mirror of
https://gitee.com/dromara/sa-token.git
synced 2025-09-20 02:29:27 +08:00
多账号体系下就不能再一个stpLogic里面鉴别所有权限了
抽离最小鉴定单位并在外部统一鉴权
This commit is contained in:
hjc
@@ -27,4 +27,12 @@ public @interface SaCheckPermission {
|
||||
*/
|
||||
SaMode mode() default SaMode.AND;
|
||||
|
||||
/**
|
||||
* 多账号下哪些需要校验
|
||||
* 每个StpUtil都有一个stpLogic属性
|
||||
* 初始化StpLogic时,指定的LoginKey字符串放入这里
|
||||
* 可以放多个,所以类型为数组
|
||||
* @return LoginKey字符串数组
|
||||
*/
|
||||
String [] loginKeys() default {};
|
||||
}
|
||||
|
||||
@@ -27,4 +27,13 @@ public @interface SaCheckRole {
|
||||
*/
|
||||
SaMode mode() default SaMode.AND;
|
||||
|
||||
/**
|
||||
* 多账号下哪些需要校验
|
||||
* 每个StpUtil都有一个stpLogic属性
|
||||
* 初始化StpLogic时,指定的LoginKey字符串放入这里
|
||||
* 可以放多个,所以类型为数组
|
||||
* @return LoginKey字符串数组
|
||||
*/
|
||||
String [] loginKeys() default {};
|
||||
|
||||
}
|
||||
|
||||
@@ -1219,63 +1219,30 @@ public class StpLogic {
|
||||
// =================== 其它方法 ===================
|
||||
|
||||
/**
|
||||
* 对一个Method对象进行注解检查(注解鉴权内部实现)
|
||||
* @param method Method对象
|
||||
* 检查当前登录体系是否拥有给定角色
|
||||
* @param roleArray 角色字符串数组
|
||||
* @param saMode SaMode.AND, SaMode.OR
|
||||
*/
|
||||
public void checkMethodAnnotation(Method method) {
|
||||
|
||||
// ----------- 验证登录
|
||||
if(method.isAnnotationPresent(SaCheckLogin.class) || method.getDeclaringClass().isAnnotationPresent(SaCheckLogin.class)) {
|
||||
this.checkLogin();
|
||||
}
|
||||
|
||||
// ----------- 验证角色
|
||||
// 验证方法上的
|
||||
SaCheckRole scr = method.getAnnotation(SaCheckRole.class);
|
||||
if(scr != null) {
|
||||
String[] roleArray = scr.value();
|
||||
if(scr.mode() == SaMode.AND) {
|
||||
this.checkRoleAnd(roleArray);
|
||||
} else {
|
||||
this.checkRoleOr(roleArray);
|
||||
}
|
||||
}
|
||||
// 验证类上的
|
||||
scr = method.getDeclaringClass().getAnnotation(SaCheckRole.class);
|
||||
if(scr != null) {
|
||||
String[] roleArray = scr.value();
|
||||
if(scr.mode() == SaMode.AND) {
|
||||
public void checkHasRoles(String[] roleArray, SaMode saMode) {
|
||||
if(saMode == SaMode.AND) {
|
||||
this.checkRoleAnd(roleArray);
|
||||
} else {
|
||||
this.checkRoleOr(roleArray);
|
||||
}
|
||||
}
|
||||
|
||||
// ----------- 验证权限
|
||||
// 验证方法上的
|
||||
SaCheckPermission scp = method.getAnnotation(SaCheckPermission.class);
|
||||
if(scp != null) {
|
||||
String[] permissionArray = scp.value();
|
||||
if(scp.mode() == SaMode.AND) {
|
||||
/**
|
||||
* 检查当前登录体系是否拥有给定权限
|
||||
* @param permissionArray 权限字符串数组
|
||||
* @param saMode SaMode.AND, SaMode.OR
|
||||
*/
|
||||
public void checkHasPermissions(String[] permissionArray, SaMode saMode) {
|
||||
if(saMode == SaMode.AND) {
|
||||
this.checkPermissionAnd(permissionArray);
|
||||
} else {
|
||||
this.checkPermissionOr(permissionArray);
|
||||
}
|
||||
}
|
||||
// 验证类上的
|
||||
scp = method.getDeclaringClass().getAnnotation(SaCheckPermission.class);
|
||||
if(scp != null) {
|
||||
String[] permissionArray = scp.value();
|
||||
if(scp.mode() == SaMode.AND) {
|
||||
this.checkPermissionAnd(permissionArray);
|
||||
