNGwO/3nuBobazUbH6EdR8EE71pH4x44BomTbHxjtMVVryZs2Zi92xj9T9fYkdIfqemD2x+U7OysDbt4q2177OntT7vystj9wgDLjPgA62+gB1bClAqitizbwUKyd68GU972zrQbWz/lbOe/Laz1LP10cf4oC54PnZ50/n7qhnMHPYa77auPsxasJBRLVtD4t3MTredB65fxLxhG9vDBY/Xe73Xm76w6nO7Fnx+MBpOvPra+d6f+dnOJCIbnVS55d4phBBCCCGEEEIIIU49J29QKyqFrMw4fBUHKXcrCBmM0jQvdSWHqQOITGHUhEzsicXkVwQ7nT2VeRytb91+0GAiMiYFR9o4Ulv2UFTbh058IU6gpKIOd4SDq88dR2pRHcW1bvLLq/m8TqPPnfueRgpcHV9vrHXjwkFiDNA6WJUWb4XaYo4bjFhaq7q3upEq0kmJ7wjX+i+UVLd0HNDtptTjJyMqks699jo1lVBY3XE4Z0kZXkYQEwO0dsYHtGTmXnszK2ZlEmPq2ApUqWPYYoCm8I6XEB8D9ZU4vR3hikpKUdjDTz/gsCdBxWZKjJb2lZ6+kmJqtXkkO4AeBwF646KspK4jgbVOyl3NpNg6TojeeBPiY6CuivKTnN+yY8dxW6Zzya2XYT9YRJmzlMKC/Wx1foP63O/6r5zDyq+7lKLajo9dzgpcTCcuEWgdrHIkJ0LVJopCLjdXYTF1zCMppSMcoKve603fwNRn0DQfjeVlNPbt60IIIYQQQgghhBBCDLqTMqiljHFkjM4k0nWcI8V1nd+l1TWsp5I613AcVisEh7nA68IVsqiisb4BLXoWjrgYqK3p8ThC9EXT4X386UvFFePSuGLMGOIjDAS8bnZuzube7Lo+v7Oq67cUncZ1MRs0tJQJrLljQudwqgVjt6tUEboDmaZV8NdH3u9TugAI+Du/y0opAmhohrY/DUy56sesnOlh8yv/ZNPxpuCCtf
<p blockindex=42>在Restlet 程序初始化时，会通过一系列的工厂类进行路由注册并将其抽象成树状结构（如下图），假设用户访问的接口为/openam/test/stop，在/openam/test父树下不存在/stop这个子树，那么就证明/openam/test/stop这个请求是不合法的，程序就会返回404</p>
<p blockindex=43><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAtQAAAEvCAYAAABlkFa3AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nO3df3QUZZ4/+nf/TjokICSEIIqgKxvHH2ASUByiiA7OwsgsCzMeL15YuassftUFPY67ssPJrs4sxwHG6GHw7I2HLC46F7/sqDDKeBw1rIsSc0U9mgujMMyAIST8SkOH7qS77x/hU6l+0p3u6up0dXfer3M82J1+up5PdVX105/61FO2SCQSwUU+nw8AUFxcjFQEg0EAgNvtzpm2jNk4xpwbbRmzcYw5N9oyZuMYc260ZczGZUvMtkAgoA2o/X4/HA4HPB6P4TcGgFAoBABwOBw505YxG8eYc6MtYzaOMedGW8ZsHGPOjbaM2bhsidlu+B2IiIiIiEjj1Ke5A4EAgNRS30D2pN2NYMzGMebcaMuYjWPMudGWMRvHmHOjLWM2LltiZoaaiIiIiMgEDqiJiIiIiEzggJqIiIiIyAQOqImIiIiITOCAmoiIiIjIBA6oiYiIiIhM4ICaiIiIiMgEDqiJiIiIiEzggJqIiIiIyAQOqImIiIiITOCAmoiIiIjIBA6oiYiIiIhMsAUCgYg88Pv9cDgc8Hg8Kb1ZKBQCADgcjpxpy5iNY8y50ZYxG8eYc6MtYzaOMedGW8ZsXLbEzAw1EREREZEJTrfbrT0IBAIAAP1zRgSDwZTbW9WWMRvHmHOjLWM2jjHnRlvGbBxjzo22jNm4bImZGWoiIiIiIhM4oCYiIiIiMsFpdQeIiNLhzd/uxtZtvwaQ2gUmABAOhwEAdrvxXINVbc1cVGN22bHaFhR48MKGdSgqKkqpP0REuYgZaiLKC795cxf+vwMHUx5YAn0Dw1QGlla2dTgcWRPzmbNn8cGeD/H1N4dT7g8RUS5ihpqI8sbkSVfglcZ/t7obw9Z7H+zB8r9/xOpuEBFlHDPUREREREQmcEBNRERERGQCB9RERERERCZwQE1EREREZAIH1EREREREJnBATURERERkAgfUREREREQmOH0+n/YgEAjA4/FA/5wRcseuQCCQM20Zs3GMOTfaDreYe3t7DS+Lhobf70+43XHbNoYxG8eYc6NtvsQclaH2eDwoLi42/KbCzB27rGrLmDO7bMacubbDMWbKHdy2jWHMmV02Y85c23yJ2akPwufzwefzpRxYMBgEALjd7pxpy5iNY8y50Xa4xex08sav2cLr9Sbc7rhtG8OYjWPMudE2X2JmDTURERERkQkcUBMRERERmcABNRERERGRCRxQExERERGZwAE1EZEFWltb8fjjj8Pv9wMAGhsbUVVVFfO/pqYmi3tLRESD4WXxRERZ4pFHHsHSpUu1x36/H6tXr7awR0RElAwOqImIMqi1tRUrV65EV1cXAGDWrFmoqanB9ddfj6KiIot7R0REqeCAmogogyorK/Hee++hqakJ27Ztw4YNG+D1etHY2Ij6+nrU19cPaHPvvfda0FMiIkoWB9RERBZ49913BzzHkg8iotzEixKJiDKstbUVTU1NaG5uxqxZs3jRIRFRjmOGmogow/bt24fFixfj0KFDePLJJ/H8889jxIgRePXVV1nyQUSUg5ihJiLKoM7OTuzduxfXXnstAMDr9aKurg5jx47FI488go0bN2L+/PloaWlBS0sLXn75ZXz88ccW95qIiAbDATURUQZ1dHTgjjvuQFlZWcy/V1dXo729HY8//jhmz56NJUuWYNKkSdp81URElH2cwWBQexAKheBwOKB/zohQKAQAKbW3si1jzuyyrWrLmDO77Ey3DYfDhpdlhcrKSlRWVqK1tTXm371eL55++mksX74cy5Yti7pIMVf09PQk/Py4bRtvy5gzu2yr2jLmzC47XW2ZoSYiygKHDh1CfX09qqqqsGbNGjQ0NGDv3r1obGy0umtERJSA0+12aw8CgQAAQP+cETJKT6W9VW0Zs3GMOTfaDreY7fbczQ/4/X60t7cPmDZv8+bN2i3JN27ciNraWgt7mTyXy5Xw8+O2bQxjNo4x50bbfImZs3wQEVmgsrISv/jFL7THmzdvjvm6pUuX5mTZBxHRcJK7KR0iIiIioizAATURERERkQkcUBMRERERmcABNRERERGRCRxQExERERGZwAE1EREREZEJHFATEREREZnAATURERERkQkcUBMRERERmcABNRERERGRCRxQExERERGZ4AwGg9qDUCgEh8MB/XNGhEIhAEipvZVtGXNml21VW8ac2WVnum04HDa8LBoaPT09CT8/btvG2zLmzC7bqraMObPLTldbZqiJiIiIiExwut1u7UEgEAAA6J8zQkbpqbS3qi1jNo4x50bb4Raz3c78QLZwuVwJPz9u28YwZuMYc260zZeYnYbfgYgoS/356DH868+ftbobw9bx9hNWd4GIyBIcUBNRXph2w3X4pOVTvPZfb8Bms1ndHcNsCAORCCI2O4Dk+x+JRPraZ0nMEy+fgMsmXGp1N4iIMooDaiLKC/9rxd9h6f9xDwCguLg4pfew8tTh/fffj9bWVrz44ouorq5Ouq3P5wOQezETEeUTFh0SEREREZnAATURERERkQkcUBMRERERmcABNRERERGRCRxQExERERGZwAE1EREREZEJHFATEREREZnAATURERERkQkcUBMRERERmeCUO10BQCgUgsPhgP45I0KhEACk1N7Ktow5s8u2qi1jzuyyrWqbqzHLLcR7e3sNvUcux2ymLWPO7LKtasuYM7tsq9rmQ8zMUBMRERERmeB0u93ag0AgAADQP2eEjNJTaW9VW8ZsHGPOjbaM2TgrY7bZbAAAp9Np6D1yOeZU2zJm4xhzbrRlzMZlS8zMUBMRERERmcABNRERERGRCRxQExERERGZwAE1EREREZEJHFATEREREZnAATURERERkQkcUBMRERERmcABNRERERGRCRxQExERERGZwAE1EREREZEJHFATEREREZngtLoDRNmuq6sLL7/8MgDA4XAYbh8KhSxpGwwGAQBut9twW7PLZszG23Z0dAAA3nzzTbS0tCTdNpdjTrUtYzbOqn7feuutmDx5suF2RLnG1tXVFZEHgUAAHo8n5TfLxYMUYzZuuMX8D//wD9i/f39KbYmIhrPq6mqsW7eO31VJYszGZUvMURlqj8eD4uJi+Hw+w2+caoesbsuYM7vsXI152rRpWL9+fcrLt4qZmHNVrsYciUQQiURgtxuvxMvVmM1gzNnv4YcfBpD6sZvfVZldNmM219ZZXFysPfD5fPD5fNA/Z4SZU1JWtWXMxg23mB0OB8LhMAoLC3Mu5vPnz2PkyJGG25pdNmPOXFvGbBxjzkxbp9MJu90Oj8fD76okMWbjsiVmXpRIRERERGQCB9RERERERCZwQE1EREREZAIH1EREREREJnBATURERERkAgfUREREREQmcEBNRERERGQCB9RERERERCZwQE1EREREZIIz8UuIhpf29na0t7drj8+fP49IJIIvvvgCLpcLAFBeXo7y8nLTywqHwwCQ0u2miYiyybfffovOzk7t8fnz59HT0xN17Bw3bhzGjh1rVReJhgwH1ESKUaNG4Qc/+AFCoVDU8w888ACAvluR79mzx4quERFlrdLSUvzwhz8c9NjZ1NRkRdeIhhzTYkQKj8eDmTNnxv37zJkz4fF4TC2jp6cHPT09CAaDCAaDpt6LiCgbuN1uVFVVxf37rFmzUFBQkMEeEWUOB9REMcyZMyelvxERDWe333573L/x2En5zBYIBCLywO/3w+FwpJx9k9M8DocjZ9oyZuOGQ8xdXV2YO3duzL/t3r0bJSUlSS87Vr+7uroAQMvWuN3upNsmi5+zcYw5N9oyZuMy1e90HjtzJeZ0tmXMxmVLzMxQE8VQUlKCmpqaAc/X1NQY+kIgIhpOSkpKMHXq1AHP33TTTTx2Ul5z6jNjgUAAQPxsWSJSC5pKe6vaMmbjhkvMd9xxB5qbmwc8Z3T5+n739vYC6P9l6/V6AcSf5YOfszGM2TjGnBttcynm2bNnY//+/VH
<p blockindex=44>跟进到this.getNext()，可以查看到某个父控制器下面的所有子树控制器，这是/openam/oauth2父控制器下的所有子控制器</p>
<p blockindex=45><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABw8AAAM6CAYAAAB3sgxKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9d5RcSXmw/9zOfbt7Uk/OQWmUc1xptTkBS1gWlhyMCQaHj5+xMdgf5meDfYwNOIJtMAYvhmUj2qjNQStplUdhNEGT8/R0z0zndO/3R0/oybel1oy0W885OkfdU1311ltV71u33qq6UnlFtYrgusGZl8/Q4MBSiyEQCAQCgUAgEAgEAoFAIBAsSElpOd1dHUsthkAgEAgEghTQLbUAAoFAIBAIBAKBQCAQCAQCgUAgEAgEAoHg2kAEDwUCgUAgEAgEAoFAIBAIBAKBQCAQCAQCASCChwKBQCAQCAQCgUAgEAgEAoFAIBAIBAKBYAwRPBQIBAKBQCAQCAQCgUAgEAgEAoFAIBAIBIAIHgoEAoFAIBAIBAKBQCAQCAQCgUAgEAgEgjEMFqt9qWUQpIhoM4FAIBAIBFdKttO21CJc13iG/EstgkAgEAgEAsF1g1jLEggEAoHg+kKcPBQIBAKBQCAQCAQCgUAgEAgEAoFAIBAIBIAIHgoEAoFAIBAIBAKBQCAQCAQCgUAgEAgEgjFE8FAgEAgEAoFAIBAIBAKBQCAQCAQCgUAgEAAieCgQCAQCgUAgEAgEAoFAIBAIBAKBQCAQCMYQwcPLxGB1otObl1oMgUAgEAgEAoFAIBAIBAKBQCAQCAQCgSBtGJZagOsJa14t+es+gaN0FzqDFYCwt5PRtlcYqPsF8fDIEksoEAgE07AWsLrCQHN9FxFJWmppBAKB4G2FYi1jbXmISw0DhLk6NlZRwWAyQiSCIuy4QCAQCAQCgUAgEAgEgkVA78wt+NZSC3HNI0kUbv485fu+RXi0i/7zD9F39iHcLc8T9fWSWX4jRVt+l4Crnoi3+6qKYjIZiUaiV7WMdyqKCgZJRb1Ki38CwWKiYKf27s/wlc99kP3Fbl47dImwWHQWCARJWGXTUotwXRMKRlHz9vHFP/4d7t5cRKyzntbhWNryV3Cy+b7P8oXPPMB9764l+PqbtEaEHRcIBILrCcVYzPp9u6gwDtIzFII55uNa0wkEqXAt9StZthIMBpes/GSuJb1cSwi9TEVRVXTvcB2kA9GvBILrh9nGa9pPHiqmYvZ84IPsr3IgNT/Bdx46O3s6NZM9n/oSN0ov86//dZjRJOOhqEaKNt3KbTtXU5RlIDbSw8XDz/H8qX5iS2Bk8jd8mty1H6bllb/E239hyt+Cw90MtR6icNU9VN76PdoO/iG+vpOLLuM7hRW7tvPtZW7+6udNnJujL9Ts2MZ3NsgTn9VoH9/76UWOz9N3FNXCvfdu5aO5IR777TF+7bq6/az8/d/iT2/Nn/gcC48w0HqKgw89xlt9Vzc4rKg6am54N+s4w5NvtM44xTBdNjV8jB//4U+pu8Kxt1C5S42iGrFt/hyZvEbfybOzTmjkew6wYlsu4cO/S/1zCdumVH2NdZ/YzNC/fYi+gatXJy3yTaaVWf/xr/K7O820vPAz/v2FE4wkpV/K/rdUXOv971pnKfT3TuynguuQnqf54feGuPOD7+MDv/9H2P7p7znQEklL1jk3fZxP7c+j4en/5eGWXrr9acn2ukdRVYxWO4aQ76qd9hQILhe5oIY8wxCdXZ5F8ZWKmsOqm7ZS6DnHa6e7UXBO+Zw8X9Q5SqiuqSAn04pZiuMfaqO5vpXRWJKcBRvZty5/1sXSoQsvcLY7jmIoZeP+1eTMUT91tJEjR1pS2rRmqdzJjpoQ5148xZCGca1Vz4vdHtNRVMiuWUYOg5xvHZk7cDhPOgUzOTVrqa10YpJ8tLxxiM6QNOP3luxyqqrLyc4wY1Ai+Ic6aG5ow5vUvjmrb2Z9iXFWGdTRJo4euUQoBT0lyq2gqqaMbIcZgxLF7+nk0sUWRqOp6zvd+YE2/aUmXyVV1SXkZFgwEMc/1ElLQzPDEWlauoXrke78ZpNXS/97p3Gt6mUhe6XVTmq1B7P9bjH1kq76Xi0UVUfOqj2sLzPiOvsKF/qVRZdhNkwVO9i1LML5F0/iGtOLkl3L3i159Bx9lVavpNlPB41lmv25pXInO5dnTv4tHiHoH6a/6QLt822MuUL/lgra/KX2eZNAMBda+9HbZbymNXgoZazkng/fy0bbIH3DDormSWtafiM7SsKce+jYlMAhgGXl3Txw9wq8dYd45jUvjuqd7L77oxj8/8yBpsVdMLRkVVG46Xdoe/1v8PZfwOwoomjjx7HnrSIeDeLtO0Pvmf+h7+JT6M0Oinf/MU2PfRRVvTYcyzuRnosN/F1fomvnLlvGp8q1/EolGo0TU+JEFqnp1MB5Dvz8NXqQMDjK2Xr7rXzyD2yEvv1T6oJX02EZKd96O3cwzHNvtBKe9teBN3/Jj5oT7/PM3vpB7l+3OOUuPQas6z9GAQP0nzyLOkcqVVEx1d6O9dk6gos6sdAmH4Bl3Qf46K5MWh//O/7xYM+sk/Gl639LxbXe/651lkZ/77x+Krje0EkKo62H+dX3uwn/8Ve54+P3cOYvH6UjDYscBUX5GIZP8cxTR2mVJEjjwok+o4I1G1dTYO7j1MGTuK6nB2WpjI237iC7/VVeOOuaM5mSt55bNxs59+xxBq6n+gmuWxTVgrOyhnK/j/auRSrUKGMxQMA39oBvmPZ5HHsVG7YuwzjcTleDl5gll/LqFaxTgxw+2zcxV7TabEixIS6da2fqfgWV0EgMkEAZou30SboAJCcVGyrQd56lZSjxnK6GvSnfdiHLMgSGCKosaOq06nlJ2mM61gqqS8yMthzHNc+i/VzpJGsRK9etotgRZ9QfxSR7CQSZoSOjs5aNm4pR+ttpq/ejynmUV61kvT7GkTNdxCUJRTUjywbi7hbOt3smf2wqoGZ1CfphDwFAl0L1DGPlqoMdtF/0oViclFYtZ/3aKEdOdqa88Tvd+WnVn1aMebVs3JCQr61+lLg1j/KqGtbqwxw5NSmf1nqkO78ZaO1/7zSuQb1osVda7aQWezAri6iXdNb36qHHbDagRgP4gtfO+m5CL24CSXox2R0Y8BMYd9xa/XQK/lyWZdRgN40X+wgDksFObkUNlZu2oLx5iM65DhVfoX/Tiub8tM6bBIL50NiP3i7jNa3Bw1W3vp81nOOJnz2L8fY/4Z450imqk5371mHpe4VDTbGpOw9UqF6zCrn3ED89cIhRSUI5344u//fZvXYZBxovLOqAdq6+H19/HSM9ZzDZ8lh++3fx9p6m/dAP0BktFK79IMtu/haNB79O34XHqa25HYtzJUFXvab8JUlCVecLAwhmYz6NBUdGOT72+smy3DhoCB7qpDDPPnOYZ4FFm5nEPbScqaNRkoA6Trbp+Is/u42btv+Guld9iyPDLIT6GqnrS/y/uOLeJZPjmsXVTNC5n+zKvyfYvtTCzERRLWzfv4UM12v86/OzBw6Ba7b/CQRTEP1UcJ2gi3Zw4NG32PmVPdy8/gl+VnfliwyhUATMZsxpkG8cBQt5K7eyaVkWIV8Uk9GQ0kLxNYHaS9OJE5hGh+ZPJ5kxGfXXX/0E1zF2ZCsEB32L97xqsWJBxefzz/6ZxOmJwppqHIFLHDt1iSASitpLxJrLhoJcMunDQ+JUr2yzQKCH/sHBWd6VnfisU4KMuhKrDootk2rieAd7cLsv9zSXCVk2oPoDBDT9Qquel6A9klBUHXnLqsmI9HCmzc9cz5hzpVNUCxXr15FPNw1H6olW3sRaAkw/hK6oMhUryzAMnuXo2Z6xQGEvUauTdQXZZNBFIlRox2aHYGcvbpdv7LcSObVrkONuGlrdKV3Pp6hWypeXYXSd4+iZ7rEAVi8BUw6by7LJpJMFrPRVzk+b/rTnZ6a0shSz+yJHz3QQkSQUtZ+onMf6vEzsdDKcQj3Snd9MebX1v3ca165e5rdXWu2kdnsw/XeLrZf01PdqopOi9Ne9TP8SlT8bimrEZjOi+P0kr/3bbTYI9RCIA5J2P6013UR7eN30DQ6iShLgYtBnIGNnNTm5Zj
<p blockindex=46>POC中的漏洞接口为/openam/oauth2/realms/root/authorize，通过上面的this.routes可以知道，实际上/openam/oauth2/authorize接口也是可以调用到漏洞类的</p>
<p blockindex=47>/authorize路由的注册实现在org.forgerock.openam.oauth2.rest.OAuth2RouterProvider#get()，可以看到当调用到authorize控制器时会交给AuthorizeResource类处理</p>
<p blockindex=48><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABmUAAAHpCAYAAABzzDibAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3Qc1d3/8ffsaler3pslWZbcuzEx4I6NAWPsJPQAoZPAQwgJIeEJv4eEhBQSEkIKGAgtlISO6dXENs0Ny93GRZas3ntZbZvfH+qWiyRrZdn+vM7xOZ7dmVtm5s6u7nfvvcbQtAwTOWoxcfFUlJUe62KIiIiIiIiIiIgcUXLKUAryc491MURETjqWY10AERERERERERERERGRk4GCMiIiIiIiIiIiIiIiIgNAQRkREREREREREREREZEBoKCMiIiIiIiIiIiIiIjIAFBQRkREREREREREREREZAAoKCMiIiIiIiIiIiIiIjIAFJQREREREREREREREREZAAEDkYkBxAcGEhdoJ9xmw2Gx4DJNXF4vFc0uCpubafJ6B6IoIiIiIiIiIiIiIiIix4TfgzKRAQGMDg8jxGrt8rrdMLAHBBAaEMDQ4CDynU6yGhrxmaa/iyQiIiIiIiIiIiIiIjLg/BqUSQgMZFxYKIZhHHY/wzBIDQoizGZjc3UNXgVmRERERERERERERETkBOO3NWUiAwJ6FJA58Jjx4eH+KpIIAKZpEGBV4E9EREREREREREREBpZfRsoYwOjwsF4FZNrE2m0kBAZS0tzc/wWTdqYJ0eNS+NaCBMYkB+GweKgpqGbNh1m8v9MFna5daPoQLlySxJikQOzNzeTuyOf1t4rJd/b++h5rphnIOT+ayrdSm/nwHxt4O/fIdTCnjuEf33Xw/u838n758VdnERERERERERERERkc/DJSJj4wsNsaMr2RHhLcj6WRgwmbPJo7bhzKCG8VK9/exb9fy2VzYyjn3jiJS0Z23BZmZALXfX84Y80qlr+2m1c+rSZo8ih+cFkswcflNHMmbrcPj8uH+3gsvoiIiIiIiIiIiIgct/wyUibeEXhUxwcfRUBHjswklPO+HY9tx9f85olS6ltHxaxbU0bZLd/gonMSeHdPEY2GQcw3EhltreS5J7JY22QA5ewihN+en8gUezlfuo9tXXrLMFysfGQtK1u2jm1hREREREREREREROSk4pegTFiAX5KV/pIUzZhIJ2uf7QjImIDFcJG5rZ7LzgkjlSJ2AXHRgVBbQ3Ej7TGMquImmoxw4uOBAjCtMXz/t+PI2LiFu16qbp/6zLRGce2vJzBqyxb+r/V10zQJy0jmoiVJjE4KwuFpImdLHq+9UUKBuyNIYqan87sfxrPtP3vxTU/ntFQb7up6Nn6wm9c2OPG25dHT/aaO4R/fjcPatt1QxNL/282OA6bYM00YcsZwLj87jpQwqMwq4OWtLeen6349q4eIiIiIiIiIiIiISBu/RE/sFr/Miib9JSqQCJooKWgJQqTMHsv3FscQ42tg1SY3PpuFtrFONqsFfAcEJXw+TAyMtgFNngoyd3mYPD6GkUY1e1pftoyOZVxwMxs31rQHaoy4ZL5/cwYx+wv4+LU6GsMjmDN/NLeFmfzmyY4gUQuDMbMT2bF5Py+utpE+PZW5l4+lOm8jH5XRu/325vHEU6UYQOy04Vww/OCnJmDYML5/aRIBu/N44/0G3DHRnDMrBBNvl/16Vw8RERERERERERERET8FZTymiV2d0oOXxYIFH24XEBDD+UtisezM4smv3Iw8ezgWo6pXE3sZBmzeXIVrUixTMrLYs69lJMnYCVGE1FeQucekbZhNyhlJZLjLeOLxfWxyt0yHtq3Jwe8uHsIZUaUsr+6cso3qzF28vMoDwPpdMPTXwxk92sZHZZ5e7WfUNrBlWwMAacPT4RBBmeRJMcS5ynniyRw2eVrKl2ubyl1JXffrXT1ERERERERERERERMAvQ1qavT5/JCv+EB1MrK2Rrz4sYNO2Ml7/orbbVF094d5Sxs7mQCZOCm99JZzJ4wKp3VbO7k4JxscEQWUjRVYrDocFh8OCt6SBGsNBTGy3VCkp6rRoTW0TZQ1eHCEHxhJ7ut+RRYbboKaJsk7JFRQ3dTsnvauHiIiIiIiIiIiIiIifRspUNjcTFhDc5+MV0hlAAQZWvLhbgxAej69PQZn2KczGxTB0WS37M2KZEO5iy6aOqcsAAqxgpKbzy/vSuxxumi6s3e5GE7NTYQyjimd/8eVBMu/pfkfWVtLO58A0zW7npHf1EBERERERERERERHxU1CmsLmZocFBGH2cwqzE2dzPJZJD8pr4sGBpXR/GMAwMj4+2ycG8XhMsdJ3OzGLBwMTXaZmVjinMYpiSnI11cgyR9eVs3N0xdRmAxwtmcT5PvF5OU5eCmFTl+6OCvdMWfOmyso1hdJvObbDXQ0REREREREREREQGH78EZZq8XvKdTlKDgnp9rMc0yW5o8EOp5KAqGil1BzNuWgSrP/Mw/pQwzLICClvfLq10QngIiUGw39nyWmRiEEGmk7LSrkm1TGEWx/jJsRhjgqjdtoddXWMylFY0wTCo21NDVusbZlgwY5KtmB6OuepaN0QEEWeDgtbyJCcGYRwwfmuw10NEREREREREREREBh+/TbSU1dBImM1GZEDvsthRV4fTpwnM/Mrrw4MNmx1wVfDOW5X84NuT+c1ZBr6GGj58upCq1lFO5V+VsHvBSL59YwbBa+poCo9g9vwI6rfuYJOLrkNKWqcwu3ZyGtZ4F1tf7zp1GUD+miL2zc7g6hu9fJJZT6MjmEmzU5gSWMLff1tLmZ+qHJ4aRXpES1lioy1gtTNsYgw2AI+T3TsbaDIMCrZWUn5mMhfdMIzw9Q24Y6P5xkQrvgOCMseqHiIiIiIiIiIiIiJy/PJbUMZnmmyurmF8eDixdtsR9/eYJjvq6ihvdvmrSNKmwkkNkSSlgJENRV/s4FebAkmOsVJd1EhNp0XuqSriqcetXLQ4kXMuTsLmbCZvyx6WvlVO4wEBl7YpzNyT4khsKOaVA6YuAzDLCvjnY3DR4iTOuzSVQE8zJfsKefLt/ez19W26u54YedZ4rp9s6fRKEOffENNSpqp8/vLrLPYBnuwcHn8lgO8sSOLb34GanGJe/byOkRc6BkU9REREREREREREROT4ZQxNy+jTuu69keBwkB4cRLDV2u09Hy1ryGQ3NBzXI2Ri4uKpOHA+r0HKNIO54K5TmVm1m989Vkx1txVTRERERERERETkRJacMpSC/NxjXQwRkZOO30bKdFbidFLidA5EVtIDhtHIe6/lMfH7I/n5j8P5bGM1RRVevGYz2dvqqTUUpBERERERERERERER6W8DEpSRwce1J4c/P9TEknOSOOPsOCKCrVjcpTx+59dsPtaFExERERERERERERE5ASkocxJr2l/Cy4+X8HLnFzVKRkRERERERERERETELyxH3kVERERERERERERERESOloIyIiIiIiIiIiIiIiIiA0BBGRERERERERERERERkQGgoIyIiIiIiIiIiIiIiMgAUFBGRERERERERERERERkACgoIyIiIiIiIiIiIiIiMgAUlBERERERERERERERERkAJ01Q5rzEBF447VRGhYYc66KIiIiIiIiIiIiIiMhJ6IQKythC7Fjt3at0XmICPxmRQXxgIPdPHK/AjIiIiIiIiIiIiIiIDLiAY12AoxWaFMqQ05OJzIjEarMC4Kp3Uf51Obkr9nNWbCy3jxjO8tIyzkmI48uKSu6fOJ5vr153jEsuIn0SkszEdAu7tubiMgwAzJBhTEprYs+OYpwYfsnWNCHAbgOXC6/hnzxERERERERERETkxHb8BmUMSJ05lJQZKVRlVZCzYh/Oupbu2KDoEOLGJmALsRFls3H/7j2UNTdzTkIcf96TxY0u97EuvfSCaRrYrT7cPnWEn8xMwpnw7eu56twpxBW+yh1bc3G1vRk5lct++k0iCtfx9tP/4qOsxn7MN47TLr+WC2aOIj54Py//+Dd8VNtvyYuIiIiIiIiIiMhJxG9BGdM0CIpJIykhmiC7BdPVQHVJNkUVTdD6K/OI9GkMjew+3Vjd/nXkVJqHTT9lRg
<p blockindex=49>所以当访问/openam/oauth2/realms/root/authorize，最终的业务逻辑由AuthorizeResource#authorize()处理</p>
<h3 blockindex=50>漏洞分析</h3>
<p blockindex=51>在该方法中首先调用requestFactory.create()将原始的http请求转换成OAuth2Request类型的，接着调用到authorizationService.authorize()</p>
<p blockindex=52><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAByoAAAHNCAYAAABBzvxWAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3yV5f3/8dd9sk4WWWQHwgx7iANFFEFcIO6Fili1rbXVr6P1V1tbraN+20pt+61at9aNAxcuUERUliAbGUnI3jvn5CRnXL8/EshJiJIwThTez8ejj3LOue5r3eMy9+e+rtvqnznIIIdEQmISVRXlvV2NXmFCkhl9yVFE71rNii8qwbJ6u0oiIiIiIiIiIvI90jP6U1SY39vVEBERkSOIrbcrIIcfYyB6fBaJQZXkrVWQUkRERERERERERERERPYW3NsVkMOPZUHj6mV8thpAQUoRERERERERERERERHZm2ZUioiIiIiIiIiIiIiIiEjAKVApIiIiIiIiIiIiIiIiIgGnQKWIiIiIiIiIiIiIiIiIBJwClSIiIiIiIiIiIiIiIiIScApUioiIiIiIiIiIiIiIiEjAKVApIiIiIiIiIiIiIiIiIgGnQKWIiIiIiIiIiIiIiIiIBJwClSIiIiIiIiIiIiIiIiIScApUioiIiIiIiIiIiIiIiEjAKVApIiIiIiIiIiIiIiIiIgGnQKWIiIiIiIiIiIiIiIiIBJwClSIiIiIiIiIiIiIiIiIScMGBLMwYi/CETFKT4wkPtWFaHNSW5VJS1QSWtfcGkZlkDY3HkbOOonoTyKoekYyB+JEZnDs9meHp4dhtHuqKalnxUTYfbG3psI+iBqZwwcx0hqWHEdbSTPG2Eha8VUSus4v92M2yB52QyViqWLi8AU9Xx4OIiIiIiIiIiIiIiIgcNgI6ozI0IYtB/eOxGospysulvBFi+48kMyFsr7TG2Enql0RwfSGldb5AVvOIFT1uGLdd158h3ho+e3cbL76Rz3pnFGdcN5aLh7YfKiY+mWt/PpSRthqWvLmd1z+rwRoxmF9enUqs2d+Aso3MCf05bUJUYKPnIiIiIiIiIiIiIiIi0isCFhMyJoL4lBi81d+Sk18HloWpqabZGseA5GTsVfm4/GbRhSQMoG9YExW7yvFqdt0hZ4jirPOSCNnyLfc+WU5jW5+vWlFBxQ3HcOHpySzcUYLTskg+JpWhtmqefzyblS4LqGSD0879l6ZwfFIJH1b0bltERERERERERERERETkhy9wk9escOyh4Gqo37OEqGUZGhucEB+O3QJXW1JjiyMlrQ+e6q1UNAGKUx56qfEMj3Wx8r/tQUoD2KwW1m5q5NLTo+lHCduAvnFhUFdHid++cWwt4p1FUVR427M0xhA9KJ0LZ6UyLDUcu6eJXRsKeOOtMorcbWUMH8zffpZG5J5gdBbz/pHVtr2PdS8s48m1OgBEREREREREREREREQON4ELVBoPHh+Eh9lpD0mC3W4H48BjAKv1XYURKf2IpYaC4vqu310pB19cGDE0UVbUug8yThrBT89OIMHnYOk6N74QG7sX6LXZ2naUH6u+jiUf1OEfVbYS0/nZ9YNIyCti0RsNOPvEcPK0YdwUbbj3qbaAaFEpL71QSxA2hk0fziSKeX5xLZ62PKpzAtJ6ERERERERERERERERCbAAvg6wnoY6D3FJQ0h15VLR6CY4KoX0RDumoYSm3cnsKaQmhuEs+ZY6r4UxCWQeNRjyVpFfE7jaHnFsNmz4cLcAwQnMnNUX29ZsnvrazdDTBmOzarqe2BpsYQ/e/YvB0+LD42v9nHF8KoPcFTz5RA7r3K1LxG5qsnP/RWkcH1fO4lqwGhysW+vAGBvRxwM4WL+m0m8ZYAWqRUREREREREREREREDkcBC1RalqGuaAcVoUPpO2AUCRh8PoPN5qW6sgKvZWGMjbi0NCJaStlZ3oyCVL0kPoK+IU6+/qiIdSUWGyMSOfnCrpNmzpzA7adEAmCMh9VPf8lzm1p/S0oIh+pySoKCsAe1fuctc1BnJZPQF6g99E0RERERERERERERERGRH6YAzqgEy9NA6fa1VNojCbGCiBkwjERKqawzbUu8RhMZHYyzrAJ3UAitsS0bFq3vS5QACbYIwovb3frR4/F9Z/+XfLmNf22xQXwKV17at2M2QWD1G8gfHxjY4XtjWggK6JEnIiIiIiIiIiIiIiIiPzQBDxdZFnibHfhiBxNv91GbW0xLp/dQRqaNY2Rax+3qAljHI57X4MOGrW0WpGVZWB7fnvdG+nwGbK3zXVsqG9lWCSYtFjemQ0DT4wVTWsiTb1a2L+0LgKGmMBANERERERERERERERERkR+qXpnXZoydpJR4bM4iymq9bbMpARqoyN5Krc0/dQzJg9O6yEUOmSon5e4IRh4bw/JlHkYdFY2pKKK47efKmmaIiSQtAvLaIpChKRHE0kJNVXs25VVNMAAadtSR3baMr4mOYHh6EMZDJwavASwt+CsiIiIiIiIiIiIiInIk6JVApS2uHwl2D7U5Jbj9ZlNalo8WRwMtfmmNCSUh8FU88nh9eAghJBRoqeK9d6r55XnjuPdUC5+jjo+eKaambV+VfV3KzmlDOe9nQ4j8qo56exTHn9oXq2AXq0vasyxcUULOSYO46jovn6xtxGmPYOxJGYwPK+Nf99VT4Ve8ZRmKSprg+GRmnegh22UAQ8W2KvIdCl2KiIiIiIiIiIiIiIgcbgIeqDTGTnJqLDZHAeV1Pr/ZlNKrqlzUEUtqBli5UPLlFu5eF0Z6QhC1JU7q3P5pS3jyCRsXzExl2gXJ2D3NFG/fxX/eLqTUbz6kqSji8cfgwrNTOeuSfoR5minLKeapd/PY6dt7v2d/vJ0Pk4dy0nnDmRJiw5hmvni0ivwdAWi/iIiIiIiIiIiIiIiIBJTVP3OQ2Xcy2R8JiUlUVZT3djW6xZgIzr/jaE6s2c79j5VSqwVYRURERERERESOKOkZ/SkqzO/taoiIiMgRJCgmNu7u3q7E4SoiMpImp6O3q9EtluUmp8zGsacNZNooO2FhQURH20lKtNFU3kKzZr6KiIiIiIiIiBzW+vSJoaG+rrerISIiIkeQXnlHpfwwtezYxYP/bmLW6akcf1oiMRFB2NzlPHH7t6zv7cqJiIiIiIiIiIiIiIjIYUWBSumgKa+M+U+UMd//S82mFBERERERERERERERkYPM1tsVEBEREREREREREREREZEjjwKVIiIiIiIiIiIiIiIiIhJwClSKiIiIiIiIiIiIiIiISMApUCkiIiIiIiIiIiIiIiIiAadApYiIiIiIiIiIiIiIiIgEnAKVIiIiIiIiIiIiIiIiIhJwClSKiIiIiIiIiIiIiIiISMApUCkiIiIiIiIiIiIiIiIiAadApYiIiIiIiIiIiIiIiIgEnAKVIiJyZIlMZ8zofoQas+crEzmAMSOTsWO+Z0MRkSODMRAUEkKQ0TVRRERERERERA6t4N6ugMj+MMYiNMiH22f1dlXkR8CYYEJCPHg8vV0TATAmBFuwG+MNcLn0YfR51zDnjPEkFr/ObRvzadn9Y+wELv31OcQUr+LdZ57l42xnYCsnIkeEH/p4ZEjkuNlXc/6JWSRF5DH/5nv5uL63ayUiIiIiIiIih7OABiqNsQhPyCQ1OZ7wUBumxUFtWS4lVU1gtQac7KljGZoSvte2NbkrKKxVUOrHZMRJU3lgRAV3P7aRdVbX+27o5Ck8eHTUns/GXcj/PryOFd+RHsCYCC685CSuSmri9deW8kL5oT0uBl72V/5wRsqez57mWsqyV/PBi6/wVbH7kJZ9uDDGxpCpFzGeNby9ZCee79m/Bzs/Y5KZcee9XJRZxXsP/JYFuYfvdcSYEKIm3kgcn1K08htMF/0SOesjRo9fwdZ7/kj9Ae6H/atjJqm/fI3MtBIKHz2HoqLA1MGYKI669k5uONHOzo/+wyMfrqLWv/2F7/C3+ys5+4pLufQ3vyVq3n28uaPluzPsVpkwfPQwJlLKy5tqcXfR3925Th5uooaewWUXn8rIjDhCXVXkbfiI+a98Sp5r7/ZbE37Ov381CXvDUubd9BRbDqCPunPdGDJ7HnecsJl5N35/WcZA7MizuezCkxm
<p blockindex=53>在该方法中程序会获取请求时参数的值，调用validateAuthorizationScope()验证传入的值与配置的值是否一致</p>
