兰宝车间质量管理系统
blame | 历史 | 补丁 | 提交 | 提交对比 | 忽略空白
baoshiwei
2025-03-12 f1208474f771a1c233d7425c8ed13fbaa0d521ac 
 ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfig.java


@@ -1,11 +1,17 @@


package org.dromara.common.security.config;




import cn.dev33.satoken.exception.NotLoginException;


import cn.dev33.satoken.filter.SaServletFilter;


import cn.dev33.satoken.httpauth.basic.SaHttpBasicUtil;


import cn.dev33.satoken.interceptor.SaInterceptor;


import cn.dev33.satoken.router.SaRouter;


import cn.dev33.satoken.stp.StpUtil;


import cn.dev33.satoken.util.SaResult;


import jakarta.servlet.http.HttpServletRequest;


import lombok.RequiredArgsConstructor;


import lombok.extern.slf4j.Slf4j;


import org.dromara.common.core.constant.HttpStatus;


import org.dromara.common.core.exception.SseException;


import org.dromara.common.core.utils.ServletUtils;


import org.dromara.common.core.utils.SpringUtils;


import org.dromara.common.core.utils.StringUtils;


@@ -14,6 +20,7 @@


import org.dromara.common.security.handler.AllUrlHandler;


import org.springframework.boot.autoconfigure.AutoConfiguration;


import org.springframework.boot.context.properties.EnableConfigurationProperties;


import org.springframework.context.annotation.Bean;


import org.springframework.web.servlet.config.annotation.InterceptorRegistry;


import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;




@@ -45,11 +52,20 @@


                    .match(allUrlHandler.getUrls())


                    // 对未排除的路径进行检查


                    .check(() -> {


                        HttpServletRequest request = ServletUtils.getRequest();


                        // 检查是否登录 是否有token


                        StpUtil.checkLogin();


                        try {


                            StpUtil.checkLogin();


                        } catch (NotLoginException e) {


                            if (request.getRequestURI().contains("sse")) {


                                throw new SseException(e.getMessage(), e.getCode());


                            } else {


                                throw e;


                            }


                        }




                        // 检查 header 与 param 里的 clientid 与 token 里的是否一致


                        String headerCid = ServletUtils.getRequest().getHeader(LoginHelper.CLIENT_KEY);


                        String headerCid = request.getHeader(LoginHelper.CLIENT_KEY);


                        String paramCid = ServletUtils.getParameter(LoginHelper.CLIENT_KEY);


                        String clientId = StpUtil.getExtra(LoginHelper.CLIENT_KEY).toString();


                        if (!StringUtils.equalsAny(clientId, headerCid, paramCid)) {


@@ -71,4 +87,19 @@


            .excludePathPatterns(securityProperties.getExcludes());


    }




    /**


     * 对 actuator 健康检查接口 做账号密码鉴权


     */


    @Bean


    public SaServletFilter getSaServletFilter() {


        String username = SpringUtils.getProperty("spring.boot.admin.client.username");


        String password = SpringUtils.getProperty("spring.boot.admin.client.password");


        return new SaServletFilter()


            .addInclude("/actuator", "/actuator/**")


            .setAuth(obj -> {


                SaHttpBasicUtil.check(username + ":" + password);


            })


            .setError(e -> SaResult.error(e.getMessage()).setCode(HttpStatus.UNAUTHORIZED));


    }




}