} else {
|
||||
this.checkPermissionOr(permissionArray);
|
||||
}
|
||||
}
|
||||
|
||||
// 验证通过
|
||||
}
|
||||
|
||||
|
||||
// =================== 身份切换 ===================
|
||||
|
||||
|
||||
@@ -2,6 +2,9 @@ package cn.dev33.satoken.aop;
|
||||
|
||||
import cn.dev33.satoken.SaManager;
|
||||
import cn.dev33.satoken.annotation.SaCheckLogin;
|
||||
import cn.dev33.satoken.annotation.SaCheckPermission;
|
||||
import cn.dev33.satoken.annotation.SaCheckRole;
|
||||
import cn.dev33.satoken.exception.UnrecognizedLoginKeyException;
|
||||
import org.aspectj.lang.ProceedingJoinPoint;
|
||||
import org.aspectj.lang.annotation.Around;
|
||||
import org.aspectj.lang.annotation.Aspect;
|
||||
@@ -15,6 +18,7 @@ import cn.dev33.satoken.stp.StpUtil;
|
||||
import cn.dev33.satoken.util.SaTokenConsts;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* sa-token 基于 Spring Aop 的注解鉴权
|
||||
@@ -63,11 +67,11 @@ public class SaCheckAspect {
|
||||
@Around("pointcut()")
|
||||
public Object around(ProceedingJoinPoint joinPoint) throws Throwable {
|
||||
|
||||
|
||||
|
||||
// 注解鉴权
|
||||
MethodSignature signature = (MethodSignature) joinPoint.getSignature();
|
||||
Method method = signature.getMethod();
|
||||
Map<String, StpLogic> stpLogicMap = SaManager.stpLogicMap;
|
||||
|
||||
// ----------- 验证登录
|
||||
if(method.isAnnotationPresent(SaCheckLogin.class) || method.getDeclaringClass().isAnnotationPresent(SaCheckLogin.class)) {
|
||||
SaCheckLogin checkLogin = method.getAnnotation(SaCheckLogin.class);
|
||||
@@ -75,19 +79,92 @@ public class SaCheckAspect {
|
||||
getStpLogic().checkLogin();
|
||||
} else {
|
||||
for(String loginKey : checkLogin.loginKeys()) {
|
||||
if (SaManager.stpLogicMap.containsKey(loginKey)) {
|
||||
StpLogic stpLogic = SaManager.stpLogicMap.get(loginKey);
|
||||
if (stpLogicMap.containsKey(loginKey)) {
|
||||
StpLogic stpLogic = stpLogicMap.get(loginKey);
|
||||
stpLogic.checkLogin();
|
||||
} else {
|
||||
|
||||
throw new UnrecognizedLoginKeyException(loginKey);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// ----------- 验证角色
|
||||
// 验证方法上的
|
||||
SaCheckRole scr = method.getAnnotation(SaCheckRole.class);
|
||||
if(scr != null) {
|
||||
if (scr.loginKeys().length == 0) {
|
||||
String[] roleArray = scr.value();
|
||||
getStpLogic().checkHasRoles(roleArray, scr.mode());
|
||||
} else {
|
||||
for(String loginKey : scr.loginKeys()) {
|
||||
if (stpLogicMap.containsKey(loginKey)) {
|
||||
StpLogic stpLogic = stpLogicMap.get(loginKey);
|
||||
String[] roleArray = scr.value();
|
||||
stpLogic.checkHasRoles(roleArray, scr.mode());
|
||||
} else {
|
||||
throw new UnrecognizedLoginKeyException(loginKey);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// 验证类上的
|
||||
scr = method.getDeclaringClass().getAnnotation(SaCheckRole.class);
|
||||
if(scr != null) {
|
||||
if (scr.loginKeys().length == 0) {
|
||||
String[] roleArray = scr.value();
|
||||
getStpLogic().checkHasRoles(roleArray, scr.mode());
|
||||
} else {
|
||||
for(String loginKey : scr.loginKeys()) {
|
||||
