From 834e1d5b34e832169172618ac869f66df984a55e Mon Sep 17 00:00:00 2001
From: click33 <2393584716@qq.com>
Date: Sat, 3 Aug 2024 18:50:11 +0800
Subject: [PATCH] =?UTF-8?q?=E9=87=8D=E6=9E=84=E6=B3=A8=E8=A7=A3=E9=89=B4?=
 =?UTF-8?q?=E6=9D=83=E5=BA=95=E5=B1=82=EF=BC=8C=E5=8F=AF=E4=BB=A5=E6=96=B9?=
 =?UTF-8?q?=E4=BE=BF=E7=9A=84=E8=87=AA=E5=AE=9A=E4=B9=89=E6=B3=A8=E8=A7=A3?=
 =?UTF-8?q?=E4=BA=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../dev33/satoken/annotation/SaCheckOr.java   |  14 +-
 .../dev33/satoken/basic/SaBasicTemplate.java  |  99 --------
 .../cn/dev33/satoken/basic/SaBasicUtil.java   |  70 -----
 ...on.java => NotHttpBasicAuthException.java} |   4 +-
 .../fun/strategy/SaGetAnnotationFunction.java |   2 +-
 .../httpauth/basic/SaHttpBasicTemplate.java   |   4 +-
 .../httpauth/digest/SaHttpDigestTemplate.java |   5 +
 .../httpauth/digest/SaHttpDigestUtil.java     |   5 +
 .../satoken/listener/SaTokenEventCenter.java  |  11 +
 .../satoken/listener/SaTokenListener.java     |   7 +
 .../listener/SaTokenListenerForLog.java       |  16 +-
 .../java/cn/dev33/satoken/stp/StpLogic.java   | 153 +++++------
 .../cn/dev33/satoken/strategy/SaStrategy.java | 240 ------------------
 .../java/com/pj/SaTokenCaseApplication.java   |   3 +-
 .../com/pj/cases/test/TestController.java     |   7 +-
 .../java/com/pj/current/GlobalException.java  |   6 +-
 .../java/com/pj/satoken/SaTokenConfigure.java |   7 +-
 .../SaUserCheckLogin.java                     |  10 +-
 .../SaUserCheckPermission.java                |  35 ++-
 .../SaUserCheckRole.java                      |  13 +-
 sa-token-doc/_sidebar.md                      |   1 +
 sa-token-doc/up/many-account.md               |   7 +-
 sa-token-doc/use/at-check.md                  |  12 +-
 .../cn/dev33/satoken/spring/SaBeanInject.java |  18 +-
 .../satoken/interceptor/SaInterceptor.java    |  15 +-
 .../integrate/configure/HandlerException.java |   6 +-
 26 files changed, 210 insertions(+), 560 deletions(-)
 delete mode 100644 sa-token-core/src/main/java/cn/dev33/satoken/basic/SaBasicTemplate.java
 delete mode 100644 sa-token-core/src/main/java/cn/dev33/satoken/basic/SaBasicUtil.java
 rename sa-token-core/src/main/java/cn/dev33/satoken/exception/{NotBasicAuthException.java => NotHttpBasicAuthException.java} (90%)
 rename sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/{at => custom_annotation}/SaUserCheckLogin.java (71%)
 rename sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/{at => custom_annotation}/SaUserCheckPermission.java (54%)
 rename sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/{at => custom_annotation}/SaUserCheckRole.java (72%)

diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/annotation/SaCheckOr.java b/sa-token-core/src/main/java/cn/dev33/satoken/annotation/SaCheckOr.java
index 8652619b..5e2ce739 100644
--- a/sa-token-core/src/main/java/cn/dev33/satoken/annotation/SaCheckOr.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/annotation/SaCheckOr.java
@@ -39,13 +39,6 @@ public @interface SaCheckOr {
      */
     SaCheckLogin[] login() default {};
 
-    /**
-     * 设定 @SaCheckPermission，参考 {@link SaCheckPermission}
-     *
-     * @return /
-     */
-    SaCheckPermission[] permission() default {};
-
     /**
      * 设定 @SaCheckRole，参考 {@link SaCheckRole}
      *
@@ -53,6 +46,13 @@ public @interface SaCheckOr {
      */
     SaCheckRole[] role() default {};
 