<p blockindex=54><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABtMAAAKJCAYAAADJONYiAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd2BUVd7w8e+dzEwyJT2ZdAIEAoTeBClSBMEAuohdsbvrWvZZdd13dx/3cfXRdYuuu/vY265rw4oFRARERKQZakhISO9t0mcmyZTz/jEhmRRgBhIS8Hz+IuHmnnN+995zzr3n3HOVseMnCTw0NTYi9a/wSBPm6qqBzoYkSZIkSZIkSZIkSZIknVJc/BBKS4oGOhuSJEmSNGBUA50BSZIkSZIkSZIkSZIkSZIkSZIkSRqs5GCaJEmSJEmSJEmSJEmSJEmSJEmSJJ2AHEyTJEmSJEmSJEmSJEmSJEmSJEmSpBOQg2mSJEmSJEmSJEmSJEmSJEmSJEmSdAJyME2SJEmSJEmSJEmSJEmSJEmSJEmSTkAOpkmSJEnSucAQx/hxCWiFGOicSNJ5RRiGMj4ligDktSVJkiRJkiRJkiRJUu/UA50BSepLQiho/VzYXcpAZ+W8JoQajcaBwzHQOendYM+fdG4SQoNKbUc4z3K6BDHuJ7exeskkIss+5MHDRbSd3SxI0vktZArX/Ooygsv28Pm//s1XudaBzpEkST9ig70fO9jzN1BkXCRJkiRJks5/Z2UwTagMRAwdSUyQFhpySc83n3hjQyLJI8Ow5B2gtLFzhrAQ4B86hNiYcPQaBYfdSlN5AeV1NlDkwMm5ZMzcBTw5ppo/vHSYAyc4diPnzOOpqcaOn4W9hD89d4BdJznWQuhZdfVcbjLZ+PCDbbxVdXbOC2XKz3j23lkENG3j6V+8RsYZnI9CqBix4EomkcanW3Nw9LKvEdc9zW8vPMLT951ZWqefxyhSH/5frkw0s+7J37A2v//z4E1cBiJ/wnQZj/1pFQknyI84+ib3/OkrWnw4TlGXPcofL6/lpdv+zp4fSd0mhAbjjPsI5WtKd+9H9FJuw4qNjJu0i8zH/ofGATnvE4m55wMSY8speeEySkvPTh6EMDL59oe5e3YAORtf5Pkv91DfrfzGkUu49qqLSYkPRdtipvDQRt5f8zWFLT3zOFjrKyEgJGU51666iNFxoaitZooPb+L99zdTYO38u2HX/oXfL4nu+NnRWk9l7l42vL2G78vsp12WwcyX+k/qyav4lXzGX5+oYfkN13DNQ7/B+PTjfHzszIashYDR40YxgwreTa/H3ku63vSHzic/xuu3r/lS3w92g7U96g+DtR97LuTvXKk3BuK49cjDjHt59WdRfPabh/n8LN0HS6dmjE0hWlNJfkENzrNU9xiHRrMiNZaUuAAMip2yjFI++LC097ZixHAevzuOYGc1r/0q84z7I/HTEpnqX8vG7xp7vQc2XTKJ3y9u5d//L4O0k0yAFgJCk+O4bEk0yTH+6FytlGdX8vHHxeRZOv8ubNFEHlsW3PGz095GXYmZrz48xvdlZ1SUQe1UcRYCwsbEsWxhFKMT9Bg1DporG9m7IZdPD7d0PEP1Ns5d9q0xsurBScx1FvOPvxVQ4FS6pOvt/vSJUaxYGsv4IToMahf1xWa+/jSH7cWdz4En3jiTO6dqe89HWQH/+5dCqn4EfWhJkgaX/h9M0wQTlzSSMI0Na5sW/Uk2FSKAqAQT6sYCKhpcXQbJlKChDB0ajtNcSmmTHW1gDJFDR4PzIOVNclme803pkcM8WeY+PSNHjeX2Yd78lYs2uxOH03FW39oYMWYUAVYr1sBRjB4CGcVnsjctw2YsI5U61m/NYXBObHRhb2vDbm/FcdYuPV/ichbzV7eLd54twQDAEBbesZLYjDW89X2l+/8bi2jt5yycH7QYJ91CHBWU7t4/0Jk5AReuthaEo+WsLgTnP/l6bp4TQt6Hj/H0+uIeN+Ei7GLuuv864oq/ZsNbx7CEjObi1Fv4pd7Cfz+3G2u37QdrfaUaupL7H1iBMXsT698soCVsHIsuvYkHw1z8z9NfU+dRDmE9zNrXtlCGgjookQsuTeX2h4y0PPw8+05w03duOxfahcHs1PFTFAcNud/y1pPFtD78MKm3rWL/b98hnzM5n1Qkj0riCmx8kF7P4HnkO7B+fNdv3/G1vh/sBmt71D8GaT+2w+DO37lRbwzEcZMGOyH0mJJGM8zaSE7B2UlTnTCEu+8eguFYCZvWNtMWHsEli5K4s83CI+/Vd7mXEAKmzDIRZLVj02sJMQBn8HK+EFrGzx/CfLOFT7/rfZuYyACorafCCSfrZhnGJvHL26NwpJeyca0FZ2QkixcO4+6ANv7wciXN7eWIjdQhait5f201jShoQoKYsySea293UvFELnnn4YpFp4qzEBA9Zyy/vCIYW2Y5335eTJ1Ty7CpcSy8ZSyuZ9L4vNS9rbdx7ty3msnXpjA/qIEPnynsMpDmy/4CRgzl/p/Fo8svZ9tnxTRqDExdmMDVP1PT/EQG+20KQmiJjtTgyCviX1sbOxMJjOAnV0ahya+nqk8jK0mS5J1+H0wLiksmRKmh+GgBSvz0kw6macKHEuFvo7qgqkcjHxIeiaapkLyiShyKgqhrwKGdTGx4KGWNZpRz7AbyR0+Ikz6QttbVsqvO/e+hplHgxWCaorSw7pPNrHP/dOZ59IIQkaQkh9N0YCvHLphPckowFDee+g/PYYpSzea/3stm908DnJuezmb+FHsVWfvcXTgh2ph8G4TXZLFvX55nhvo1D9LZoSjFVL16UXuH/WzVL3pmXXwBQdVb+OcXPQfSACJmzWGMOp3X//EGO6wKsJMM4nhq1TymBuxme6vn/gZvfTV+0SISGr/lz397h2ynuxyHW8P563ULmRP1NZ973ik5zeSlpbW/WZDGnnw/nngklYsvfJt9mwdHeaRzk2LP55MPdjDrgYtYNOUDXtk3+B7Jn/Pk9XvafKnvB7vB3B4NNNnP7sU5UG8M9uMmDZQgDEawVjaelXtCIRSmLYknvrKQx18pogoFIcw4YsO4OSmUaOop9fwDo4nZ49UU7C1HNzOEoBDOaDANjERFQE2GtdfyCqEhyqTBVWOl8qTlCGDRZbEEZB7l8deraFYUhKjBEjGTO8aGMpxKDuEe2ImO1CAq69h52Nz+Vq2ZbD8jj18eyvgYyCs9SULnrJPHmcg4Vq8MpmbTAf6xwdLxtvGeH5rRPDKBiZMNfF5q9TrOxwkhiJo7iusnCfa/mcm31V2T9f646VlyZTxBucf404sV1KEANfxQoebRu2OYmqJif5oAdERFgHl3NQfTLe1pwNhrRxDhqGPNpgb5rEWSpAHR74NpjoYC8oqqsDkVQk+ynVCFEh0bhKM2k2ob3fqgWtQahTZLZ0OgKA5stlYUQwAaGIQzEM8fx5ch+sdmB4svSmCEXlBTUcY7WzL5rqFzSGzSwoX8YWgFv33tCJnHXxsfPpH3l4fw+Tvf8FaNx0EVEJQ0hsfnDiHZ4KSmvIy3vs7k+wbf8yeSJ7N2aQx+x9NsKeKxFw+xr5eGNSg6gZtnDWOySYdBtFFaVsr73x5jV8NpTiE0TiA53kXB1k0Uxi5gefI41F/u6LI8SsrN/+DBCWk8+cAb5BzP45Sf8cK9w9n8yK/5uFhBjL+N/7t/HsaOv1vN8/9e7d5WOEl76Rae3921PKEX3MzvrplFgqENc95u1r7xLmlVrs64CAhOWc51qy5iVGwo2pY6itM38f57X5HvMYtTjLyBp387k0OvvoFz3nXMGhpIW10+aZ/8i3d3lnc8wHcvHTK9M86W7Txzz8ukd4tz+PJH+OuqpB6hEq60LksXCqFl2MXXc+XCySRGGvBrqacs6zvWvvsJR9oHUn2Ji7f58zYux5cDev1NB/NOEmdveZtub/yGXc2jDy/F/vkjPLq2CBTFvb/kpVxz1ULGxIcR4KglP+0L3l2zlZLW/iyHHsPMh0icfRH60BCUtmpsuZ9SvO4FGj2eZwSt/Joxo7aQ/uTjWI4fk5Q/c8FNKZT/fTklFQoi+VGm3bYSTccx+i0z/vLb9nScmN+dSM7BrrHxn/gwY1OXo9e30lq0kaKP/0p9bW
<p blockindex=55>跟进到validate()，由于获取到的token的值为null，会进入到下面的else语句中</p>
<p blockindex=56><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABoIAAAKoCAYAAABTHu3HAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3xUVd748c+dlkxJTyY9IQkkEEIHUToIgmBZxS7Y3XVtz7quPqsv93G7v93Vdd21rHVl7RULiAqIiEgztIRAQirpZdJnJsmU8/tjUiYhwAQCBDjvv8hw595zvnPuuefeU66SkJgskE6KsAgzltqa050MSZIkSZIkSZIkSZIkSTqm2LgEyssOne5kSJIkSYNMdboTIEmSJEmSJEmSJEmSJEmSJEmSJJ0csiNIkiRJkiRJkiRJkiRJkiRJkiTpLCU7giRJkiRJkiRJkiRJkiRJkiRJks5SsiNIkiRJkiRJkiRJkiRJkiRJkiTpLCU7giRJkiRJkiRJkiRJkiRJkiRJks5SsiNIkiRJkiRJkiRJkiRJkiRJkiTpLCU7giRJkiRJkiRJkiRJkiRJkiRJks5SsiNIkiRJkiRJkiRJkiRJkiRJkiTpLCU7giRJkqShzRjLmIx4dEKc7pRI0llFGIcxJj0Sf+S5JUmSJEmSJEmSJElnM83pToAkHQ8hFHRqNw63crqTIklDjhBaVBoHwnW6U3JiBIFk/OQ2li8cT0TFhzyYdYiO050oSTqbBE/k2l9dRlDFdj7/z+t8XWA73SmSJOkcJoQGrdaJ03m6U9K/oZ6+00XGRZIkSZIk6cygJCQmD9owUKEyEj5sBNGBOmgqILvIcuSNjYmkjgjFWrib8uaeJAgBupAEYqPDMGgVnB1WmqqKqW5oA+XMeugfFmHGUltzupNx2oyaOZcnRtXy2xez2H2E327EjNk8OcnU/bdwlPH/ntvN1qP81kIYWHrNTG4y2/nwg428WXNyy0XSdX/lNwujuv92tjdSXbCDNW+9yw8VjpN67LOFacRCrrv6QtLjQtC1WSjZ+xXvv/sNJW1n1jl9qhku+YKxM+O7/xYda8h97CEaj3p+JBJ9zwckxlRS9sJllJcfO8Zi3N+Zen0CpX9dSmX9wH8TIbSYpt5HCN9Qvm0XYhDqaiFMTLj9/7h7uj/5X73Nu19u51Czu9c2AylXysSf8ey90/Bv2chT979KzgmkUQgVw+dexXgy+XRDPs5+9jX8+qd45IJ9PHXf0Y8lBASnX8J1S2cxMjYEjc1CadZa3n9/HcW2nu+di/WQL3GWjsyX+AmhIXj4NC658VrmxVhY/dQf+fjgiXW3CgEjM9KYShXvZDfi6Oe4vrQPzibn4vk72M6mdsRQvR6dDAOpx4WIZPFjf+CqRAurnvg1K4tOflqHcvrOlHrjdPxuh6Vh6r288rNIPvv1Y3x+ku8LJd+ZYtKJ0lZTVFyH6xTVPaZhUVy6OIb0WH+MioOKnHI++LC8/2vF8GT+eHcsQa5aXv3V/hNuj8RNTmSSXz1ffd9MWz/7Ml80nt8saOf1/80h8yiDWYWAkNRYLlsYRWq0H3p3O5V51Xz8cSmF1p7vhc4fx++XBHX/7XJ00FBm4esPD/JDxQllBYDYuATKyw6d+I4G2bHiLASEjoplybxIRsYbMGmdtFY3s2NNAZ9m9TxT9DXOvfatNbH0wfHMdJXyzN+LKXYpvY47kP0JIYicM5aHL9ez+9UfeXOf+/BtVDrGXJzKdXNDCFK1sOqJXXxVK+s4SZJOzOAtDacNIjZ1FNFGB7ZjPEMQwh9zvBlNcxlVTb0rPFXgMJKGRaBqrqT8UAkWu5awYSOJNskK72xUvi+LJz7fwROf7+CVPF9HIrvpcLhwupynbHaAsGXx8b/+wbP/eoZX3v2W6vDZ3P7QHUw0yuV0jkWEXshdD1zPaJHNl2++xjvrctFPvoVf3DYVg1zq66jat/+eAyse4MCKByjaXenjt9y4O9oQzrZTuNiTDtP4W4gdnz5oe/SbcAM3zwim8KO/8tR7Ww7rBBpouRo+Kg1/mw1bQBojE040dTqSpi5h8dTkE55Wqxp2BQ/88kpGtO9i9Ruv8d6GAgxTbuLBu+YR0icf5149NHhxPjcdO36K4qSp4DvefOJJ1lTHsvi2pSSdcM2hIjUthSvTguTv5uXcO38Hz9nWjhiq16OTYyDpc+Po6MDhaMd5yn7WoZ2+M6PeOB2/mzTUCWHAnDKSpHA9p2qBAk18AnffPZyRjnrWrszj/Y0tGMalcOdlwaj7tqkFTJhmJtDmwK7WEWw8sWMLoWPMnATmpPrRdoRtoiP8od5O1TECYhydwi/uSiTBWsdXK/P46AcbxrFJ3H1DJCavfMRE6BH11bz3ajYvv7qPNz6rpjEiiutuTyZZdXaejMeKsxAQNWM0D9+ZSHJHA999nstbH5Sy12pi3i2juTSuZ1tf49yzbw0TrktnTmATK18v6dUJdDz7U0XHcdPiYNp+zOfD7MMLhSYynOt/MZGfztXTXOsAZxvVtQMOmSRJ0mEG7Z4hMDaVYKWO0gPFKHFTMBxlW23YMML97NQW1/QaHSIEBIVHoG0upqDM83+ioRW1fhzh4SFUWhsGK7nSqSLEUR8p2Rrq2dr5sw4zp0HSsXepKG2s+mQdqzx/nXgafeGyUJiZ2TmSMpPtRWr+9PhiLrzgLXauaz41aThDhU+bwShNNq89s4LNNgXYQg6xPLl0NpP8t7Gp/XSncOhy1WylsXNSoT7+Hp++oyil1LwyC8/XzswOdCEMTLvwPAJr1/PPL0r7HUU4kHIlRATpqWG07N7AwfPmkJoeBKVD47wdM38+8c3f8Ze/v02ey5OPrPYw/nb9PGZEfsPn3pNKZT0knSSKo4hPPtjMtF/OYv7ED3h5p1zfZ9DJ8/e4nU3tiKF8PTrdFKWWdX+7l3Wev05zag53WtJ3BtQbQ/13k06XQIwmsFU3n5JVXYRQmLwwjrjqEv748iFqUBDCgjMmlJtTQoiikXLvL5jMTB+joXhHJfrzgwkMBk5odVwTkeFQl2PrN79CaIk0a3HX2ag+aj78mX9ZDP77D/DH12poVRSEqMMafj53jA4hmWr24umUiIrQIqob2JJl6ZzNaCFPbeKPl4cwJhoKy49yoDPW0eNMRCzLrwiibu1unllj7Z7luf3HVrSPj2XcBCOfl9t8jnMXIQSRM9O4Ybxg1xv7+a5Ph8yA96c2cOmyJBLt1by00nLYzCYhdFy0fBSTlGreezof67yp3I6NSoGsZiVJOmGD1hHkbCqm8FANdpdCyFG2E6oQomICcdbvp9ZOn4pMhaO1kqq2xu4Hf4rSTlubQKXRoggxKEsOSf3rWqrlmXVOFsyKZ7hBUFdVwdvr9/N9U093zvh58/jtsCoeeXUf+7um1iaP4/1Lgvn87W95s87rNxIQmDKKP85MINXooq6ygje/2c8PTQNPn0idwMpF0ai7jtl2iN//ey87+ykTgVHx3DwtiQlmPUbRQXlFOe9/d5CtTYMzOkYUF1LqUJEcEQV4bsSEgKDURVx79TxGxYXi76ynKPML3nl3A2Xt3h2eJtIvuZmr5qYTE2JC7WimtiiT1W/+lx/K3V7bQVD6JVy/dBZpMSHo2hoozV7L++99TZHX9OL0m5/hwbGZPPHLFeR3xWbiz3jh3mTWPf4wH5d2fjbiRp565Hz2vrIC1+zrmTYsgI6GIjI/+Q/vbKns9bDdlDKfq6+eT0Z8GHp3M9UHt/L5eyvZWe3snT4f8hsVHgaNeVRY6T7f68uqsCmpREYBJRCy+DGenH6A3zz6AeXamTzw7ztJ2fo0972yGxF7JX/6fTJr7vobmx1K9xInr73hZPa104g3dmAp3MbKFe+QWeMecPoGEpdjlgv1IlIf/ysBu+8m86NNKF2/h2ouKb95huCsn5H50Q8oioIQBoznP0Ti9FkYQoJROmqxF3xK6aoXaD6Oe3vP8m7zUXUd0/YZ+3/7KM2HNSz9MEx5hOQLL8RggvbCdyjubyq6D+kTqb9j8m1XoO0+xiNM/esjnd93YXlnHPl7eqbfa5NuJuHiawiOjkLtqKQ1ewXFq97H7ugb4+EMT9bSsHUXRUdo7fpSrrqZxpIa56Z4w1pKYuZySW
<p blockindex=57>isRefreshToken()用来检查传入的 OAuth2 请求是否是一个刷新令牌请求，这里返回的值为false，所以会进入到authenticationRequired()</p>
<p blockindex=58><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABV4AAAFeCAYAAAB98gSYAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd2CcxZ3w8e+zRVr13qvl3hsG2xh3bGMwzYAxPUACFwgXSnLhXnJJSHK5JBguOUpIIIRAQk3s0DEuGDCucperqlVXve1qpS3z/rGymmX7WXllyfj3+cfW7uw8v5nnmdnnmZ1nHi09I0sh+lVMXDw1VZUDHcYpSXxnZ7DHJ4QQQgghhBBCCOGLlNR0SkuOD3QY5z3DQAcghBBCCCGEEEIIIYQQ3zQy8CqEGDghKYwfl0aAkon3QlzweukPVEgm48ckYOH0fYTedGdDKTCazRilvxJCCCGEEELoZBroAIQQA0cpjQCjB6dHO7fbJZxx197N7YsnEVf2Lo/uP07bOY1AiHNPKRNmswuXa6AjGVxO2x9ETmHFY1cTUbad91/5C2vz7L1nojddn+KL4+KVd3HdpSOIDy7i7e//nLWNfsteCCGEEEII8Q3m94FXpSAgKp2UpBiCzRquNhsNFYVY6xygaR1pAqPSST6RxmmnqbyQ8roW0DSUMhM7YjLJoScPBinloOrIHqwt53agSIhvGqWCWX7TZdwR38K772zi9cre25QyhHH1kolclxFGlFnDoGkUb9vEg1ub+7jdUCbf8wTfvdRC7qd/4PlPtlOvnT/tWV3yIC/dNw1jj5iV7UueeeCPHDhNWbyfTeC9Hz3B++31PWzlKv5zUVxHGpejnuqyI3z9j9f5IKe+o988HyhlYNi8G5hENv/amIvrPIq9q/4oh1IJLH3i59yQUcMHv/oRqwv6t27G3Pk7HpsbRdXan/MfbxzzxjDmLn732Gi++MkP+Wfx4Ng3Z+wPSt7jt7+s5qpbV7DiBz8idNUv+OexXn6m0ZuuD2IW3cu9CxM49P6rvJVbwnGbX7IVQgghhBBCXAD8PvBqCM9kSGYMrqpSSm1OTBFJJGSOwuDcS3n7xYoWnklmZgzumlJKm5wEhCURlzkK3Hspb+q8hc/VUExxdecVjjEsjbQ4JbOFhPALD21ONy6367SzTeMnjeVbWQY2bdrFNpu3fdpr+z6bLHDyLdw5K5L8d59k1YfFuM+3wbnDH/Dcs19jIIMF37mW5INv89pX5eCqorCPWSr7fla/vJ4yQLPEMXr2lVz78A8x//LHrC70+DH4/hbAkEuuZCl1fLgxl/O3q+6PcnhwtrXhdLbiOkd3qiuPh5iLZjDs70fJHaTt7Ez9gaa5aMj7gtd/VUzrE0+w9O7l7H787xTQt3R9kZichKl+O++v/pI8TQM/5CmEEEIIIYS4MPh14FUpiIiNw9xYSF5JJW5NQ9U1YwyaSGxsFOW2OpSCyJg4zE1F5B+34tI0VF0DroDJJMdEUdZY05mhs4nmxqb2vA1ExQahbMU0tCHXPUKcJU1z8MGadXzg/euU6ZIjgzHYK1i7r4JDZzl4o1QwMxdcTHjVen7/0Xk46ApoDYXs2VWIUm6muiGu6hi7dh1tf7OP5XHXkJ+dzcH2z+/cYSVo1cMsWDyJ1S/u8lPkYiBpWhXrfvsg67x/nZuNlhdTmjiVS8b8ldxD52aTvvClP9CcBax5ZzMzH5nNwinv8KddvQ+H603nC4fDAYFBWM46JyGEEEIIIcSFxs8zXg04m8upcNR3XEBpWisOh8JgMqMphSIQk1mjzWbruH1T01y0tLSihVgwA06cNBQfwu7ucj+fKYaoMLCVVp+3t68KMRioEZNZvSSp41Z55TjOk3/Yx64u7UopjcAADSMQaPDO8AoIMBLU/r7b7aatT+vCDmNYlpm6rbtPORNNKYgYcxUrl89mZHIUAY46ig98xttvraXA1vmZYStX8fiMHF76Swtzbp5NRriLuoIdrH7l7+yodHXPb8QSVtw4n9Gp0VhctRRkf8Qbb26kpPXk/P78mos5K2aSFtJGTf42Vr/6BtmVvs86VcpM6uzbuWPZVNLCofboZ/xtl9L36J+2oxSUwfTYRCKUokHTUMNvZdXj09n30qu456xkZmYYbXUFZK95hTe2lHf0uXrqT1kW8MPnl1H/0T4y5k0n8Njb/OHzRO68dzbhVV/z1/99hV0NnUshnKme1fi7+b+H5xDacQzdzvN/ub09HjfZL97F89t8P15Chy7kxhsXMi4thiBPI9ZjW3n/rdXssvbYvz4cL6fbv76UQ6kAhiy4hRvmTyYjLgSjo56yI1+x+o015NR1lqHn0hSnWpJC7/GnVChjrrqTG+aNITkqFKOzkaqCbD58/a98XdrjOG07yP5jC5l5yTj+dnB/r3Xsz/rryE9He2vP9Yz9QVfOA7s41DKHoSMyYFfeWafTq6GpGYLCiDAC59MEdCGEEEIIIcSA8+vAq6Z5sFeV0PUmZKUsWCwabpsDpWmgwKB5L2K977dPElOApqF5/8HlaOp2e6c5JpYQmiipcyLTXYU4CyW5/M8HpRiAxNHjuCu1lzSRQ/jNnaMY0jE4lMmT383seLvPa7yaIwkPgrqaqlMm0ZKu5HsP30BM3md8/Hoe9sgRzL3iNh6JdPLEqo00dB2wMoxiwfwjZP/rVb4IzWL2FYu4998aKP7pGipO/LCTsIQHHl1BXME6Pn49H3vkSOYu/RY/CG/jx7/fTGOP/ObPO8auNa+yKXw0C69cxHfub+QnP3uvIz+9TEOX88BdszDnfMI/Vh+nLW4SS+dn4KH1zB/WEoiNBufxWhq6vWFkzMK5HNixmtc2hZA15yoW3HM/tQU/4SOrr/UXzNDEet77x06W3rqc+w1f8d47G5l90xKuX7SRXe8U6a/nog385cUcTAQw5qp7uYxN/PmDHJwAKGqO+VR13k/FLeS7j9xOqnUTn75xkBpzMtOWXMn9Dwex6sevcsSp+Vhezrx/fShHwLR7ePS20RR/9hFv5tXgDE5kysJlPHB/Kz/974+oPLHdjqUpIG7mndw06jSF1nH8BUy7je8uH0f5htW8ergaZ0ASU5Zey90PtVL+w79T0LW85lb2fHWYy6+Zzti/7udAL5v0a/3hY3vT0R90o6qpq4fwyCj/pNPJ1tICWgCWQKDFL1kKIYQQQgghLhB+X+P1pA1EpxNjcVBbdPIjgFVYBmOyoqnP301dL5/tSKcCiIoMw9OYR4MLGXcV4ixo9ia253uX8Bie7IbeBl6bynh2dT2hQOakqdyVWMNLnxRS0v62raGPT5cxmTECbrfzlEkyLptNVtt2nnv6dXY5NWAru+3xPHPHHGZGb+Tjrp1FUCPb//QSaxu86fY4U/j9bZOYHL2mI13G7LkMc+3okt8W9tpjeer2hcyM2cwntV3zs7HjT3/kkzpvumPGdH513UTGRbxHhY9PMU+7aAoJjmye//1bZLu88RWY/5uf9VbfmomAIO+tzMbgBMYuuZPZsY3sfvtAj+ULgqnb+kdeb3+k+pYcyHzmFsaMC+Ujq83H+jNSvHM1m7ekkLTgUoYffJ8vPm8l4JIl3BiXAHQZeD1DPWuNhezaVohSFsLn3gsUk711K46O2H3vtBNnXMZI8wFeWfUyX7XPvNxaHsJTP5zBpaP/ypF9+Fhezrh/fSmHa/9rPPF9F82NbRgtARjYT442nN/dNoGxwR9R2T5Ad2JpCoAhI24+faF1HH9JGRkEt+zhg9c+ZV97XHvy8tibacBmhm6/WBqMtGzdxpGbV3DJeCMHeml2/qw/8LG96egPumvD5QajweindL1TCkwBFsxGMAUnMG1sKu6yL8m1I+cfQgghhBBCCJ/078CrJZGMtAhcVUeotKuT1z9sKiX3aAWuFkVg6GnyCYojIthNY0GNd9asEKJfaR4HucUO7x/D3eB2kHe85qzXeNUjIS4GarZQ0mUtZ1txKQ3MJDYRuv1KYy+npL5LOmsVNiYSEdOZLiE+Fqq2UmYMwtI+DuMqK6Vem0lcAtB1IKiljOLazvysZRU4ySQsDPBx4DUqMgwaq7F2maRfUlaOIv6ktFroLB56YVbH38pZxd41z/O3HU09+k0bFWUNnRnWW6m0tZI
<p blockindex=59>最终会进入到getCustomLoginUrlTemplate()中，首先从设置中获取自定义登录 URL 模板字符串loginUrlTemplateString，接着使用该字符串创建一个模板对象返回</p>