if (stpLogicMap.containsKey(loginKey)) {
|
||||
StpLogic stpLogic = stpLogicMap.get(loginKey);
|
||||
String[] roleArray = scr.value();
|
||||
stpLogic.checkHasRoles(roleArray, scr.mode());
|
||||
} else {
|
||||
throw new UnrecognizedLoginKeyException(loginKey);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// ----------- 验证权限
|
||||
// 验证方法上的
|
||||
SaCheckPermission scp = method.getAnnotation(SaCheckPermission.class);
|
||||
if(scp != null) {
|
||||
if (scr.loginKeys().length == 0) {
|
||||
String[] permissionArray = scp.value();
|
||||
getStpLogic().checkHasPermissions(permissionArray, scp.mode());
|
||||
} else {
|
||||
for(String loginKey : scr.loginKeys()) {
|
||||
if (stpLogicMap.containsKey(loginKey)) {
|
||||
StpLogic stpLogic = stpLogicMap.get(loginKey);
|
||||
String[] permissionArray = scp.value();
|
||||
stpLogic.checkHasPermissions(permissionArray, scp.mode());
|
||||
} else {
|
||||
throw new UnrecognizedLoginKeyException(loginKey);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// 验证类上的
|
||||
scp = method.getDeclaringClass().getAnnotation(SaCheckPermission.class);
|
||||
if(scp != null) {
|
||||
if (scr.loginKeys().length == 0) {
|
||||
String[] permissionArray = scp.value();
|
||||
getStpLogic().checkHasPermissions(permissionArray, scp.mode());
|
||||
} else {
|
||||
for(String loginKey : scr.loginKeys()) {
|
||||
if (stpLogicMap.containsKey(loginKey)) {
|
||||
StpLogic stpLogic = stpLogicMap.get(loginKey);
|
||||
String[] permissionArray = scp.value();
|
||||
stpLogic.checkHasPermissions(permissionArray, scp.mode());
|
||||
} else {
|
||||
throw new UnrecognizedLoginKeyException(loginKey);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
getStpLogic().checkMethodAnnotation(signature.getMethod());
|
||||
try {
|
||||
// 执行原有逻辑
|
||||
Object obj = joinPoint.proceed();
|
||||
|
||||
@@ -1,10 +1,16 @@
|
||||
package cn.dev33.satoken.interceptor;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import cn.dev33.satoken.SaManager;
|
||||
import cn.dev33.satoken.annotation.SaCheckLogin;
|
||||
import cn.dev33.satoken.annotation.SaCheckPermission;
|
||||
import cn.dev33.satoken.annotation.SaCheckRole;
|
||||
import cn.dev33.satoken.exception.UnrecognizedLoginKeyException;
|
||||
import org.springframework.web.method.HandlerMethod;
|
||||
import org.springframework.web.servlet.HandlerInterceptor;
|
||||
|
||||
@@ -62,7 +68,100 @@ public class SaAnnotationInterceptor implements HandlerInterceptor {
|
||||
Method method = ((HandlerMethod) handler).getMethod();
|
||||
|
||||
// 进行验证
|
||||
getStpLogic().checkMethodAnnotation(method);
|
||||
Map<String, StpLogic> stpLogicMap = SaManager.stpLogicMap;
|
||||
|
||||
// ----------- 验证登录
|
||||
if(method.isAnnotationPresent(SaCheckLogin.class) || method.getDeclaringClass().isAnnotationPresent(SaCheckLogin.class)) {
|
||||
SaCheckLogin checkLogin = method.getAnnotation(SaCheckLogin.class);
|
||||
if(checkLogin.loginKeys().length == 0) {
|
||||
getStpLogic().checkLogin();
|
||||
} else {
|
||||