+    /**
+     * 设定 @SaCheckPermission，参考 {@link SaCheckPermission}
+     *
+     * @return /
+     */
+    SaCheckPermission[] permission() default {};
+
     /**
      * 设定 @SaCheckSafe，参考 {@link SaCheckSafe}
      *
diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/basic/SaBasicTemplate.java b/sa-token-core/src/main/java/cn/dev33/satoken/basic/SaBasicTemplate.java
deleted file mode 100644
index e899154b..00000000
--- a/sa-token-core/src/main/java/cn/dev33/satoken/basic/SaBasicTemplate.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright 2020-2099 sa-token.cc
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package cn.dev33.satoken.basic;
-
-import cn.dev33.satoken.SaManager;
-import cn.dev33.satoken.context.SaHolder;
-import cn.dev33.satoken.error.SaErrorCode;
-import cn.dev33.satoken.exception.NotBasicAuthException;
-import cn.dev33.satoken.secure.SaBase64Util;
-import cn.dev33.satoken.util.SaFoxUtil;
-
-/**
- * <h2> 已更换至包：cn.dev33.satoken.httpauth.basic </h2>
- * <h2> 已更换名称：SaHttpBasicTemplate </h2>
- *
- * Sa-Token Http Basic 认证模块
- *
- * @author click33
- * @since 1.26.0
- */
-@Deprecated
-public class SaBasicTemplate {
-	
-	/**
-	 * 默认的 Realm 领域名称
-	 */
-	public static final String DEFAULT_REALM = "Sa-Token";
-
-	/**
-	 * 在校验失败时，设置响应头，并抛出异常
-	 * @param realm 领域 
-	 */
-	public void throwNotBasicAuthException(String realm) {
-		SaHolder.getResponse().setStatus(401).setHeader("WWW-Authenticate", "Basic Realm=" + realm);
-		throw new NotBasicAuthException().setCode(SaErrorCode.CODE_10311);
-	}
-
-	/**
-	 * 获取浏览器提交的 Basic 参数 （裁剪掉前缀并解码）
-	 * @return 值
-	 */
-	public String getAuthorizationValue() {
-		
-		// 获取前端提交的请求头 Authorization 参数
-		String authorization = SaHolder.getRequest().getHeader("Authorization");
-		
-		// 如果不是以 Basic 作为前缀，则视为无效 
-		if(authorization == null || ! authorization.startsWith("Basic ")) {
-			return null;
-		}
-		
-		// 裁剪前缀并解码 
-		return SaBase64Util.decode(authorization.substring(6));
-	}
-	
-	/**
-	 * 对当前会话进行 Basic 校验（使用全局配置的账号密码），校验不通过则抛出异常  
-	 */
-	public void check() {
-		check(DEFAULT_REALM, SaManager.getConfig().getBasic());
-	}
-
-	/**
-	 * 对当前会话进行 Basic 校验（手动设置账号密码），校验不通过则抛出异常  
-	 * @param account 账号（格式为 user:password）
-	 */
-	public void check(String account) {
-		check(DEFAULT_REALM, account);
-	}
-
-	/**
-	 * 对当前会话进行 Basic 校验（手动设置 Realm 和 账号密码），校验不通过则抛出异常 
-	 * @param realm 领域 
-	 * @param account 账号（格式为 user:password）
-	 */
-	public void check(String realm, String account) {
-		if(SaFoxUtil.isEmpty(account)) {
-			account = SaManager.getConfig().getBasic();
-		}
-		String authorization = getAuthorizationValue();
-		if(SaFoxUtil.isEmpty(authorization) || ! authorization.equals(account)) {
-			throwNotBasicAuthException(realm);
-		}
-	}
-
-}
diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/basic/SaBasicUtil.java b/sa-token-core/src/main/java/cn/dev33/satoken/basic/SaBasicUtil.java
deleted file mode 100644
index 28295422..00000000
--- a/sa-token-core/src/main/java/cn/dev33/satoken/basic/SaBasicUtil.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright 2020-2099 sa-token.cc
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package cn.dev33.satoken.basic;
-
-/**
- * <h2> 已更换至包：cn.dev33.satoken.httpauth.basic </h2>
- * <h2> 已更换名称：SaHttpBasicUtil </h2>
- *
- * Sa-Token Http Basic 认证模块，Util 工具类
- *
- * @author click33
- * @since 1.26.0
- */
-@Deprecated
-public class SaBasicUtil {
-
-	private SaBasicUtil() {
-	}
-	
-	/**
-	 * 底层使用的 SaBasicTemplate 对象
-	 */
-	public static SaBasicTemplate saBasicTemplate = new SaBasicTemplate();
-
-	/**
-	 * 获取浏览器提交的 Basic 参数 （裁剪掉前缀并解码）
-	 * @return 值
-	 */
-	public static String getAuthorizationValue() {
-		return saBasicTemplate.getAuthorizationValue();
-	}
-	
-	/**
-	 * 对当前会话进行 Basic 校验（使用全局配置的账号密码），校验不通过则抛出异常  
-	 */
-	public static void check() {
-		saBasicTemplate.check();
-	}
-
-	/**
-	 * 对当前会话进行 Basic 校验（手动设置账号密码），校验不通过则抛出异常  
-	 * @param account 账号（格式为 user:password）
-	 */
-	public static void check(String account) {
-		saBasicTemplate.check(account);
-	}
-
-	/**
-	 * 对当前会话进行 Basic 校验（手动设置 Realm 和 账号密码），校验不通过则抛出异常 
-	 * @param realm 领域 
-	 * @param account 账号（格式为 user:password）
-	 */
-	public static void check(String realm, String account) {
-		saBasicTemplate.check(realm, account);
-	}
-
-}
diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/exception/NotBasicAuthException.java b/sa-token-core/src/main/java/cn/dev33/satoken/exception/NotHttpBasicAuthException.java
similarity index 90%
rename from sa-token-core/src/main/java/cn/dev33/satoken/exception/NotBasicAuthException.java
rename to sa-token-core/src/main/java/cn/dev33/satoken/exception/NotHttpBasicAuthException.java
index 862c8986..4a5defd9 100644
--- a/sa-token-core/src/main/java/cn/dev33/satoken/exception/NotBasicAuthException.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/exception/NotHttpBasicAuthException.java
@@ -21,7 +21,7 @@ package cn.dev33.satoken.exception;
  * @author click33
  * @since 1.26.0
  */
-public class NotBasicAuthException extends SaTokenException {
+public class NotHttpBasicAuthException extends SaTokenException {
 
 	/**
 	 * 序列化版本号
@@ -34,7 +34,7 @@ public class NotBasicAuthException extends SaTokenException {
 	/**
 	 * 一个异常：代表会话未通过 Http Basic 认证 
 	 */
-	public NotBasicAuthException() {
+	public NotHttpBasicAuthException() {
 		super(BE_MESSAGE);
 	}
 
diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/fun/strategy/SaGetAnnotationFunction.java b/sa-token-core/src/main/java/cn/dev33/satoken/fun/strategy/SaGetAnnotationFunction.java
index 6908b639..61282633 100644
--- a/sa-token-core/src/main/java/cn/dev33/satoken/fun/strategy/SaGetAnnotationFunction.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/fun/strategy/SaGetAnnotationFunction.java
@@ -29,6 +29,6 @@ import java.util.function.BiFunction;
  * @since 1.35.0
  */
 @FunctionalInterface
-public interface SaGetAnnotationFunction extends BiFunction<AnnotatedElement, Class<? extends Annotation> , Annotation> {
+public interface SaGetAnnotationFunction extends BiFunction<AnnotatedElement, Class<? extends Annotation>, Annotation> {
 
 }
\ No newline at end of file
diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/httpauth/basic/SaHttpBasicTemplate.java b/sa-token-core/src/main/java/cn/dev33/satoken/httpauth/basic/SaHttpBasicTemplate.java
index 4f7449bd..90f8553c 100644
--- a/sa-token-core/src/main/java/cn/dev33/satoken/httpauth/basic/SaHttpBasicTemplate.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/httpauth/basic/SaHttpBasicTemplate.java
@@ -18,7 +18,7 @@ package cn.dev33.satoken.httpauth.basic;
 import cn.dev33.satoken.SaManager;
 import cn.dev33.satoken.context.SaHolder;
 import cn.dev33.satoken.error.SaErrorCode;
-import cn.dev33.satoken.exception.NotBasicAuthException;
+import cn.dev33.satoken.exception.NotHttpBasicAuthException;
 import cn.dev33.satoken.secure.SaBase64Util;
 import cn.dev33.satoken.util.SaFoxUtil;
 
@@ -41,7 +41,7 @@ public class SaHttpBasicTemplate {
 	 */
 	public void throwNotBasicAuthException(String realm) {
 		SaHolder.getResponse().setStatus(401).setHeader("WWW-Authenticate", "Basic Realm=" + realm);
-		throw new NotBasicAuthException().setCode(SaErrorCode.CODE_10311);
+		throw new NotHttpBasicAuthException().setCode(SaErrorCode.CODE_10311);
 	}
 
 	/**
diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/httpauth/digest/SaHttpDigestTemplate.java b/sa-token-core/src/main/java/cn/dev33/satoken/httpauth/digest/SaHttpDigestTemplate.java
index f7ed69d3..a16d2bf5 100644
--- a/sa-token-core/src/main/java/cn/dev33/satoken/httpauth/digest/SaHttpDigestTemplate.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/httpauth/digest/SaHttpDigestTemplate.java
@@ -263,11 +263,16 @@ public class SaHttpDigestTemplate {
         check(arr[0], arr[1]);
     }
 