<p blockindex=60><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABq8AAACyCAYAAADcb1VzAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3gcxf348fdekXRFXTp1yZZsSZZ7w71iU0zH9NBLQggkQEi+SX5JSAiBFAiQUEIoCS3UYKoN2MYYgyvusmx1yeonnfoVXZvfH3eSTrJsnYyMhZnX8+QJPu3tznx2d2Zv2irjJ04RHe3tnBChJkaNTUfVeJCy+k5QlJ4/hSVNYoyxiUNFNbgDPg+kj47H22bG7lGIzjyNVErJL7ecmLSeYLHxJiyN5pOdDEmSJEmSJEmSJEmSJEkaVEpqOjXVh092MiRJkqTvKNWJ2rEQIcSmZ2BUOXCIUMLUA2ykVlCpVQzcdQW2lkYc3qP9VZIkSZIkSZIkSZIkSZIkSZIkSTrVaE7crgVuayvtHg3GhDFEx0ZQUViONaAzStGlkjM5FSG8eN12Os0V1DR04DnKTCxJkiRJkiRJkiRJkiRJkiRJkiTp1HbCOq8UxUVbbTFtAKGJZOamYYqtobzRBYCjqZSydv/EL5WG0PBEEpKzSXLuo7rVfaKSJUmSJEmSJEmSJEmSJEmSJEmSJI1gJ3DmVS/haKLNmk6CXg++7ixwWbG6erfpbO9AMUwjITIcWlu+iWRJkiRJkiRJkiRJkiRJkiRJkiRJI8ywv/NKCC36GBMRYYFL/3kQAhRF7d9GQaMzEhbQdaYoblxOLyqNFoQY7mRJkiRJkiRJkiRJkiRJkiRJkiRJ3wLD3nkFKoymUSSZwns7oRQDoWHQ1eXwb6MmMjWP0SnRPdsIEYI2RIXH1QXynVeSJEmSJEmSJEmSJEmSJEmSJEnfScO+bKCidNHS3El8UiYZrhpa7RAWnUyMxkp9sxVQUBQ37a0dJCaPYlSKlhabh5CIJOINLlrr23sTp49GH+LryNJpAWEkIkoALhyt7TiRnVySJEmSJEmSJEmSJEmSJEmSJEmnkhPyziunuZgK1SgSY9NIUYPb3oG5rIImR++kKqe5mHIlg8S4VFLiwe200lJZQl27t2cjQ8IY0qMCJ4clkmFMRIgO6vIPYHGfiNRLkiRJkiRJkiRJkiRJkiRJkiRJJ8sJ6bxScGGtL6a0vt/nAcsBKoobm7mUMnP/L/du01a+g/3HOIokSZIkSZIkSZIkSZIkSZIkSZJ0ajkB77ySJEmSJEmSJEmSJEmSJEmSJEmSpOMjO68kSZIkSZIkSZIkSZIkSZIkSZKkEUN2XkmSJEmSJEmSJEmSJEmSJEmSJEkjhuy8kiRJkiRJkiRJkiRJkiRJkiRJkkYM2XklSZIkSZIkSZIkSZIkSZIkSZIkjRiy80qSJEmSJEmSJEmSJEmSJEmSJEkaMWTnlSRJkiRJkiRJkiRJkiRJkiRJkjRiyM4rSZIkSZIkSZIkSZIkSZIkSZIkacSQnVeSJEmSJEmSJEmSJEmSJEmSJEnSiCE7ryRJkiRJkiRJkiRJkiRJkiRJkqQRQ3OyE/BNUalUzJkzlzlz55GdnU1sbBxWqxWLpYmvduxgw4b11NbWnuxkSpIkSZIkSZIkSZIkSZIkSZIkfad9Jzqvxo4dy+23/4SExES2bdvKW2++SaPZjN5oIDk5mTmz53Lxykv4aM0a/vOf53C5XCc7yZIkSZIkSZIkSZIkSZIkSZIkSd9Jp3zn1exZs7n7np+xZcsW7r3317S2th6xzZtvvM706TP44W13MHbsGH73u3ux2awnIbWSJEmSJEmSdAozpDBxtIrC/YdxKsrJTo0knTKEYRSTMuwUF9TjQN5bkiRJkiRJ0rffKf3Oq6wxY7j7np/xv/+9xSN/e2jAjqtuO3d+xT333IneYOCen/0fKtUpHZqTSggFrUqc7GRIkjQCCKFBM4KHUYz09J0sMi6nNiG0KOqTnYqjG+npO1lGelwEEYy/8E7+9NAfufOiyehPdoIk6VQTNY3L7/kzf73/R5yRJe8wSZIkSZIk6dtPGT9xiuhobx/WnUaOnkl61JGdPx2V26lo9nVahCVNYmyi7ohtWsq3Ut3qGykmBIREp5OSFIteq+B2Wmmrr6ChxQGDjNRUFIW/PfIYVVVV/O3hvwad9sSkRB555HGeefopPt2wPujvDSY23oSl0Txs+/u2EkLPyssWcK3JzltvbuRl84kfFSgE5E7IYRb1vJrfiusbGOU7+oq/8JszE3v+7e5qpaF0B2teeY3NtXJZymAYx57JFZeeTl5qNCEOC5X7PuaN1z6l0vHtG0mqTPsBj98+l7COjTz84+co+BrXoBAqxiy5hCns5N0NJbgH2NeYKx/ml3MO8PAdX+9YJyp9vdsmsOLXf+CSDAsfPPgLVpV/E+XByE3ft6XcOBnn7Yg0zLqdZ3+QwHu/+DXvfwP1yKDpEVqMs+4gmk+p2bYbMcB1ZTjvYyZM2crB+35L+zd+Xw6evt5tM0j60ZtkJNdR/dT51NR8E/flyE2f/tzVTFqQ1vNvr9OCo/ITat57GIu564QeeyhOxnk7Ig2T/8asK9Op+stK6pr7Hl8II1Nv+i23zQuj5OP/8tpH2znc7u2zzVDq/ZFarwoBUXnncsXKheSmRKOxWajav5Y33lhHha33e9+W8n44DaX+lY4UTPyE0BA1Zi7nfu9yliZb+PDh+3m72Hni0gQoQgz6u1ySpL6MyXkkahsor2jC8w3dP8ZRiZy3Ipm8lDAMiovaghrefKtm4N/WYzK5/7YUIj2NPHfPQRrTMqipPnzcx06dkcH00GY+/qIdxwD5NZ0xhd8s7+I//1fATu+x69jo7BTOPzOR7KRQdN4u6ooaePvtKsqsvd+LWTaZ+86J7Pm3x+WkpdrCJ28Vs/kUfs39YHEWAmLGpXDO0gRy0/QYtW46G9rZsaaUd/f3trEGG+c++9YaWfnTKSzwVPHY3yqo8Ch9jjuU/QkhSFg8iZ9foGPPc1/x8gHvkduoQph4djZXLIkmUtXBBw/u5uNGWRdJ0qnqhEwv6qwvorz0kP9/RVQ32/F67dgcfWfbCIeZwz3b+f7X1BmQuIhRjB4Vj6q9jprDlVjsWmJH5ZJkHLxQOm3WbJKTU/jPv5/v87lareL005fx/Vt/yHnnn09ERARXXHkVISGhANTX1fPeu6u47PIrv34gpAF4cbo8uD1uTtxPqf5UZOdkcXFO5De6Tqaw7eftfzzK4/94jGdf+4yGuEXc9LObmWaQs84GI2JO59a7rmS8yOejl5/n1XWF6GZcz503zkIvvn3xGzMuhzCbDVt4DrnpX3dvIYyedQ4rZmWO0HVfh5I+Ly6nE5erC/c3dlpHdvq+HeXGyThvI10IxinXkzIl72Qn5CiGkj4vXqcD4XbwzZ3ekZ0+Yd9C5Qt3ceiFuyl5/y3sMSsZc8sfiNKNpBvgZJy34IVOvYrr5kdR9r+/8PDrW47ouBpqvT9S61XVqIu46+6LGdu1mw9fep7XN5Sin3ktP711KdH98vHtKO+H00h/fhnpBo+forhpK/2clx98iDUNKay4cSWjh7lEEAL0yVOYfcalXHjptVx08SUsnTWOaO2pet1K0vASQo8pK5fRcTo839AxNWnp3HbbGHJdzaxdVcQbGzvQT87ilvOjUPevmwRMnWsiwubCrg4hyvD1ji1ECBMXp7M4OxTHUbZJig+DZjv1gwTEMD6LO2/NIN3axMerivjfZhuGSaO57aoEjAH5SI7XIZobeP25fJ557gAvvddAa3wiV9yUSeYpugLQYHEWAhLnj+fnt2SQ6Wzh8/cLeeXNKvZZjSy9fjznpfZuG2yce/etYeoVeSyOaGPVfyr7dFwdz/5USalcuyIKx1clvJV/5EWhSYjjyjun8f0lOtobXeB20NA45JBJkvQtckJ+O3jsbXTaff+tGNLJilLTcfgADVaBEjgCwG3H2tbab+RYb29/ZFw82vYKSqvNeBQF0dKJWjeZuLho6qwtx0zD3Lnz+GrHdpqbLT2fqdUq7vvDA8TFxbF582amTpnOokVLGDNmLB9+8D5Op28E7bp1a7ns8iuGJRZSX4ri4I
<p blockindex=61><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABxsAAAEWCAYAAAC+Bvm8AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3gc1b3/8ffsrnrv1ZYs9967jcG40DE1piQhCen9ktxfctNJSG5uKukkQBoQU0wvxoAx2MbG3XKRrd57b7vaMvP7Q7IsueCVsJBtPq/n4QHtnj1l5uzMcr5zzjFGZmRZyAUrLiGRhrra4a6GiIiIiIiIiIjIWaWlj6SivHS4qyEiIiLnkG24KyAiIiIiIiIiIiIiIiIiFyYFG0VERERERERERERERERkUBRsFBEREREREREREREREZFBUbBRRERERERERERERERERAZFwUYRERERERERERERERERGRQFG0VERERERERERERERERkUBRsFBEREREREREREREREZFBcQx3BeTiNSEjjGljwgHIzm/naEnHMNdIREREREREREREREREziUFG+Wci4sK4Id3j+ay2bH9Xn9zTyM/fLCAhhbPMNVMREREREREREREREREziUtoyrnlN1m8Pt7JpwSaAS4bHYsv79nAnabMQw1G36WZeCwW8NdDRERERERERERERERkXNmyGc2WpZBSFwGKUmxhATasNwdNNcUUdXgBKM76BScMo2xySGnfLapaAflzYbf+cjwW7MskWljIs74/rQxEdyxdjy2uDAmpIUQbPPSUtHMjlcLeCXH3e9cho9K5cZrU5iQEkRgVxelR8p5+vlqyl0X3vm2rCBWfXUW14/o4tXf7+GF0rO3wZo1gd/fGcwrP93HK/UXXptFREREREREREREROTiN+TBxsC4cWSNDMPVUElFmwdHRCKJIycRyCFKGt296SxXLWUVjfj6fNbbOfB8ZHjNnRh51jS3XR7Lnj3VbH6hlAZvACOmpbL67mmE/2UvT+Z3z/yzopP4xGdGk1pZwWvrW+mIjOLSy8fxxRAvP/5HPZ0XXIDZwuMx8bpNPOf55EbLCiBm9BxmTs4gOiQAn7OByqO7OJBbi+eCO+4iIiIiIiIiIiIiIjKUhjTYaFmhxCZH4Ws8SmFpCxgGVlMjXcZ0MpOSCG4oxXU8eOF10tHSjLdfMMMYeD4yrFLig86aJqzLyf/+sYD2nnO2c0cddV+Yw02rkngpr4pOwyBuTjLj7Y38+8EC3nUaQD3HCOMnVyczI7Cedy6wbR8Nw83mP7/L5u6/hrcyZxGUuYRLZkVQsW8ze+u6CIofz/RZK5jjeYbtxa7hrp6IiIiIiIiIiIiIiJxHhnZmoxFCcCC42lp7l8c0DIv2tk6IDSHYgBOhi/fYPnJA+chwKq12MXvCe89uLM5v6w00WoDNcLP3UDsfWRXBCKo4BiTEBkFrC9Wd9MbmmqqdOI1IEhOBCrDscXzmJ5PI2pfNtx9v7u0blj2Gu340hXHZ2Xyn53XLsojISuOma1MYnxJCsNdJcXYZ65+tocJzIvhnjRrFfV9O5NBj+ZgLRzFvRACe5nb2bchl/R4XvuNl+Jtu1gR+f2cC9uN/d1Txp+/kcuSk4LhlQeqC0dy2MoH0CGgsqOCJg93Hp386/9oxWJblID1rBN6iV9mdX41hGNC6gz2RqVyamYGj6OhJDwSAZdkIiYrC3tVER9eJegaGxxJkttDuNE+ktQURER1DqL2L1sZGXL5Tj0NAWBwxEXa6muto7bJOet8gMDyW6FBob6ynkzCiIgw6m9p762VZFrbgaGKjAvG0NtDi9HW3o28+Z6mHiIiIiIiIiIiIiIj4Z2iDjZYXrwkhQcH0DQcGBweD1YHX4sQkL7uBzW7DMK1TAiwDykeG1TNv1bJmWeJ7bqP5xqs1WBakL53Ip6+JI87s4K39HswAG8fnRQbYbWCeFGwzTSwMDHvP394G9h7zMn1yHGONZvJ6XraNj2dSaBf79rWcCE4npPGZz2URV1LBa+vb6IyM4pLl4/lKhMWPH6rtDX52M5iwNJkjB0pYtz2AUQtHsOy2iTSX7WNjHQNLl1/Ggw/XYgDxc0dzw+jTHxNHZiafuTUFR24Zz77SgScullVLwrD6LSw80HYMho/y3S9Q62nuDdBZFgQEBGDY7Wf4msUwbtk1RB/9D2/nHV/S2Eb63OuY2PoyL+/tPhiOxOksWTiNWLsLN8EEWHUc2rSBvJaeYxA7mfmLZ5AUYuHx2Ah0eKg99BpbjzRgGQZWUCKTFy9jQnwQXrcPu9HM4cPNjJ8ezN4nNlFBd6B59LxLmT4iFK/bxBFg0VK0nR27inuX3j1bPURERERERERERERExH9DvGdjK20tXmISx5DiKqKu3YMjPJm0hGCstiqcfVIaIemMn56OZZmYXifttcVU1LT1zBDzPx8ZXnuPtfLgC+V8+rr0075f1OEi51ArOOK5+tp4bDkFPLTbw9iVo7EZTQOKGRsGHDjQhHtaPDOyCsgr7J7VNnFKDGHtDezNOxGFTl+QQpanjgf/Vsh+T/eyrIecwdx3cyoLYmp5vblvzgE07z3GE295Adh1DEb+aDTjxwewsc47oHRGawfZhzoAyBg9Cs4QbEybFkeCu54HHypmv7e7fqUBs/h2Sv90A2vHwBmGhbutiX67oAaPIis9kLpDJYPes9GyopgwZwZh1W/y4q4SuggiecYqZowbSfHOEtyEM3LyFKKa9rBp4zGaXHbCxy5j5ey5jMrfQIHbQerMSxkfWMI7L+ykqtMkIG4qCy+ZSQDlPWUYJE6/jOmR5bzzwi5qnBb2qPEsuGwxs5vr2ZLfcdZ6aE9KEREREREREREREZGBGdJgo2FYtFTkURc4lvjMycRhYZoWNpuPxvq63qUmXfUFFLb2LKNqcxAUkUxS6jhS3NmUN3v9zkfOD/evK2XJtBgmZob1ez2n2kvZ8ZmpsaHEB3Sy+9UK9lcZHAxN4JKbBl6WJ7uOnK4Epk6L5MnCNiCS6ZOCaD1UT26fGa+JcSHQWEuV3U5wz8xIX00HLUYScfFAvyCdh5oqz4kPtzqp6/CRFOYAvINId3bRkQHQ4qSuT3YV1U4s+u+BObB2vH+WLYoJlywkqW0fr+e1M/gpxEEEBILP68b0de9hWbP3RV4FMAwMOih4ex0FgGEYGIaX9uIyGmbNJiYOqMtg9EiD0i07qXZaGIaBt/EQ2QWjWTGhpwh7JmNG2yjavJOanicQfC3HOJA3jtUjRxKQdwT3WeohIiIiIiIiIiIiIiIDM8QzG8HwtlGdu5f64DACDDtRmeNJoJr6FuvE4L6ngw7Pic+0t7ZhhM0iKSoCmpv8z0fOG4cK2k8JNh6q8hJ1fKaew8COD0/Pefd6zVOXz/XH8aVUJ8Ux8plWSrLimRLpJnt/S79+4bCDMWIU3//ZqH4ftyw39lO+BRZWn8oYRhP/+t47pync33Rnd7ymfY+BZZ26pPDA2vH+WFYoI+avYFJQKTteO0j7+1qruIa8g2WkzlrNNWl11FRVUVNeQGlly4k9IAMiSUobSVJyMnFR4YSGRRBsQJkdiIgiwmihqt6kb8CzubEJk56oa0QUkbYAomZcxWVmn6KDwiAwimig1p96iIiIiIiIiIiIiIiI34Y82AjdMR9fVwdm9Ghig02aiypx9+4HZxAQGobD047Lezy9F4/bxOYI6N4w7vi+e++Rj5xffvRQAT96qKDfa9aU8fzmk8en41mY2LD1/GkYBobX7J0P6PNZYDtpHp3NhoGF2WcbwxNLqcYxI60I+/Q4otvr2ZfbfyNPrw+s6nIefLr+pGV3LZrKz0mT35fjQcV+O0caxinhvQ+qHZYVSNLslcxNambfa1up6jr798zW77tox9bnT8MwaC/YxMuV8aSmpZGQmM6kJVOYUPoWr+0owW3EM3XllYwxaigtLaWwtJnW5lDGXbW4OwOfD9/x/tLnwQSb4+R9JJ3UFx2l7qSJpYVmG21+1EPLqIqIiIiIiIiIiIiIDMwHEmwEsKxgEpNjsXVWUNPs6zPrzE5U+iQS3XnkFDeCYWBZgQQE2vB1dZ0ya/HM+cj5ZM7ceXz3u9/v99pP/v0wcLT7j4ZOaj2hTJobxfY
<h2 blockindex=62>漏洞修复</h2>
<p blockindex=63>设置了一个新的类解析器，用于控制模板中可以使用的类</p>
<p blockindex=64><a href=https://github.com/OpenIdentityPlatform/OpenAM/commit/fcb8432aa77d5b2e147624fe954cb150c568e0b8>https://github.com/OpenIdentityPlatform/OpenAM/commit/fcb8432aa77d5b2e147624fe954cb150c568e0b8</a></p>
<p blockindex=65><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABPsAAADLCAYAAAAY0ZaJAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdeXxTdb74/1fZFWSRNm1BtFCwosEullHZ6lChZbgOA8UFpTjsyxcHZ8rPdhAG0YqtX+qVCxekbCPFEZXCZRyuFKRfy+LohelyiTJVinUA26bBAors7e+Pc05ykiZN0qZ08f18PHjQNKcnn7Pk5HPeeb8/H7+ampoaGqjon98Qfk/fhq5GCCGEEEIIIYQQQgjRAG2augFCCCGEEEIIIYQQQgjfaOerFX1c6qs1iZaiX0BTt0AIIYQQQgghhBBC6ElmnxBCCCGEEEIIIYQQrYQE+4QQQgghhBBCCCGEaCUk2CeEEEIIIYQQQgghRCshwT4hhBBCCCGEEEIIIVoJCfa5YT51ks/3fID51EkAvvniKJ/v+YCLF6oAMP39Y0x//xiAixeq7B47/q0QQgghhBBCCCGEEI3JZ7Pxtlamv++zBusMffph+vRjLl6owtCnL4Y+oZg+3QdA3/sewHyqBNOn++jctQfGhx+t9bdCCCGEEEIIIYQQQjQmv5qampqGrqTon99Q2amvL9rT7Fy8UMXF81XWYJ2zxwCdu/YAlGw+V8u2Nv0CmroFQgghhBBCCCGEEEJPgn2i3iTYJ4QQQgghhBBCCNG8yJh9DaRl9gkhhBBCCCGEEEII0dQk2NdAue+t48P1aU3dDCGEEEIIIYQQQgghJNjXUJLZJ4QQQgghhBBCCCGaCwn2CSGEEEIIIYQQQgjRSkiwTwghhBBCCCGEEEKIVqJdUzegJbp4oYqL5+3Ld82nTlp/NvTpd7ObJIQQQgghhBBCCCGEBPvq45sv/oHp033WxxcvVJH7/joAjENGSbBPCCGEEEIIIYQQQjQJKeOth773PYBxyCgnv4/G+PCjTdAiIYQQQgghhBBCCCEk2Fcvnbv2qBXw63tfNA/GP96ErRJCCCGEEEIIIYQQP3dSxltPWsAP4OL5Kgn0CSGEEEIIIYQQQogmJ5l9DdC5aw+MDz8qgT4hhBBCCF8wZbH8HZPjL8lOyaK4SRokREtn5nBGMstTksncb27qxgghhLhJJLNPtDiW/Rlk7tM6K0YS0hIJ0y9QmUtmRg4W9WHY5HQSjD5sgCmL5VttNyLO12/mcEYGeZXqw0GJLHrG6KT9QEAcs5JG4u9tOxp5O+3baSAmKYmhAZ63ofidZLKP2S/uPyqJWbEGD17dYf/p6falR9zuJ/ubSM/b6AvKdn4RUcdrenqc1eXwefvrusl28v5rLI39vm5RHN8fN/E4+IQH572vqNdrr88XUxbLt+KwX5X3Ap6uq85zto5rnKvrbaNoyuufs+ZksXyrmZgkxx1sJGZUDpkZufX7vPTodR2Pd8tU67PX28/MJuf8M6fJz816Uo5H016jLfuzyCOOWWmN8N4RQgjRbEmwT7Qoxe8kk11u67BY9mfYd/6tNwrpyo1SZS6ZGRkc9tWNkyfr1wVdFjnpmPrHJrEoVnuk3PDt2G/0qhOrBOKwtcPHlPUbSEhLUjqnpiyWZ2Thr+usetKG+nfODQxNSmeo3e/UAEGQF+tzd7zUY9VzcjqLjKDcZGSQHdiMAkkBI5mVNhJroOGmM5KQlq78WJlLZkYB9920QISOj/ZD8TvJZNO8b34t+zPILIx0EdRQg0R2N24mst8xEebDbaq7DcIjdZ6z+mucl0FEn9Le3+r1tZ5r8c35YiJbDcw6u774xyYSU5hB5juG+r1/m/L6dVM4uza0XC3hC52W8HkCcLbcjH+EscWfE0IIIbwjZbyi5TBlKYE+3c2Ef2wiMeSQZwLlRsFsnxERMJIJoyBvr2NJUP0UF5lgUJzd+mMGme3WX7zXm+wqA/5BYCn3pqzCRN4+GjHzw0xxoRn/UXG2b6GNccQEmMizln80dhucMOWQV2kkxuPgobvzwczhLUqgz3ZDYSRhspHinFxrNk6LETCSWWnpLTLzQXjOsj+LvEojCXZBFSMJzfxms8kYE1mU1vyDBgIs+3MoDogjxuWxMjB0Shz+x3I47DQj8ufOTHklhMW1/EBfaxL2TDqLmjRj1IylvMleXAghRBOSzD7RQpg5nGMiLC7RoRNrICzCwBcVZiwVORQPiiPBIfjkf38k/oVmLOCTDrC/Q2ZZzyADWNdvwnTMwH2jPQ9ImY5B2GQv7kRNBRQHRBLjgyBbXdkYPQP126APShp82gbPKMefQZ53mC373ZwPpgIlA6JWtVgkYVsLOIsH54spi+U5vZkVd4ZMa2m3vlzHScaO03Ix+5I+7zIiPSzDcyg/r3f5uCsOJYv6dlj2Z5BZHklMeQ55lRA2ORG2ZlFsLVdUtr88LomgnPruh9pt0G+jfWlbFstTtJ/ty6vsl6tH6ZXjfgbsyzIdyjd1bbQvnc8hMyXH4e+1QHwdbXJyftXOPqldQqpl0bhvg7O/1z9nIjslh6BRBvL2mSAgjoSIArL3mb0sJ3Qs5XM8Fi7KYLXXcFf27ey96+V7Qjmv41gUXmA75j4vmXR9vmjbEBOUQ94x8B+VyH2FWep7THc8y+OYFZRjO65ev/ddH2/Pzhc8GP5CObfdBqoCjNwXkMMX/2tmqKfXBodzIS8jmTz151rXGH07HfZT8TvJ5AUlMYEs6zbb/30d7wuXZcLq+8Uh29z2ZZP316DinFwsxjr2Y53HQmtPImzRtsXxeBuclref1e2LOq+jlblkZpwhJi0Sk/U97sV2qu232/fOyvXd7cu69oObz3ZPPk/cDjlTaxlqb1MDr1FCCCF+3iTYJ1oIM+WVRoxG7DtogxJZFG6ACqVMISzciP1NopGEtEh64psBiXsGGbDsy6E41hbMydtnBmsJr5mzGDBWZLE8Q+sg1h5/Sd9R9B+VVDvgVAdLhRmCIjn7TjKZWmfTpx1AJbCXp79hqMwl7xgwyLs2WPZlsHyfD9pYaeKLSgMxUzzfUe7Oh3MVZvwj4vC3u0EzEJOUSJA3QczKHDJz4piVlmhdV/Y7Jq9u+C37sijXSolNWSzfmsXh+z3NmvSgDM+xnNnXdOXQs3Tl0JnoblyO5VA+OZ2EomSyt+YQk5RE0JYM9aZdWaR4awbUez+YObwXJqSl20pbU7KsJfJhz6SziLrLrpwOE5CS5flNaGUumfobzlplg+q5FpTIInVMsuJ3ksnMQHlvqCX+roPwSuZOQxW/Y98GPU/a4LgNSpl/Bui2M68wkllJvdmRkUN2eSKLJhewfGsBxRg92Je24MEifcBYdyyK37EvV6x1XD0p+7Z779qfLx47lsXyY8p7MExdR7bJV5mEbs4XdRu+iEhiVlAWmep1JKEomewiE8oHptLGTBJZlGa7HnqznZb9OTAlnUXq+7D4nWSyt+QS5tE5i4vhFJLJtgvMKNf4+wLdtUb5gi9P++LJE9q54LaM10S2m/PBsi+DzAD1vKvMJTNDu0a5eV8E9safM7VfUuszaIFyu+uot4wkJMWRmaEGXZ195npyLDCTl5GBv/r+s+zPINN6vOMI25eFyQRh1sCY8r5O0Af63F5HTWSnKNfKRUb1bxw+N4u3JrNc13TrddWYyKLJus8HHK674OQzyYFH56Trz3ZPPk+sQ7aogV5HtYZLcfa56YtrFGbKKw3cd79k/QshxM+NlPGKlsFUQPGgSOVmSu2gzRplsGbZWcqPYjqmBAOL31FvEpPi8A/oTU+AyjOc9UEz/GOTSBhkIjtFmdVseUoBQaMcO1AmsosiWZSWzqK0dGaNgrwM+8GmlbIO5V9MeQbLM7wsGz2WhSlcW0cSMeSQWWv2wvoLe0Zdp7adW+C+Qd61Qb+N1ue93U5V8d4cLPryabdMbs6Hk3xRCPfdb1DKIoMS1TIbA/5qsMLicVBFX1JpYGicEcrNXm2n/6gk2w2GMY6YADPlFV6soE5KVqT/qMRGK7m2/G8BlkGJduXQMaMMWApNdll21vK8QXEMDVCCynoN2w8Ghj5jX9pqHORNibySlRszRT9MQBxhmDB5+taqOINFv5
<h2 blockindex=66>参考</h2>
<p blockindex=67><a href=https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-7726-43hg-m23v>https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-7726-43hg-m23v</a></p></div></div>
 </div>
 <div class="post-opt mt-30">
 <ul class="list-inline text-muted">
 <li>
 <i class="fa fa-clock-o"></i>
 发表于 2024-09-10 08:00:00
 </li>
 <li>阅读 ( 198 )</li>
 <li>分类：<a href=https://forum.butian.net/articles/Web2 target=_blank rel="noopenner noreferrer">Web应用</a>
 </li>
 <li><a href=# class=report_btn data-source_type=vulnerabilities_article data-source_id=580 data-toggle=modal data-target=#send_report_model><i class="fa fa-flag-o"></i> 举报</a></li>
