hhyykk/RuoYi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

新增Anonymous匿名访问不鉴权注解

Browse Source
This commit is contained in:
RuoYi 2024-04-15 13:49:50 +08:00
parent 55913e8707
commit f5805fd79e
3 changed files with 148 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
ruoyi-common/src/main/java/com/ruoyi/common/annotation/Anonymous.java Normal file
View File

@ -0,0 +1,19 @@
package com.ruoyi.common.annotation;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* 匿名访问不鉴权注解
*
* @author ruoyi
*/
@Target({ ElementType.METHOD, ElementType.TYPE })
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface Anonymous
{
}

7
ruoyi-framework/src/main/java/com/ruoyi/framework/config/ShiroConfig.java
View File

@ -17,6 +17,7 @@ import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager; import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie; import org.apache.shiro.web.servlet.SimpleCookie;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
@ -25,6 +26,7 @@ import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.security.CipherUtils; import com.ruoyi.common.utils.security.CipherUtils;
import com.ruoyi.common.utils.spring.SpringUtils; import com.ruoyi.common.utils.spring.SpringUtils;
import com.ruoyi.framework.config.properties.PermitAllUrlProperties;
import com.ruoyi.framework.shiro.realm.UserRealm; import com.ruoyi.framework.shiro.realm.UserRealm;
import com.ruoyi.framework.shiro.session.OnlineSessionDAO; import com.ruoyi.framework.shiro.session.OnlineSessionDAO;
import com.ruoyi.framework.shiro.session.OnlineSessionFactory; import com.ruoyi.framework.shiro.session.OnlineSessionFactory;
@ -130,6 +132,9 @@ public class ShiroConfig
@Value("${shiro.rememberMe.enabled: false}") @Value("${shiro.rememberMe.enabled: false}")
private boolean rememberMe; private boolean rememberMe;
@Autowired
private PermitAllUrlProperties permitAllUrl;
/** /**
* 缓存管理器 使用Ehcache实现 * 缓存管理器 使用Ehcache实现
*/ */
@ -288,6 +293,8 @@ public class ShiroConfig
filterChainDefinitionMap.put("/js/**", "anon"); filterChainDefinitionMap.put("/js/**", "anon");
filterChainDefinitionMap.put("/ruoyi/**", "anon"); filterChainDefinitionMap.put("/ruoyi/**", "anon");
filterChainDefinitionMap.put("/captcha/captchaImage**", "anon"); filterChainDefinitionMap.put("/captcha/captchaImage**", "anon");
// 匿名访问不鉴权注解列表
permitAllUrl.getUrls().forEach(url -> filterChainDefinitionMap.put(url, "anon"));
// 退出 logout地址shiro去清除session // 退出 logout地址shiro去清除session
filterChainDefinitionMap.put("/logout", "logout"); filterChainDefinitionMap.put("/logout", "logout");
// 不需要拦截的访问 // 不需要拦截的访问

122
ruoyi-framework/src/main/java/com/ruoyi/framework/config/properties/PermitAllUrlProperties.java Normal file
View File

@ -0,0 +1,122 @@
package com.ruoyi.framework.config.properties;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import org.springframework.aop.framework.Advised;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.context.annotation.Configuration;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import com.ruoyi.common.annotation.Anonymous;
/**
* 设置Anonymous注解允许匿名访问的url
*
* @author ruoyi
*/
@Configuration
public class PermitAllUrlProperties implements InitializingBean, ApplicationContextAware
{
private List<String> urls = new ArrayList<>();
private ApplicationContext applicationContext;
@Override
public void afterPropertiesSet() throws Exception
{
Map<String, Object> controllers = applicationContext.getBeansWithAnnotation(Controller.class);
for (Object bean : controllers.values())
{
if (!(bean instanceof Advised))
{
continue;
}
Class<?> beanClass = ((Advised) bean).getTargetSource().getTarget().getClass();
RequestMapping base = beanClass.getAnnotation(RequestMapping.class);
String[] baseUrl = {};
if (Objects.nonNull(base))
{
baseUrl = base.value();
}
Method[] methods = beanClass.getDeclaredMethods();
for (Method method : methods)
{
if (method.isAnnotationPresent(Anonymous.class) && method.isAnnotationPresent(RequestMapping.class))
{
RequestMapping requestMapping = method.getAnnotation(RequestMapping.class);
String[] uri = requestMapping.value();
urls.addAll(rebuildUrl(baseUrl, uri));
}
else if (method.isAnnotationPresent(Anonymous.class) && method.isAnnotationPresent(GetMapping.class))
{
GetMapping requestMapping = method.getAnnotation(GetMapping.class);
String[] uri = requestMapping.value();
urls.addAll(rebuildUrl(baseUrl, uri));
}
else if (method.isAnnotationPresent(Anonymous.class) && method.isAnnotationPresent(PostMapping.class))
{
PostMapping requestMapping = method.getAnnotation(PostMapping.class);
String[] uri = requestMapping.value();
urls.addAll(rebuildUrl(baseUrl, uri));
}
else if (method.isAnnotationPresent(Anonymous.class) && method.isAnnotationPresent(PutMapping.class))
{
PutMapping requestMapping = method.getAnnotation(PutMapping.class);
String[] uri = requestMapping.value();
urls.addAll(rebuildUrl(baseUrl, uri));
}
else if (method.isAnnotationPresent(Anonymous.class) && method.isAnnotationPresent(DeleteMapping.class))
{
DeleteMapping requestMapping = method.getAnnotation(DeleteMapping.class);
String[] uri = requestMapping.value();
urls.addAll(rebuildUrl(baseUrl, uri));
}
}
}
}
private List<String> rebuildUrl(String[] bases, String[] uris)
{
List<String> urls = new ArrayList<>();
for (String base : bases)
{
for (String uri : uris)
{
urls.add(prefix(base) + prefix(uri));
}
}
return urls;
}
private String prefix(String seg)
{
return seg.startsWith("/") ? seg : "/" + seg;
}
@Override
public void setApplicationContext(ApplicationContext context) throws BeansException
{
this.applicationContext = context;
}
public List<String> getUrls()
{
return urls;
}
public void setUrls(List<String> urls)
{
this.urls = urls;
}
}