+
+
+    // ----------------- 过期方法 -----------------
+
     /**
      * 根据注解 ( @SaCheckHttpDigest ) 鉴权
      *
      * @param at 注解对象
      */
+    @Deprecated
     public void checkByAnnotation(SaCheckHttpDigest at) {
 
         // 如果配置了 value，则以 value 优先
diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/httpauth/digest/SaHttpDigestUtil.java b/sa-token-core/src/main/java/cn/dev33/satoken/httpauth/digest/SaHttpDigestUtil.java
index 70a0df46..d3000554 100644
--- a/sa-token-core/src/main/java/cn/dev33/satoken/httpauth/digest/SaHttpDigestUtil.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/httpauth/digest/SaHttpDigestUtil.java
@@ -90,11 +90,16 @@ public class SaHttpDigestUtil {
 		saHttpDigestTemplate.check();
 	}
 
+
+
+	// ----------------- 过期方法 -----------------
+
 	/**
 	 * 根据注解 ( @SaCheckHttpDigest ) 鉴权
 	 *
 	 * @param at 注解对象
 	 */
+	@Deprecated
 	public static void checkByAnnotation(SaCheckHttpDigest at) {
 		saHttpDigestTemplate.checkByAnnotation(at);
 	}
diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/listener/SaTokenEventCenter.java b/sa-token-core/src/main/java/cn/dev33/satoken/listener/SaTokenEventCenter.java
index e5036e64..29ed5d89 100644
--- a/sa-token-core/src/main/java/cn/dev33/satoken/listener/SaTokenEventCenter.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/listener/SaTokenEventCenter.java
@@ -18,6 +18,7 @@ package cn.dev33.satoken.listener;
 import java.util.ArrayList;
 import java.util.List;
 
+import cn.dev33.satoken.annotation.handler.SaAnnotationAbstractHandler;
 import cn.dev33.satoken.config.SaTokenConfig;
 import cn.dev33.satoken.error.SaErrorCode;
 import cn.dev33.satoken.exception.SaTokenException;
@@ -287,6 +288,16 @@ public class SaTokenEventCenter {
 		}
 	}
 
+	/**
+	 * 事件发布：有新的注解处理器载入到框架中
+	 * @param handler 注解处理器
+	 */
+	public static void doRegisterAnnotationHandler(SaAnnotationAbstractHandler<?> handler) {
+		for (SaTokenListener listener : listenerList) {
+			listener.doRegisterAnnotationHandler(handler);
+		}
+	}
+
 	/**
 	 * 事件发布：有新的 StpLogic 载入到框架中
 	 * @param stpLogic / 
diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/listener/SaTokenListener.java b/sa-token-core/src/main/java/cn/dev33/satoken/listener/SaTokenListener.java
index 4de64e2e..6a4e3564 100644
--- a/sa-token-core/src/main/java/cn/dev33/satoken/listener/SaTokenListener.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/listener/SaTokenListener.java
@@ -15,6 +15,7 @@
  */
 package cn.dev33.satoken.listener;
 
+import cn.dev33.satoken.annotation.handler.SaAnnotationAbstractHandler;
 import cn.dev33.satoken.config.SaTokenConfig;
 import cn.dev33.satoken.stp.SaLoginModel;
 import cn.dev33.satoken.stp.StpLogic;
@@ -125,6 +126,12 @@ public interface SaTokenListener {
 	 */
 	default void doRegisterComponent(String compName, Object compObj) {}
 
+	/**
+	 * 注册了自定义注解处理器
+	 * @param handler 注解处理器
+	 */
+	default void doRegisterAnnotationHandler(SaAnnotationAbstractHandler<?> handler) {}
+
 	/**
 	 * StpLogic 对象替换 
 	 * @param stpLogic / 
diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/listener/SaTokenListenerForLog.java b/sa-token-core/src/main/java/cn/dev33/satoken/listener/SaTokenListenerForLog.java
index 53a15b43..7bb32ef4 100644
--- a/sa-token-core/src/main/java/cn/dev33/satoken/listener/SaTokenListenerForLog.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/listener/SaTokenListenerForLog.java
@@ -15,13 +15,14 @@
  */
 package cn.dev33.satoken.listener;
 
-import static cn.dev33.satoken.SaManager.log;
-
+import cn.dev33.satoken.annotation.handler.SaAnnotationAbstractHandler;
 import cn.dev33.satoken.config.SaTokenConfig;
 import cn.dev33.satoken.stp.SaLoginModel;
 import cn.dev33.satoken.stp.StpLogic;
 import cn.dev33.satoken.util.SaFoxUtil;
 
+import static cn.dev33.satoken.SaManager.log;
+
 /**
  * Sa-Token 侦听器的一个实现：Log 打印
  * 
@@ -130,6 +131,17 @@ public class SaTokenListenerForLog implements SaTokenListener {
 		log.info("全局组件 {} 载入成功: {}", compName, canonicalName);
 	}
 
+	/**
+	 * 注册了自定义注解处理器
+	 * @param handler 注解处理器
+	 */
+	@Override
+	public void doRegisterAnnotationHandler(SaAnnotationAbstractHandler<?> handler) {
+		if(handler != null) {
+			log.info("注解扩展 @{} (处理器: {})", handler.getHandlerAnnotationClass().getSimpleName(), handler.getClass().getCanonicalName());
+		}
+	}
+
 	/**
 	 * StpLogic 对象替换 
 	 * @param stpLogic / 
diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/stp/StpLogic.java b/sa-token-core/src/main/java/cn/dev33/satoken/stp/StpLogic.java
index 3b6b4da0..1c071119 100644
--- a/sa-token-core/src/main/java/cn/dev33/satoken/stp/StpLogic.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/stp/StpLogic.java
@@ -2233,79 +2233,6 @@ public class StpLogic {
 	public List<String> searchTokenSessionId(String keyword, int start, int size, boolean sortType) {
 		return getSaTokenDao().searchData(splicingKeyTokenSession(""), keyword, start, size, sortType);
 	}
-	
-
-	// ------------------- 注解鉴权 -------------------  
-
-	/**
-	 * 根据注解 ( @SaCheckLogin ) 鉴权
-	 *
-	 * @param at 注解对象 
-	 */
-	public void checkByAnnotation(SaCheckLogin at) {
-		this.checkLogin();
-	}
-
-	/**
-	 * 根据注解 ( @SaCheckRole ) 鉴权
-	 *
-	 * @param at 注解对象 
-	 */
-	public void checkByAnnotation(SaCheckRole at) {
-		String[] roleArray = at.value();
-		if(at.mode() == SaMode.AND) {
-			this.checkRoleAnd(roleArray);	
-		} else {
-			this.checkRoleOr(roleArray);	
-		}
-	}
-	
-	/**
-	 * 根据注解 ( @SaCheckPermission ) 鉴权
-	 *
-	 * @param at 注解对象 
-	 */
-	public void checkByAnnotation(SaCheckPermission at) {
-		String[] permissionArray = at.value();
-		try {
-			if(at.mode() == SaMode.AND) {
-				this.checkPermissionAnd(permissionArray);	
-			} else {
-				this.checkPermissionOr(permissionArray);	
-			}
-		} catch (NotPermissionException e) {
-			// 权限认证校验未通过，再开始角色认证校验
-			for (String role : at.orRole()) {
-				String[] rArr = SaFoxUtil.convertStringToArray(role);
-				// 某一项 role 认证通过，则可以提前退出了，代表通过
-				if (hasRoleAnd(rArr)) {
-					return;
-				}
-			}
-			throw e;
-		}
-	}
-
-	/**
-	 * 根据注解 ( @SaCheckSafe ) 鉴权
-	 *
-	 * @param at 注解对象 
-	 */
-	public void checkByAnnotation(SaCheckSafe at) {
-		this.checkSafe(at.value());
-	}
-
-	/**
-	 * 根据注解 ( @SaCheckDisable ) 鉴权
-	 *
-	 * @param at 注解对象
-	 */
-	public void checkByAnnotation(SaCheckDisable at) {
-		Object loginId = getLoginId();
-		for (String service : at.value()) {
-			this.checkDisableLevel(loginId, service, at.level());
-		}
-	}
 
