From f138b59f2d115df06c6fd558f31cb8b5006d8487 Mon Sep 17 00:00:00 2001
From: sxu <602087911@qq.com>
Date: Sun, 29 Sep 2024 14:10:55 +0800
Subject: [PATCH] =?UTF-8?q?=E8=8F=9C=E5=8D=95=E9=89=B4=E6=9D=83=EF=BC=8C?=
=?UTF-8?q?=E7=BD=91=E9=A1=B5=E4=B8=8B=E6=8B=89=E4=B8=8D=E9=89=B4=E6=9D=83?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
sgzb-common/sgzb-common-security/pom.xml | 6 ++++
.../security/aspect/PreAuthorizeAspect.java | 34 +++++++++++++++----
2 files changed, 33 insertions(+), 7 deletions(-)
diff --git a/sgzb-common/sgzb-common-security/pom.xml b/sgzb-common/sgzb-common-security/pom.xml
index e531c52..b05698d 100644
--- a/sgzb-common/sgzb-common-security/pom.xml
+++ b/sgzb-common/sgzb-common-security/pom.xml
@@ -33,6 +33,12 @@
com.bonus.sgzb
sgzb-common-redis
+
+ cn.hutool
+ hutool-all
+ 5.8.23
+ compile
+
diff --git a/sgzb-common/sgzb-common-security/src/main/java/com/bonus/sgzb/common/security/aspect/PreAuthorizeAspect.java b/sgzb-common/sgzb-common-security/src/main/java/com/bonus/sgzb/common/security/aspect/PreAuthorizeAspect.java
index cd7d078..8ccecef 100644
--- a/sgzb-common/sgzb-common-security/src/main/java/com/bonus/sgzb/common/security/aspect/PreAuthorizeAspect.java
+++ b/sgzb-common/sgzb-common-security/src/main/java/com/bonus/sgzb/common/security/aspect/PreAuthorizeAspect.java
@@ -1,7 +1,11 @@
package com.bonus.sgzb.common.security.aspect;
import java.lang.reflect.Method;
-
+import java.util.Objects;
+import com.alibaba.fastjson2.JSON;
+import cn.hutool.json.JSONArray;
+import cn.hutool.json.JSONObject;
+import cn.hutool.json.JSONUtil;
import com.bonus.sgzb.common.security.auth.AuthUtil;
import com.bonus.sgzb.common.security.annotation.RequiresRoles;
import org.aspectj.lang.ProceedingJoinPoint;
@@ -54,9 +58,24 @@ public class PreAuthorizeAspect
@Around("pointcut()")
public Object around(ProceedingJoinPoint joinPoint) throws Throwable
{
+ //获取请求参数
+ boolean needPermission = true;
+ Object[] args = joinPoint.getArgs();
+ String argStr = JSON.toJSONString(args);
+ JSONArray jsonArray = JSONUtil.parseArray(argStr);
+ for (int i = 0; i < jsonArray.size(); i++) {
+ Object obj = jsonArray.getObj(i);
+ if (Objects.nonNull(obj) && obj instanceof JSONObject) {
+ JSONObject jsonObject = (JSONObject) obj;
+ if ("1".equals(jsonObject.getStr("skipPermission"))) {
+ needPermission = false;
+ }
+ }
+ }
+
// 注解鉴权
MethodSignature signature = (MethodSignature) joinPoint.getSignature();
- checkMethodAnnotation(signature.getMethod());
+ checkMethodAnnotation(signature.getMethod(), needPermission);
try
{
// 执行原有逻辑
@@ -72,7 +91,7 @@ public class PreAuthorizeAspect
/**
* 对一个Method对象进行注解检查
*/
- public void checkMethodAnnotation(Method method)
+ public void checkMethodAnnotation(Method method, boolean needPermission)
{
// 校验 @RequiresLogin 注解
RequiresLogin requiresLogin = method.getAnnotation(RequiresLogin.class);
@@ -89,10 +108,11 @@ public class PreAuthorizeAspect
}
// 校验 @RequiresPermissions 注解
- RequiresPermissions requiresPermissions = method.getAnnotation(RequiresPermissions.class);
- if (requiresPermissions != null)
- {
- AuthUtil.checkPermi(requiresPermissions);
+ if (needPermission) {
+ RequiresPermissions requiresPermissions = method.getAnnotation(RequiresPermissions.class);
+ if (requiresPermissions != null) {
+ AuthUtil.checkPermi(requiresPermissions);
+ }
}
}
}