bindPermission权限检查支持开关,便于开发环境调试
This commit is contained in:
mazhicheng
parent
e3f3a0c674
commit
f2d74c9100
|
|
@ -20,13 +20,16 @@ import com.diboot.core.util.V;
|
|||
import com.diboot.iam.annotation.BindPermission;
|
||||
import com.diboot.iam.config.Cons;
|
||||
import com.diboot.iam.exception.PermissionException;
|
||||
import com.diboot.iam.starter.IamBaseProperties;
|
||||
import com.diboot.iam.util.AnnotationUtils;
|
||||
import com.diboot.iam.util.IamSecurityUtils;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.aspectj.lang.JoinPoint;
|
||||
import org.aspectj.lang.annotation.Aspect;
|
||||
import org.aspectj.lang.annotation.Before;
|
||||
import org.aspectj.lang.annotation.Pointcut;
|
||||
import org.aspectj.lang.reflect.MethodSignature;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.context.request.RequestAttributes;
|
||||
import org.springframework.web.context.request.RequestContextHolder;
|
||||
|
|
@ -45,7 +48,10 @@ import java.util.Map;
|
|||
*/
|
||||
@Aspect
|
||||
@Component
|
||||
@Slf4j
|
||||
public class BindPermissionAspect {
|
||||
@Autowired
|
||||
private IamBaseProperties iamBaseProperties;
|
||||
|
||||
/**
|
||||
* 注解切面
|
||||
|
|
@ -59,6 +65,10 @@ public class BindPermissionAspect {
|
|||
*/
|
||||
@Before("pointCut()")
|
||||
public void before(JoinPoint joinPoint) {
|
||||
if(iamBaseProperties.isEnablePermissionCheck() == false){
|
||||
log.debug("BindPermission权限检查已停用,如需启用请删除配置项: diboot.iam.enable-permission-check");
|
||||
return;
|
||||
}
|
||||
// 超级管理员 权限放过
|
||||
if (IamSecurityUtils.getSubject().hasRole(Cons.ROLE_SUPER_ADMIN)) {
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -82,6 +82,7 @@ public class IamBaseAutoConfig{
|
|||
* @return
|
||||
*/
|
||||
@Bean
|
||||
@ConditionalOnMissingBean(CacheManager.class)
|
||||
public CacheManager cacheManager() {
|
||||
String className = iamBaseProperties.getCacheManagerClass();
|
||||
if(V.isEmpty(className)){
|
||||
|
|
@ -118,6 +119,7 @@ public class IamBaseAutoConfig{
|
|||
}
|
||||
|
||||
@Bean
|
||||
@ConditionalOnMissingBean(ShiroFilterFactoryBean.class)
|
||||
protected ShiroFilterFactoryBean shiroFilterFactoryBean(SessionsSecurityManager securityManager){
|
||||
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
|
||||
// 设置过滤器
|
||||
|
|
@ -138,16 +140,24 @@ public class IamBaseAutoConfig{
|
|||
filterChainDefinitionMap.put("/error/**", "anon");
|
||||
filterChainDefinitionMap.put("/auth/**", "anon");
|
||||
|
||||
boolean allAnon = false;
|
||||
String anonUrls = iamBaseProperties.getAnonUrls();
|
||||
if(V.notEmpty(anonUrls)){
|
||||
for(String url : anonUrls.split(Cons.SEPARATOR_COMMA)){
|
||||
filterChainDefinitionMap.put(url, "anon");
|
||||
if(url.equals("/**")){
|
||||
allAnon = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
filterChainDefinitionMap.put("/login", "authc");
|
||||
filterChainDefinitionMap.put("/logout", "logout");
|
||||
filterChainDefinitionMap.put("/**", "jwt");
|
||||
|
||||
if(allAnon && iamBaseProperties.isEnablePermissionCheck() == false){
|
||||
filterChainDefinitionMap.put("/**", "anon");
|
||||
}
|
||||
else{
|
||||
filterChainDefinitionMap.put("/**", "jwt");
|
||||
}
|
||||
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
|
||||
return shiroFilterFactoryBean;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -58,9 +58,9 @@ public class IamBaseProperties {
|
|||
*/
|
||||
private boolean initSql = true;
|
||||
/**
|
||||
* 是否开启权限自动更新
|
||||
* 是否开启权限检查(开发环境可关闭方便调试)
|
||||
*/
|
||||
//private boolean enablePermissionUpdate = true;
|
||||
private boolean enablePermissionCheck = true;
|
||||
|
||||
/**
|
||||
* 缓存Manager类
|
||||
|
|
|
|||
Loading…
Reference in New Issue