 
 	// ------------------- 账号封禁 -------------------  
@@ -2937,4 +2864,84 @@ public class StpLogic {
 		return false;
 	}
 
+
+
+	// ------------------- 过期方法 -------------------
+
+	/**
+	 * 根据注解 ( @SaCheckLogin ) 鉴权
+	 *
+	 * @param at 注解对象
+	 */
+	@Deprecated
+	public void checkByAnnotation(SaCheckLogin at) {
+		this.checkLogin();
+	}
+
+	/**
+	 * 根据注解 ( @SaCheckRole ) 鉴权
+	 *
+	 * @param at 注解对象
+	 */
+	@Deprecated
+	public void checkByAnnotation(SaCheckRole at) {
+		String[] roleArray = at.value();
+		if(at.mode() == SaMode.AND) {
+			this.checkRoleAnd(roleArray);
+		} else {
+			this.checkRoleOr(roleArray);
+		}
+	}
+
+	/**
+	 * 根据注解 ( @SaCheckPermission ) 鉴权
+	 *
+	 * @param at 注解对象
+	 */
+	@Deprecated
+	public void checkByAnnotation(SaCheckPermission at) {
+		String[] permissionArray = at.value();
+		try {
+			if(at.mode() == SaMode.AND) {
+				this.checkPermissionAnd(permissionArray);
+			} else {
+				this.checkPermissionOr(permissionArray);
+			}
+		} catch (NotPermissionException e) {
+			// 权限认证校验未通过，再开始角色认证校验
+			for (String role : at.orRole()) {
+				String[] rArr = SaFoxUtil.convertStringToArray(role);
+				// 某一项 role 认证通过，则可以提前退出了，代表通过
+				if (hasRoleAnd(rArr)) {
+					return;
+				}
+			}
+			throw e;
+		}
+	}
+
+	/**
+	 * 根据注解 ( @SaCheckSafe ) 鉴权
+	 *
+	 * @param at 注解对象
+	 */
+	@Deprecated
+	public void checkByAnnotation(SaCheckSafe at) {
+		this.checkSafe(at.value());
+	}
+
+	/**
+	 * 根据注解 ( @SaCheckDisable ) 鉴权
+	 *
+	 * @param at 注解对象
+	 */
+	@Deprecated
+	public void checkByAnnotation(SaCheckDisable at) {
+		Object loginId = getLoginId();
+		for (String service : at.value()) {
+			this.checkDisableLevel(loginId, service, at.level());
+		}
+	}
+
+
 }
diff --git a/sa-token-core/src/main/java/cn/dev33/satoken/strategy/SaStrategy.java b/sa-token-core/src/main/java/cn/dev33/satoken/strategy/SaStrategy.java
index df89ae7e..3e12c8dd 100644
--- a/sa-token-core/src/main/java/cn/dev33/satoken/strategy/SaStrategy.java
+++ b/sa-token-core/src/main/java/cn/dev33/satoken/strategy/SaStrategy.java
@@ -16,19 +16,14 @@
 package cn.dev33.satoken.strategy;
 
 import cn.dev33.satoken.SaManager;
-import cn.dev33.satoken.annotation.*;
 import cn.dev33.satoken.exception.RequestPathInvalidException;
 import cn.dev33.satoken.exception.SaTokenException;
 import cn.dev33.satoken.fun.strategy.*;
-import cn.dev33.satoken.httpauth.basic.SaHttpBasicUtil;
-import cn.dev33.satoken.httpauth.digest.SaHttpDigestUtil;
 import cn.dev33.satoken.session.SaSession;
 import cn.dev33.satoken.stp.StpLogic;
 import cn.dev33.satoken.util.SaFoxUtil;
 import cn.dev33.satoken.util.SaTokenConsts;
 
-import java.util.ArrayList;
-import java.util.List;
 import java.util.UUID;
 
 /**
@@ -133,185 +128,6 @@ public final class SaStrategy {
 		return false;
 	};
 
