From c8d94da4fb66daff6fd5c19635c9f545af2e3ceb Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期六, 17 六月 2023 22:38:06 +0800
Subject: [PATCH] fix 修复 用户篡改管理员角色标识符越权问题
---
ruoyi-common/ruoyi-common-ratelimiter/src/main/java/org/dromara/common/ratelimiter/aspectj/RateLimiterAspect.java | 10 +++++++++-
1 files changed, 9 insertions(+), 1 deletions(-)
diff --git a/ruoyi-common/ruoyi-common-ratelimiter/src/main/java/org/dromara/common/ratelimiter/aspectj/RateLimiterAspect.java b/ruoyi-common/ruoyi-common-ratelimiter/src/main/java/org/dromara/common/ratelimiter/aspectj/RateLimiterAspect.java
index 75b32f1..8f3a5ca 100644
--- a/ruoyi-common/ruoyi-common-ratelimiter/src/main/java/org/dromara/common/ratelimiter/aspectj/RateLimiterAspect.java
+++ b/ruoyi-common/ruoyi-common-ratelimiter/src/main/java/org/dromara/common/ratelimiter/aspectj/RateLimiterAspect.java
@@ -18,6 +18,7 @@
import org.springframework.core.DefaultParameterNameDiscoverer;
import org.springframework.core.ParameterNameDiscoverer;
import org.springframework.expression.EvaluationContext;
+import org.springframework.expression.Expression;
import org.springframework.expression.ExpressionParser;
import org.springframework.expression.ParserContext;
import org.springframework.expression.common.TemplateParserContext;
@@ -100,7 +101,14 @@
}
// 瑙f瀽杩斿洖缁檏ey
try {
- key = parser.parseExpression(key, parserContext).getValue(context, String.class) + ":";
+ Expression expression;
+ if (StringUtils.startsWith(key, parserContext.getExpressionPrefix())
+ && StringUtils.endsWith(key, parserContext.getExpressionSuffix())) {
+ expression = parser.parseExpression(key, parserContext);
+ } else {
+ expression = parser.parseExpression(key);
+ }
+ key = expression.getValue(context, String.class) + ":";
} catch (Exception e) {
throw new ServiceException("闄愭祦key瑙f瀽寮傚父!璇疯仈绯荤鐞嗗憳!");
}
--
Gitblit v1.9.3