前置基础 经典的权限绕过姿势:getRequestURI() + getServletPath() https://blog.viettelcybersecurity.com/cve-2022-0540-authentication-bypass-in-seraph/