-	/**
-	 * 对一个 [Method] 对象进行注解校验 （注解鉴权内部实现）
-	 */
-	public SaCheckMethodAnnotationFunction checkMethodAnnotation = (method) -> {
-
-		// 先校验 Method 所属 Class 上的注解
-		instance.checkElementAnnotation.accept(method.getDeclaringClass());
-
-		// 再校验 Method 上的注解
-		instance.checkElementAnnotation.accept(method);
-	};
-
-	/**
-	 * 对一个 [元素] 对象进行注解校验 （注解鉴权内部实现）
-	 */
-	public SaCheckElementAnnotationFunction checkElementAnnotation = (element) -> {
-
-		// 校验 @SaCheckLogin 注解
-		SaCheckLogin checkLogin = (SaCheckLogin) SaStrategy.instance.getAnnotation.apply(element, SaCheckLogin.class);
-		if(checkLogin != null) {
-			SaManager.getStpLogic(checkLogin.type(), false).checkByAnnotation(checkLogin);
-		}
-
-		// 校验 @SaCheckRole 注解
-		SaCheckRole checkRole = (SaCheckRole) SaStrategy.instance.getAnnotation.apply(element, SaCheckRole.class);
-		if(checkRole != null) {
-			SaManager.getStpLogic(checkRole.type(), false).checkByAnnotation(checkRole);
-		}
-
-		// 校验 @SaCheckPermission 注解
-		SaCheckPermission checkPermission = (SaCheckPermission) SaStrategy.instance.getAnnotation.apply(element, SaCheckPermission.class);
-		if(checkPermission != null) {
-			SaManager.getStpLogic(checkPermission.type(), false).checkByAnnotation(checkPermission);
-		}
-
-		// 校验 @SaCheckSafe 注解
-		SaCheckSafe checkSafe = (SaCheckSafe) SaStrategy.instance.getAnnotation.apply(element, SaCheckSafe.class);
-		if(checkSafe != null) {
-			SaManager.getStpLogic(checkSafe.type(), false).checkByAnnotation(checkSafe);
-		}
-
-		// 校验 @SaCheckDisable 注解
-		SaCheckDisable checkDisable = (SaCheckDisable) SaStrategy.instance.getAnnotation.apply(element, SaCheckDisable.class);
-		if(checkDisable != null) {
-			SaManager.getStpLogic(checkDisable.type(), false).checkByAnnotation(checkDisable);
-		}
-
-		// 校验 @SaCheckHttpBasic 注解
-		SaCheckHttpBasic checkHttpBasic = (SaCheckHttpBasic) SaStrategy.instance.getAnnotation.apply(element, SaCheckHttpBasic.class);
-		if(checkHttpBasic != null) {
-			SaHttpBasicUtil.check(checkHttpBasic.realm(), checkHttpBasic.account());
-		}
-
-		// 校验 @SaCheckHttpDigest 注解
-		SaCheckHttpDigest checkHttpDigest = (SaCheckHttpDigest) SaStrategy.instance.getAnnotation.apply(element, SaCheckHttpDigest.class);
-		if(checkHttpDigest != null) {
-			SaHttpDigestUtil.checkByAnnotation(checkHttpDigest);
-		}
-
-		// 校验 @SaCheckOr 注解
-		SaCheckOr checkOr = (SaCheckOr) SaStrategy.instance.getAnnotation.apply(element, SaCheckOr.class);
-		if(checkOr != null) {
-			SaStrategy.instance.checkOrAnnotation.accept(checkOr);
-		}
-	};
-
-	/**
-	 * 对一个 @SaCheckOr 进行注解校验
-	 */
-	public SaCheckOrAnnotationFunction checkOrAnnotation = (at) -> {
-
-		// 记录校验过程中所有的异常
-		List<SaTokenException> errorList = new ArrayList<>();
-
-		// 逐个开始校验 >>>
-
-		// 1、校验注解：@SaCheckLogin
-		SaCheckLogin[] checkLoginArray = at.login();
-		for (SaCheckLogin item : checkLoginArray) {
-			try {
-				SaManager.getStpLogic(item.type(), false).checkByAnnotation(item);
-				return;
-			} catch (SaTokenException e) {
-				errorList.add(e);
-			}
-		}
-
-		// 2、校验注解：@SaCheckRole
-		SaCheckRole[] checkRoleArray = at.role();
-		for (SaCheckRole item : checkRoleArray) {
-			try {
-				SaManager.getStpLogic(item.type(), false).checkByAnnotation(item);
-				return;
-			} catch (SaTokenException e) {
-				errorList.add(e);
-			}
-		}
-
-		// 3、校验注解：@SaCheckPermission
-		SaCheckPermission[] checkPermissionArray = at.permission();
-		for (SaCheckPermission item : checkPermissionArray) {
-			try {
-				SaManager.getStpLogic(item.type(), false).checkByAnnotation(item);
-				return;
-			} catch (SaTokenException e) {
-				errorList.add(e);
-			}
-		}
-
-		// 4、校验注解：@SaCheckSafe
-		SaCheckSafe[] checkSafeArray = at.safe();
-		for (SaCheckSafe item : checkSafeArray) {
-			try {
-				SaManager.getStpLogic(item.type(), false).checkByAnnotation(item);
-				return;
-			} catch (SaTokenException e) {
-				errorList.add(e);
-			}
-		}
-
-		// 5、校验注解：@SaCheckDisable
-		SaCheckDisable[] checkDisableArray = at.disable();
-		for (SaCheckDisable item : checkDisableArray) {
-			try {
-				SaManager.getStpLogic(item.type(), false).checkByAnnotation(item);
-				return;
-			} catch (SaTokenException e) {
-				errorList.add(e);
-			}
-		}
-
-		// 6、校验注解：@SaCheckBasic
-		SaCheckHttpBasic[] checkHttpBasicArray = at.httpBasic();
-		for (SaCheckHttpBasic item : checkHttpBasicArray) {
-			try {
-				SaHttpBasicUtil.check(item.realm(), item.account());
-				return;
-			} catch (SaTokenException e) {
-				errorList.add(e);
-			}
-		}
-
-		// 7、校验注解：@SaCheckDigest
-		SaCheckHttpDigest[] checkHttpDigestArray = at.httpDigest();
-		for (SaCheckHttpDigest item : checkHttpDigestArray) {
-			try {
-				SaHttpDigestUtil.checkByAnnotation(item);
-				return;
-			} catch (SaTokenException e) {
-				errorList.add(e);
-			}
-		}
-
-		// 如果执行到这里，有两种可能：
-		//		可能 1. SaCheckOr 注解上不包含任何注解校验，此时 errorList 里面一个异常都没有，我们直接跳过即可
-		//		可能 2. 所有注解校验都通过不了，此时 errorList 里面会有多个异常，我们随便抛出一个即可
-		if(errorList.size() == 0) {
-			// return;
-		} else {
-			throw errorList.get(0);
-		}
-	};
-
-	/**
-	 * 从元素上获取注解
-	 */
-	public SaGetAnnotationFunction getAnnotation = (element, annotationClass)->{
-		// 默认使用jdk的注解处理器
-		return element.getAnnotation(annotationClass);
-	};
-
-	/**
-	 * 判断一个 Method 或其所属 Class 是否包含指定注解
-	 */
-	public SaIsAnnotationPresentFunction isAnnotationPresent = (method, annotationClass) -> {
-		return instance.getAnnotation.apply(method, annotationClass) != null ||
-				instance.getAnnotation.apply(method.getDeclaringClass(), annotationClass) != null;
-	};
-
 	/**
 	 * 生成唯一式 token 的算法
 	 */
@@ -427,62 +243,6 @@ public final class SaStrategy {
 		return this;
 	}
 