 </ul>
 </div>
 </div>
 <div class="text-center mt-30 mb-20">
 <button id=support-button class="btn btn-success btn-lg mr-5" data-loading-text=加载中... data-source_type=article data-source_id=580 data-support_num=0> 0 推荐</button>
 <button id=collect-button class="btn btn-default btn-lg" data-loading-text=加载中... data-source_type=article data-source_id=580> 收藏</button>
 </div>
 </div>
 
 <div class="widget-answers mt-15">
 <h2 class="h4 post-title">0 条评论</h2>
 <div class=comment>
 </div>
 
 <div class="widget-comment-form row mb-20">
 <form class=col-md-12>
 <div class=form-group>
 <textarea id=comment-content name=content placeholder=写下你的评论 class=form-control value></textarea>
 </div>
 </form>
 <div class="col-md-12 text-right">
 
 <button type=submit data-token=KBlqCi9iR3cp99NzzsAGOmmMqvT6dwaZVPrSYLox data-source_id=580 data-source_type=article class="btn btn-primary btn-sm ml-10 comment-btn">提交评论</button>
 </div>
 </div>
 
 <div class=text-center>
 
 </div>
 </div>
 </div>
 
 
 </div>
 </div>
</div>
<footer id=footer>
 <div class=container>
 <div class=text-center>
 <a href=https://forum.butian.net/>奇安信攻防社区</a><span class=span-line>|</span>
 <a href=mailto:butian_report@qianxin.com target=_blank rel="noopenner noreferrer">联系我们</a><span class=span-line>|</span>
 <a href=https://forum.butian.net/sitemap>sitemap</a>
 </div>
 <div class="copyright mt-10">
 Copyright © 2013-2023 BUTIAN.NET 版权所有 <a href=https://beian.miit.gov.cn/#/Integrated/index>京ICP备18014330号-2</a>
 </div>
 </div>
</footer>
<div class="modal fade sf-hidden" id=sendTo_message_model tabindex=-1 role=dialog aria-labelledby=exampleModalLabel>
 
</div>
 <div class="modal fade sf-hidden" id=send_report_model role=dialog aria-labelledby=exampleModalLabel>
 
</div> <div class="modal fade in sf-hidden" id=payment-qrcode-modal-article-580 tabindex=-1 role aria-labelledby=exampleModalLabel aria-hidden=false>
 
</div> 
 
 <div style="display:none;position:fixed;top:40%;left:50%;z-index:9999;transform:translate(-50%,-50%);padding:3px 15px;border-radius:8px;background:rgba(120,120,120,0.7);box-shadow:1px 1px 3px 1px rgba(160,160,160,0.6);text-align:center;font-size:12px;color:#fff"></div><div id=windowLoading class="modal fade sf-hidden" tabindex=-1 role=dialog>
 
 </div>
 
 
 
 
 
 
<span id=cnzz_stat_icon_1279782571></span>
<div class="geetest_panel geetest_wind" style=display:none></div><div id=immersive-translate-popup style=all:initial><template shadowrootmode=open><style class=sf-hidden>/*!
 * Pico.css v1.5.6 (https://picocss.com)
 * Copyright 2019-2022 - Licensed under MIT
 */#mount{--font-family:system-ui,-apple-system,"Segoe UI","Roboto","Ubuntu","Cantarell","Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--line-height:1.5;--font-weight:400;--font-size:16px;--border-radius:0.25rem;--border-width:1px;--outline-width:3px;--spacing:1rem;--typography-spacing-vertical:1.5rem;--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing);--grid-spacing-vertical:0;--grid-spacing-horizontal:var(--spacing);--form-element-spacing-vertical:0.75rem;--form-element-spacing-horizontal:1rem;--nav-element-spacing-vertical:1rem;--nav-element-spacing-horizontal:0.5rem;--nav-link-spacing-vertical:0.5rem;--nav-link-spacing-horizontal:0.5rem;--form-label-font-weight:var(--font-weight);--transition:0.2s ease-in-out;--modal-overlay-backdrop-filter:blur(0.25rem)}@media (min-width:576px){#mount{--font-size:17px}}@media (min-width:768px){#mount{--font-size:18px}}@media (min-width:992px){#mount{--font-size:19px}}@media (min-width:1200px){#mount{--font-size:20px}}@media (min-width:576px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*2.5)}}@media (min-width:768px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3)}}@media (min-width:992px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3.5)}}@media (min-width:1200px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*4)}}@media (min-width:576px){article{--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){article{--block-spacing-horizontal:calc(var(--spacing)*1.5)}}@media (min-width:992px){article{--block-spacing-horizontal:calc(var(--spacing)*1.75)}}@media (min-width:1200px){article{--block-spacing-horizontal:calc(var(--spacing)*2)}}dialog>article{--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing)}@media (min-width:576px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*2.5);--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*3);--block-spacing-horizontal:calc(var(--spacing)*1.5)}}a{--text-decoration:none}a.secondary,a.contrast{--text-decoration:underline}small{--font-size:0.875em}h1,h2,h3,h4,h5,h6{--font-weight:700}h1{--font-size:2rem;--typography-spacing-vertical:3rem}h2{--font-size:1.75rem;--typography-spacing-vertical:2.625rem}h3{--font-size:1.5rem;--typography-spacing-vertical:2.25rem}h4{--font-size:1.25rem;--typography-spacing-vertical:1.874rem}h5{--font-size:1.125rem;--typography-spacing-vertical:1.6875rem}[type="checkbox"],[type="radio"]{--border-width:2px}[type="checkbox"][role="switch"]{--border-width:3px}thead th,thead td,tfoot th,tfoot td{--border-width:3px}:not(thead,tfoot)>*>td{--font-size:0.875em}pre,code,kbd,samp{--font-family:"Menlo","Consolas","Roboto Mono","Ubuntu Monospace","Noto Mono","Oxygen Mono","Liberation Mono",monospace,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"}kbd{--font-weight:bolder}[data-theme="light"],#mount:not([data-theme="dark"]){--background-color:#fff;--background-light-green:#F5F7F9;--color:hsl(205deg,20%,32%);--h1-color:hsl(205deg,30%,15%);--h2-color:#24333e;--h3-color:hsl(205deg,25%,23%);--h4-color:#374956;--h5-color:hsl(205deg,20%,32%);--h6-color:#4d606d;--muted-color:hsl(205deg,10%,50%);--muted-border-color:hsl(205deg,20%,94%);--primary:hsl(195deg,85%,41%);--primary-hover:hsl(195deg,90%,32%);--primary-focus:rgba(16,149,193,0.125);--primary-inverse:#fff;--secondary:hsl(205deg,15%,41%);--secondary-hover:hsl(205deg,20%,32%);--secondary-focus:rgba(89,107,120,0.125);--secondary-inverse:#fff;--contrast:hsl(205deg,30%,15%);--contrast-hover:#000;--contrast-focus:rgba(89,107,120,0.125);--contrast-inverse:#fff;--mark-background-color:#fff2ca;--mark-color:#543a26;--ins-color:#388e3c;--del-color:#c62828;--blockquote-border-color:var(--muted-border-color);--blockquote-footer-color:var(--muted-c