for(String loginKey : checkLogin.loginKeys()) {
|
||||
if (stpLogicMap.containsKey(loginKey)) {
|
||||
StpLogic stpLogic = stpLogicMap.get(loginKey);
|
||||
stpLogic.checkLogin();
|
||||
} else {
|
||||
throw new UnrecognizedLoginKeyException(loginKey);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// ----------- 验证角色
|
||||
// 验证方法上的
|
||||
SaCheckRole scr = method.getAnnotation(SaCheckRole.class);
|
||||
if(scr != null) {
|
||||
if (scr.loginKeys().length == 0) {
|
||||
String[] roleArray = scr.value();
|
||||
getStpLogic().checkHasRoles(roleArray, scr.mode());
|
||||
} else {
|
||||
for(String loginKey : scr.loginKeys()) {
|
||||
if (stpLogicMap.containsKey(loginKey)) {
|
||||
StpLogic stpLogic = stpLogicMap.get(loginKey);
|
||||
String[] roleArray = scr.value();
|
||||
stpLogic.checkHasRoles(roleArray, scr.mode());
|
||||
} else {
|
||||
throw new UnrecognizedLoginKeyException(loginKey);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// 验证类上的
|
||||
scr = method.getDeclaringClass().getAnnotation(SaCheckRole.class);
|
||||
if(scr != null) {
|
||||
if (scr.loginKeys().length == 0) {
|
||||
String[] roleArray = scr.value();
|
||||
getStpLogic().checkHasRoles(roleArray, scr.mode());
|
||||
} else {
|
||||
for(String loginKey : scr.loginKeys()) {
|
||||
if (stpLogicMap.containsKey(loginKey)) {
|
||||
StpLogic stpLogic = stpLogicMap.get(loginKey);
|
||||
String[] roleArray = scr.value();
|
||||
stpLogic.checkHasRoles(roleArray, scr.mode());
|
||||
} else {
|
||||
throw new UnrecognizedLoginKeyException(loginKey);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// ----------- 验证权限
|
||||
// 验证方法上的
|
||||
SaCheckPermission scp = method.getAnnotation(SaCheckPermission.class);
|
||||
if(scp != null) {
|
||||
if (scr.loginKeys().length == 0) {
|
||||
String[] permissionArray = scp.value();
|
||||
getStpLogic().checkHasPermissions(permissionArray, scp.mode());
|
||||
} else {
|
||||
for(String loginKey : scr.loginKeys()) {
|
||||
if (stpLogicMap.containsKey(loginKey)) {
|
||||
StpLogic stpLogic = stpLogicMap.get(loginKey);
|
||||
String[] permissionArray = scp.value();
|
||||
stpLogic.checkHasPermissions(permissionArray, scp.mode());
|
||||
} else {
|
||||
throw new UnrecognizedLoginKeyException(loginKey);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// 验证类上的
|
||||
scp = method.getDeclaringClass().getAnnotation(SaCheckPermission.class);
|
||||
if(scp != null) {
|
||||
if (scr.loginKeys().length == 0) {
|
||||
String[] permissionArray = scp.value();
|
||||
getStpLogic().checkHasPermissions(permissionArray, scp.mode());
|
||||
} else {
|
||||
for(String loginKey : scr.loginKeys()) {
|
||||
if (stpLogicMap.containsKey(loginKey)) {
|
||||
StpLogic stpLogic = stpLogicMap.get(loginKey);
|
||||
String[] permissionArray = scp.value();
|
||||
stpLogic.checkHasPermissions(permissionArray, scp.mode());
|
||||
} else {
|
||||
throw new UnrecognizedLoginKeyException(loginKey);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// 通过验证
|
||||
return true;
|
||||
|
||||
Reference in New Issue
Block a user