-	/**
-	 * 对一个 [Method] 对象进行注解校验 （注解鉴权内部实现）
-	 *
-	 * @param checkMethodAnnotation /
-	 * @return /
-	 */
-	public SaStrategy setCheckMethodAnnotation(SaCheckMethodAnnotationFunction checkMethodAnnotation) {
-		this.checkMethodAnnotation = checkMethodAnnotation;
-		return this;
-	}
-
-	/**
-	 * 对一个 [元素] 对象进行注解校验 （注解鉴权内部实现）
-	 *
-	 * @param checkElementAnnotation /
-	 * @return /
-	 */
-	public SaStrategy setCheckElementAnnotation(SaCheckElementAnnotationFunction checkElementAnnotation) {
-		this.checkElementAnnotation = checkElementAnnotation;
-		return this;
-	}
-
-	/**
-	 * 对一个 @SaCheckOr 进行注解校验
-	 * <p> 参数 [SaCheckOr 注解的实例]
-	 *
-	 * @param checkOrAnnotation /
-	 * @return /
-	 */
-	public SaStrategy setCheckOrAnnotation(SaCheckOrAnnotationFunction checkOrAnnotation) {
-		this.checkOrAnnotation = checkOrAnnotation;
-		return this;
-	}
-
-	/**
-	 * 从元素上获取注解
-	 *
-	 * @param getAnnotation /
-	 * @return /
-	 */
-	public SaStrategy setGetAnnotation(SaGetAnnotationFunction getAnnotation) {
-		this.getAnnotation = getAnnotation;
-		return this;
-	}
-
-	/**
-	 * 判断一个 Method 或其所属 Class 是否包含指定注解
-	 *
-	 * @param isAnnotationPresent /
-	 * @return /
-	 */
-	public SaStrategy setIsAnnotationPresent(SaIsAnnotationPresentFunction isAnnotationPresent) {
-		this.isAnnotationPresent = isAnnotationPresent;
-		return this;
-	}
-
 	/**
 	 * 生成唯一式 token 的算法
 	 *
diff --git a/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/SaTokenCaseApplication.java b/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/SaTokenCaseApplication.java
index 025814fc..9f7d5050 100644
--- a/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/SaTokenCaseApplication.java
+++ b/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/SaTokenCaseApplication.java
@@ -1,10 +1,9 @@
 package com.pj;
 
+import cn.dev33.satoken.SaManager;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 
-import cn.dev33.satoken.SaManager;
-
 /**
  * Sa-Token 示例 
  * @author click33
diff --git a/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/cases/test/TestController.java b/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/cases/test/TestController.java
index 16204f3a..da5aa8eb 100644
--- a/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/cases/test/TestController.java
+++ b/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/cases/test/TestController.java
@@ -1,10 +1,9 @@
 package com.pj.cases.test;
 
+import cn.dev33.satoken.util.SaResult;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import cn.dev33.satoken.util.SaResult;
-
 /**
  * 测试专用 Controller 
  * @author click33
@@ -17,14 +16,14 @@ public class TestController {
 	// 测试   浏览器访问： http://localhost:8081/test/test
 	@RequestMapping("test")
 	public SaResult test() {
-		System.out.println("------------进来了"); 
+		System.out.println("------------进来了");
 		return SaResult.ok(); 
 	}
 	
 	// 测试   浏览器访问： http://localhost:8081/test/test2
 	@RequestMapping("test2")
 	public SaResult test2() {
-		System.out.println("------------进来了"); 
+		System.out.println("------------进来了");
 		return SaResult.ok();
 	}
 
diff --git a/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/current/GlobalException.java b/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/current/GlobalException.java
index fd1f2697..593da152 100644
--- a/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/current/GlobalException.java
+++ b/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/current/GlobalException.java
@@ -4,7 +4,7 @@ import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 
 import cn.dev33.satoken.exception.DisableServiceException;
-import cn.dev33.satoken.exception.NotBasicAuthException;
+import cn.dev33.satoken.exception.NotHttpBasicAuthException;
 import cn.dev33.satoken.exception.NotLoginException;
 import cn.dev33.satoken.exception.NotPermissionException;
 import cn.dev33.satoken.exception.NotRoleException;
@@ -57,8 +57,8 @@ public class GlobalException {
 	}
 
 	// 拦截：Http Basic 校验失败异常 
-	@ExceptionHandler(NotBasicAuthException.class)
-	public SaResult handlerException(NotBasicAuthException e) {
+	@ExceptionHandler(NotHttpBasicAuthException.class)
+	public SaResult handlerException(NotHttpBasicAuthException e) {
 		e.printStackTrace(); 
 		return SaResult.error(e.getMessage());
 	}
diff --git a/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/SaTokenConfigure.java b/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/SaTokenConfigure.java
index 95940185..643a14b7 100644
--- a/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/SaTokenConfigure.java
+++ b/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/SaTokenConfigure.java
@@ -5,6 +5,7 @@ import cn.dev33.satoken.filter.SaServletFilter;
 import cn.dev33.satoken.interceptor.SaInterceptor;
 import cn.dev33.satoken.router.SaRouter;
 import cn.dev33.satoken.stp.StpUtil;
+import cn.dev33.satoken.strategy.SaAnnotationStrategy;
 import cn.dev33.satoken.strategy.SaStrategy;
 import cn.dev33.satoken.util.SaResult;
 import org.springframework.context.annotation.Bean;
@@ -117,9 +118,9 @@ public class SaTokenConfigure implements WebMvcConfigurer {
     @PostConstruct
     public void rewriteSaStrategy() {
     	// 重写Sa-Token的注解处理器，增加注解合并功能 
-    	SaStrategy.instance.getAnnotation = (element, annotationClass) -> {
-    		return AnnotatedElementUtils.getMergedAnnotation(element, annotationClass);
-    	};
+//    	SaAnnotationStrategy.instance.getAnnotation = (element, annotationClass) -> {
+//    		return AnnotatedElementUtils.getMergedAnnotation(element, annotationClass);
+//    	};
     }
     
 }
diff --git a/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/at/SaUserCheckLogin.java b/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/custom_annotation/SaUserCheckLogin.java
similarity index 71%
rename from sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/at/SaUserCheckLogin.java
rename to sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/custom_annotation/SaUserCheckLogin.java
index 5c623667..9495168b 100644
--- a/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/at/SaUserCheckLogin.java
+++ b/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/custom_annotation/SaUserCheckLogin.java
@@ -1,20 +1,16 @@
-package com.pj.satoken.at;
+package com.pj.satoken.custom_annotation;
 
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
-import cn.dev33.satoken.annotation.SaCheckLogin;
-import com.pj.satoken.StpUserUtil;
-
 /**
  * 登录认证(User版)：只有登录之后才能进入该方法 
- * <p> 可标注在函数、类上（效果等同于标注在此类的所有方法上） 
- * @author click33
+ * <p> 可标注在函数、类上（效果等同于标注在此类的所有方法上）
  *
+ * @author click33
  */
-@SaCheckLogin(type = StpUserUtil.TYPE)
 @Retention(RetentionPolicy.RUNTIME)
 @Target({ ElementType.METHOD, ElementType.TYPE})
 public @interface SaUserCheckLogin {
diff --git a/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/at/SaUserCheckPermission.java b/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/custom_annotation/SaUserCheckPermission.java
similarity index 54%
rename from sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/at/SaUserCheckPermission.java
rename to sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/custom_annotation/SaUserCheckPermission.java
index 22938622..eb980411 100644
--- a/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/at/SaUserCheckPermission.java
+++ b/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/custom_annotation/SaUserCheckPermission.java
@@ -1,23 +1,19 @@
-package com.pj.satoken.at;
+package com.pj.satoken.custom_annotation;
+
+import cn.dev33.satoken.annotation.SaMode;
 
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
-import com.pj.satoken.StpUserUtil;
-import org.springframework.core.annotation.AliasFor;
-
-import cn.dev33.satoken.annotation.SaCheckPermission;
-import cn.dev33.satoken.annotation.SaMode;
-
 /**
  * 权限认证(User版)：必须具有指定权限才能进入该方法 
- * <p> 可标注在函数、类上（效果等同于标注在此类的所有方法上） 
+ * <p> 可标注在函数、类上（效果等同于标注在此类的所有方法上）
+ *
  * @author click33
  *
  */
-@SaCheckPermission(type = StpUserUtil.TYPE)
 @Retention(RetentionPolicy.RUNTIME)
 @Target({ ElementType.METHOD, ElementType.TYPE})
 public @interface SaUserCheckPermission {
@@ -26,14 +22,29 @@ public @interface SaUserCheckPermission {
 	 * 需要校验的权限码
 	 * @return 需要校验的权限码
 	 */
-	@AliasFor(annotation = SaCheckPermission.class)
 	String [] value() default {};
 
 	/**
 	 * 验证模式：AND | OR，默认AND
 	 * @return 验证模式
 	 */
-	@AliasFor(annotation = SaCheckPermission.class)
 	SaMode mode() default SaMode.AND;
-	
+
+	/**
+	 * 在权限校验不通过时的次要选择，两者只要其一校验成功即可通过校验
+	 *
+	 * <p>
+	 * 	例1：@SaCheckPermission(value="user-add", orRole="admin")，
+	 * 	代表本次请求只要具有 user-add权限 或 admin角色 其一即可通过校验。
+	 * </p>
+	 *
+	 * <p>
+	 * 	例2： orRole = {"admin", "manager", "staff"}，具有三个角色其一即可。 <br>
+	 * 	例3： orRole = {"admin, manager, staff"}，必须三个角色同时具备。
+	 * </p>
+	 *
+	 * @return /
+	 */
+	String[] orRole() default {};
+
 }
diff --git a/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/at/SaUserCheckRole.java b/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/custom_annotation/SaUserCheckRole.java
similarity index 72%
rename from sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/at/SaUserCheckRole.java
rename to sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/custom_annotation/SaUserCheckRole.java
index 66e1f6d0..c3e06bac 100644
--- a/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/at/SaUserCheckRole.java
+++ b/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/custom_annotation/SaUserCheckRole.java
@@ -1,23 +1,18 @@
-package com.pj.satoken.at;
+package com.pj.satoken.custom_annotation;
+
+import cn.dev33.satoken.annotation.SaMode;
 
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
-import com.pj.satoken.StpUserUtil;
-import org.springframework.core.annotation.AliasFor;
-
-import cn.dev33.satoken.annotation.SaCheckRole;
-import cn.dev33.satoken.annotation.SaMode;
-
 /**
  * 角色认证(User版)：必须具有指定角色标识才能进入该方法 
  * <p> 可标注在函数、类上（效果等同于标注在此类的所有方法上） 
  * @author click33
  *
  */
-@SaCheckRole(type = StpUserUtil.TYPE)
 @Retention(RetentionPolicy.RUNTIME)
 @Target({ ElementType.METHOD, ElementType.TYPE})
 public @interface SaUserCheckRole {
@@ -26,14 +21,12 @@ public @interface SaUserCheckRole {
 	 * 需要校验的角色标识
 	 * @return 需要校验的角色标识
 	 */
-	@AliasFor(annotation = SaCheckRole.class)
 	String [] value() default {};
 
 	/**
 	 * 验证模式：AND | OR，默认AND
 	 * @return 验证模式
 	 */
-	@AliasFor(annotation = SaCheckRole.class)
 	SaMode mode() default SaMode.AND;
 	
 }
diff --git a/sa-token-doc/_sidebar.md b/sa-token-doc/_sidebar.md
index 33726fd6..33e2f4aa 100644
--- a/sa-token-doc/_sidebar.md
+++ b/sa-token-doc/_sidebar.md
@@ -108,6 +108,7 @@
 	- [TokenInfo参数详解](/fun/token-info)
 	- [异常细分状态码](/fun/exception-code)
 	- [数据结构](/fun/data-structure)
+	- [自定义注解](/fun/custom-annotations)
 	- [参考：把权限放在缓存里](/fun/jur-cache)
 	- [参考：把路由拦截鉴权动态化](/fun/dynamic-router-check)
 	- [解决反向代理 uri 丢失的问题](/fun/curr-domain)
diff --git a/sa-token-doc/up/many-account.md b/sa-token-doc/up/many-account.md
index 6879e15f..f3271716 100644
--- a/sa-token-doc/up/many-account.md
+++ b/sa-token-doc/up/many-account.md
@@ -184,8 +184,11 @@ public String info() {
 }
 ```
 
-注：其它注解 `@SaCheckRole("xxx")`、`@SaCheckPermission("xxx")`同理，
-完整示例参考：[码云：自定义注解](https://gitee.com/dromara/sa-token/tree/dev/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/at)。
+注：其它注解 `@SaCheckRole("xxx")`、`@SaCheckPermission("xxx")`同理， 完整示例参考 Gitee 代码：
+[注解合并](https://gitee.com/dromara/sa-token/tree/master/sa-token-demo/sa-token-demo-case/src/main/java/com/pj/satoken/merge_annotation)。
+
+> [!TIP| label:自定义注解方案] 
+> 除了注解合并方案，这里还有一份自定义注解方案，参考：[自定义注解](/fun/custom-annotations)
 
 
 
diff --git a/sa-token-doc/use/at-check.md b/sa-token-doc/use/at-check.md
index 0f921043..745e62fd 100644
--- a/sa-token-doc/use/at-check.md
+++ b/sa-token-doc/use/at-check.md
@@ -213,10 +213,16 @@ public SaResult test() {
 
 
 
-### 7、在业务逻辑层使用注解鉴权
-疑问：我能否将注解写在其它架构层呢，比如业务逻辑层？
+### 7、扩展阅读
 
-使用拦截器模式，只能在`Controller层`进行注解鉴权，如需在任意层级使用注解鉴权，请参考：[AOP注解鉴权](/plugin/aop-at)
+- 在业务逻辑层使用鉴权注解：[AOP注解鉴权](/plugin/aop-at)
+
+- 制作自定义鉴权注解注入到框架：[自定义注解](/fun/custom-annotations)
+
+
+<!-- 疑问：我能否将注解写在其它架构层呢，比如业务逻辑层？
+
+使用拦截器模式，只能在`Controller层`进行注解鉴权，如需在任意层级使用注解鉴权，请参考：[AOP注解鉴权](/plugin/aop-at) -->
 
 
 ---
diff --git a/sa-token-starter/sa-token-spring-boot-autoconfig/src/main/java/cn/dev33/satoken/spring/SaBeanInject.java b/sa-token-starter/sa-token-spring-boot-autoconfig/src/main/java/cn/dev33/satoken/spring/SaBeanInject.java
index 308d6b25..69d4777e 100644
--- a/sa-token-starter/sa-token-spring-boot-autoconfig/src/main/java/cn/dev33/satoken/spring/SaBeanInject.java
+++ b/sa-token-starter/sa-token-spring-boot-autoconfig/src/main/java/cn/dev33/satoken/spring/SaBeanInject.java
@@ -16,6 +16,7 @@
 package cn.dev33.satoken.spring;
 
 import cn.dev33.satoken.SaManager;
+import cn.dev33.satoken.annotation.handler.SaAnnotationAbstractHandler;
 import cn.dev33.satoken.config.SaTokenConfig;
 import cn.dev33.satoken.context.SaTokenContext;
 import cn.dev33.satoken.context.second.SaTokenSecondContextCreator;
@@ -34,6 +35,7 @@ import cn.dev33.satoken.spring.pathmatch.SaPathMatcherHolder;
 import cn.dev33.satoken.stp.StpInterface;
 import cn.dev33.satoken.stp.StpLogic;
 import cn.dev33.satoken.stp.StpUtil;
+import cn.dev33.satoken.strategy.SaAnnotationStrategy;
 import cn.dev33.satoken.temp.SaTempInterface;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
@@ -118,6 +120,18 @@ public class SaBeanInject {
 		SaTokenEventCenter.registerListenerList(listenerList);
 	}
 
+	/**
+	 * 注入自定义注解处理器
+	 *
+	 * @param handlerList 自定义注解处理器集合
+	 */
+	@Autowired(required = false)
+	public void setSaAnnotationHandler(List<SaAnnotationAbstractHandler<?>> handlerList) {
+		for (SaAnnotationAbstractHandler<?> handler : handlerList) {
+			SaAnnotationStrategy.instance.registerAnnotationHandler(handler);
+		}
+	}
+
 	/**
 	 * 注入临时令牌验证模块 Bean
 	 * 
@@ -149,12 +163,12 @@ public class SaBeanInject {
 	}
 
 	/**
-	 * 注入 Sa-Token Digest Basic 认证模块
+	 * 注入 Sa-Token Http Digest 认证模块
 	 *
 	 * @param saHttpDigestTemplate saHttpDigestTemplate 对象
 	 */
 	@Autowired(required = false)
-	public void setSaHttpBasicTemplate(SaHttpDigestTemplate saHttpDigestTemplate) {
+	public void setSaHttpDigestTemplate(SaHttpDigestTemplate saHttpDigestTemplate) {
 		SaHttpDigestUtil.saHttpDigestTemplate = saHttpDigestTemplate;
 	}
 
diff --git a/sa-token-starter/sa-token-spring-boot-starter/src/main/java/cn/dev33/satoken/interceptor/SaInterceptor.java b/sa-token-starter/sa-token-spring-boot-starter/src/main/java/cn/dev33/satoken/interceptor/SaInterceptor.java
index 78840ddd..5cf3bebd 100644
--- a/sa-token-starter/sa-token-spring-boot-starter/src/main/java/cn/dev33/satoken/interceptor/SaInterceptor.java
+++ b/sa-token-starter/sa-token-spring-boot-starter/src/main/java/cn/dev33/satoken/interceptor/SaInterceptor.java
@@ -15,11 +15,10 @@
  */
 package cn.dev33.satoken.interceptor;
 
-import cn.dev33.satoken.annotation.SaIgnore;
 import cn.dev33.satoken.exception.BackResultException;
 import cn.dev33.satoken.exception.StopMatchException;
 import cn.dev33.satoken.fun.SaParamFunction;
-import cn.dev33.satoken.strategy.SaStrategy;
+import cn.dev33.satoken.strategy.SaAnnotationStrategy;
 import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.HandlerInterceptor;
 
@@ -95,18 +94,8 @@ public class SaInterceptor implements HandlerInterceptor {
 
 			// 这里必须确保 handler 是 HandlerMethod 类型时，才能进行注解鉴权
 			if(isAnnotation && handler instanceof HandlerMethod) {
-				
-				// 获取此请求对应的 Method 处理函数 
 				Method method = ((HandlerMethod) handler).getMethod();
-
-				// 如果此 Method 或其所属 Class 标注了 @SaIgnore，则忽略掉鉴权
-				if(SaStrategy.instance.isAnnotationPresent.apply(method, SaIgnore.class)) {
-					// 注意这里直接就退出整个鉴权了，最底部的 auth.run() 路由拦截鉴权也被跳出了
-					return true;
-				}
-
-				// 执行注解鉴权
-				SaStrategy.instance.checkMethodAnnotation.accept(method);
+				SaAnnotationStrategy.instance.checkMethodAnnotation.accept(method);
 			}
 			
 			// Auth 路由拦截鉴权校验
diff --git a/sa-token-test/sa-token-springboot-test/src/test/java/cn/dev33/satoken/integrate/configure/HandlerException.java b/sa-token-test/sa-token-springboot-test/src/test/java/cn/dev33/satoken/integrate/configure/HandlerException.java
index a5811e8c..946303ac 100644
--- a/sa-token-test/sa-token-springboot-test/src/test/java/cn/dev33/satoken/integrate/configure/HandlerException.java
+++ b/sa-token-test/sa-token-springboot-test/src/test/java/cn/dev33/satoken/integrate/configure/HandlerException.java
@@ -19,7 +19,7 @@ import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 
 import cn.dev33.satoken.exception.DisableServiceException;
-import cn.dev33.satoken.exception.NotBasicAuthException;
+import cn.dev33.satoken.exception.NotHttpBasicAuthException;
 import cn.dev33.satoken.exception.NotLoginException;
 import cn.dev33.satoken.exception.NotPermissionException;
 import cn.dev33.satoken.exception.NotRoleException;
@@ -66,8 +66,8 @@ public class HandlerException {
 	}
 
 	// Http Basic 校验失败，code=903
-	@ExceptionHandler(NotBasicAuthException.class)
-	public SaResult handlerNotBasicAuthException(NotBasicAuthException e) {
+	@ExceptionHandler(NotHttpBasicAuthException.class)
+	public SaResult handlerNotBasicAuthException(NotHttpBasicAuthException e) {
 		return SaResult.error().setCode(903);
 	}