Merge remote-tracking branch 'origin/master'

pom.xml

@@ -34,10 +34,12 @@
         <commons.fileupload.version>1.4</commons.fileupload.version>
         <velocity.version>1.7</velocity.version>
         <fastjson.version>1.2.78</fastjson.version>
+        <jjwt.version>0.9.1</jjwt.version>
         <minio.version>8.2.2</minio.version>
         <poi.version>4.1.2</poi.version>
         <common-pool.version>2.10.0</common-pool.version>
         <commons-collections.version>3.2.2</commons-collections.version>
+        <transmittable-thread-local.version>2.12.2</transmittable-thread-local.version>
     </properties>
 
     <!-- 依赖声明 -->
@@ -173,6 +175,20 @@
                 <version>${fastjson.version}</version>
             </dependency>
 
+            <!-- JWT -->
+            <dependency>
+                <groupId>io.jsonwebtoken</groupId>
+                <artifactId>jjwt</artifactId>
+                <version>${jjwt.version}</version>
+            </dependency>
+
+            <!-- 线程传递值 -->
+            <dependency>
+                <groupId>com.alibaba</groupId>
+                <artifactId>transmittable-thread-local</artifactId>
+                <version>${transmittable-thread-local.version}</version>
+            </dependency>
+
             <!-- 公共资源池 -->
             <dependency>
                 <groupId>org.apache.commons</groupId>

ruoyi-auth/src/main/java/com/ruoyi/auth/controller/TokenController.java

@@ -10,8 +10,11 @@ import com.ruoyi.auth.form.LoginBody;
 import com.ruoyi.auth.form.RegisterBody;
 import com.ruoyi.auth.service.SysLoginService;
 import com.ruoyi.common.core.domain.R;
+import com.ruoyi.common.core.utils.JwtUtils;
 import com.ruoyi.common.core.utils.StringUtils;
+import com.ruoyi.common.security.auth.AuthUtil;
 import com.ruoyi.common.security.service.TokenService;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.api.model.LoginUser;
 
 /**
@@ -40,12 +43,12 @@ public class TokenController
     @DeleteMapping("logout")
     public R<?> logout(HttpServletRequest request)
     {
-        LoginUser loginUser = tokenService.getLoginUser(request);
+        String token = SecurityUtils.getToken(request);
-        if (StringUtils.isNotNull(loginUser))
+        if (StringUtils.isNotEmpty(token))
         {
-            String username = loginUser.getUsername();
+            String username = JwtUtils.getUserName(token);
             // 删除用户缓存记录
-            tokenService.delLoginUser(loginUser.getToken());
+            AuthUtil.logoutByToken(token);
             // 记录用户退出日志
             sysLoginService.logout(username);
         }

ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysLoginService.java

@@ -8,10 +8,10 @@ import com.ruoyi.common.core.constant.UserConstants;
 import com.ruoyi.common.core.domain.R;
 import com.ruoyi.common.core.enums.UserStatus;
 import com.ruoyi.common.core.exception.ServiceException;
-import com.ruoyi.common.core.utils.SecurityUtils;
 import com.ruoyi.common.core.utils.ServletUtils;
 import com.ruoyi.common.core.utils.StringUtils;
 import com.ruoyi.common.core.utils.ip.IpUtils;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.api.RemoteLogService;
 import com.ruoyi.system.api.RemoteUserService;
 import com.ruoyi.system.api.domain.SysLogininfor;

ruoyi-common/ruoyi-common-core/pom.xml

@@ -41,6 +41,12 @@
             <artifactId>spring-web</artifactId>
         </dependency>
 
+        <!-- Transmittable ThreadLocal -->
+        <dependency>
+            <groupId>com.alibaba</groupId>
+            <artifactId>transmittable-thread-local</artifactId>
+        </dependency>
+
         <!-- Apache Commons Pool2 -->
         <dependency>
             <groupId>org.apache.commons</groupId>
@@ -71,6 +77,18 @@
             <artifactId>fastjson</artifactId>
         </dependency>
 
+        <!-- Jwt -->
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt</artifactId>
+        </dependency>
+
+        <!-- Jaxb -->
+        <dependency>
+            <groupId>javax.xml.bind</groupId>
+            <artifactId>jaxb-api</artifactId>
+        </dependency>
+
         <!-- Apache Lang3 -->
         <dependency>
             <groupId>org.apache.commons</groupId>

ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/CacheConstants.java

@@ -7,6 +7,16 @@ package com.ruoyi.common.core.constant;
  */
 public class CacheConstants
 {
+    /**
+     * 缓存有效期，默认720（分钟）
+     */
+    public final static long EXPIRATION = 720;
+
+    /**
+     * 缓存刷新时间，默认120（分钟）
+     */
+    public final static long REFRESH_TIME = 120;
+
     /**
      * 权限缓存前缀
      */

ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/Constants.java

@@ -97,10 +97,6 @@ public class Constants
      */
     public static final long CAPTCHA_EXPIRATION = 2;
 
-    /**
-     * 令牌有效期（分钟）
-     */
-    public final static long TOKEN_EXPIRE = 720;
 
     /**
      * 参数管理 cache key

ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/SecurityConstants.java

@@ -7,16 +7,6 @@ package com.ruoyi.common.core.constant;
  */
 public class SecurityConstants
 {
-    /**
-     * 令牌自定义标识
-     */
-    public static final String TOKEN_AUTHENTICATION = "Authorization";
-
-    /**
-     * 令牌前缀
-     */
-    public static final String TOKEN_PREFIX = "Bearer ";
-
     /**
      * 用户ID字段
      */
@@ -41,4 +31,14 @@ public class SecurityConstants
      * 内部请求
      */
     public static final String INNER = "inner";
+
+    /**
+     * 用户标识
+     */
+    public static final String USER_KEY = "user_key";
+
+    /**
+     * 登录用户
+     */
+    public static final String LOGIN_USER = "login_user";
 }

ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/TokenConstants.java

@@ -0,0 +1,25 @@
+package com.ruoyi.common.core.constant;
+
+/**
+ * Token的Key常量
+ * 
+ * @author ruoyi
+ */
+public class TokenConstants
+{
+    /**
+     * 令牌自定义标识
+     */
+    public static final String AUTHENTICATION = "Authorization";
+
+    /**
+     * 令牌前缀
+     */
+    public static final String PREFIX = "Bearer ";
+
+    /**
+     * 令牌秘钥
+     */
+    public final static String SECRET = "abcdefghijklmnopqrstuvwxyz";
+
+}

ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/context/SecurityContextHolder.java

@@ -0,0 +1,88 @@
+package com.ruoyi.common.core.context;
+
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import com.alibaba.ttl.TransmittableThreadLocal;
+import com.ruoyi.common.core.constant.SecurityConstants;
+import com.ruoyi.common.core.text.Convert;
+import com.ruoyi.common.core.utils.StringUtils;
+
+/**
+ * 获取当前线程变量中的 用户id、用户名称、Token等信息 
+ * 注意： 必须在网关通过请求头的方法传入，同时在HeaderInterceptor拦截器设置值。 否则这里无法获取
+ *
+ * @author ruoyi
+ */
+public class SecurityContextHolder
+{
+    private static final TransmittableThreadLocal<Map<String, Object>> THREAD_LOCAL = new TransmittableThreadLocal<>();
+
+    public static void set(String key, Object value)
+    {
+        Map<String, Object> map = getLocalMap();
+        map.put(key, value == null ? StringUtils.EMPTY : value);
+    }
+
+    public static String get(String key)
+    {
+        Map<String, Object> map = getLocalMap();
+        return Convert.toStr(map.getOrDefault(key, StringUtils.EMPTY));
+    }
+
+    public static <T> T get(String key, Class<T> clazz)
+    {
+        Map<String, Object> map = getLocalMap();
+        return StringUtils.cast(map.getOrDefault(key, null));
+    }
+
+    public static Map<String, Object> getLocalMap()
+    {
+        Map<String, Object> map = THREAD_LOCAL.get();
+        if (map == null)
+        {
+            map = new ConcurrentHashMap<String, Object>();
+            THREAD_LOCAL.set(map);
+        }
+        return map;
+    }
+
+    public static void setLocalMap(Map<String, Object> threadLocalMap)
+    {
+        THREAD_LOCAL.set(threadLocalMap);
+    }
+
+    public static Long getUserId()
+    {
+        return Convert.toLong(get(SecurityConstants.DETAILS_USER_ID), 0L);
+    }
+
+    public static void setUserId(String account)
+    {
+        set(SecurityConstants.DETAILS_USER_ID, account);
+    }
+
+    public static String getUserName()
+    {
+        return get(SecurityConstants.DETAILS_USERNAME);
+    }
+
+    public static void setUserName(String username)
+    {
+        set(SecurityConstants.DETAILS_USERNAME, username);
+    }
+
+    public static String getUserKey()
+    {
+        return get(SecurityConstants.USER_KEY);
+    }
+
+    public static void setUserKey(String userKey)
+    {
+        set(SecurityConstants.USER_KEY, userKey);
+    }
+
+    public static void remove()
+    {
+        THREAD_LOCAL.remove();
+    }
+}

ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/auth/NotLoginException.java

@@ -0,0 +1,16 @@
+package com.ruoyi.common.core.exception.auth;
+
+/**
+ * 未能通过的登录认证异常
+ * 
+ * @author ruoyi
+ */
+public class NotLoginException extends RuntimeException
+{
+    private static final long serialVersionUID = 1L;
+
+    public NotLoginException(String message)
+    {
+        super(message);
+    }
+}

ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/auth/NotPermissionException.java

@@ -0,0 +1,23 @@
+package com.ruoyi.common.core.exception.auth;
+
+import org.apache.commons.lang3.StringUtils;
+
+/**
+ * 未能通过的权限认证异常
+ * 
+ * @author ruoyi
+ */
+public class NotPermissionException extends RuntimeException
+{
+    private static final long serialVersionUID = 1L;
+
+    public NotPermissionException(String permission)
+    {
+        super(permission);
+    }
+
+    public NotPermissionException(String[] permissions)
+    {
+        super(StringUtils.join(permissions, ","));
+    }
+}

ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/exception/auth/NotRoleException.java

@@ -0,0 +1,23 @@
+package com.ruoyi.common.core.exception.auth;
+
+import org.apache.commons.lang3.StringUtils;
+
+/**
+ * 未能通过的角色认证异常
+ * 
+ * @author ruoyi
+ */
+public class NotRoleException extends RuntimeException
+{
+    private static final long serialVersionUID = 1L;
+
+    public NotRoleException(String role)
+    {
+        super(role);
+    }
+
+    public NotRoleException(String[] roles)
+    {
+        super(StringUtils.join(roles, ","));
+    }
+}

ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/JwtUtils.java

@@ -0,0 +1,123 @@
+package com.ruoyi.common.core.utils;
+
+import java.util.Map;
+import com.ruoyi.common.core.constant.SecurityConstants;
+import com.ruoyi.common.core.constant.TokenConstants;
+import com.ruoyi.common.core.text.Convert;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+
+/**
+ * Jwt工具类
+ *
+ * @author ruoyi
+ */
+public class JwtUtils
+{
+    public static String secret = TokenConstants.SECRET;
+
+    /**
+     * 从数据声明生成令牌
+     *
+     * @param claims 数据声明
+     * @return 令牌
+     */
+    public static String createToken(Map<String, Object> claims)
+    {
+        String token = Jwts.builder().setClaims(claims).signWith(SignatureAlgorithm.HS512, secret).compact();
+        return token;
+    }
+
+    /**
+     * 从令牌中获取数据声明
+     *
+     * @param token 令牌
+     * @return 数据声明
+     */
+    public static Claims parseToken(String token)
+    {
+        return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
+    }
+
+    /**
+     * 根据令牌获取用户标识
+     * 
+     * @param token 令牌
+     * @return 用户ID
+     */
+    public static String getUserKey(String token)
+    {
+        Claims claims = parseToken(token);
+        return getValue(claims, SecurityConstants.USER_KEY);
+    }
+
+    /**
+     * 根据令牌获取用户标识
+     * 
+     * @param claims 身份信息
+     * @return 用户ID
+     */
+    public static String getUserKey(Claims claims)
+    {
+        return getValue(claims, SecurityConstants.USER_KEY);
+    }
+
+    /**
+     * 根据令牌获取用户ID
+     * 
+     * @param token 令牌
+     * @return 用户ID
+     */
+    public static String getUserId(String token)
+    {
+        Claims claims = parseToken(token);
+        return getValue(claims, SecurityConstants.DETAILS_USER_ID);
+    }
+
+    /**
+     * 根据身份信息获取用户ID
+     * 
+     * @param claims 身份信息
+     * @return 用户ID
+     */
+    public static String getUserId(Claims claims)
+    {
+        return getValue(claims, SecurityConstants.DETAILS_USER_ID);
+    }
+
+    /**
+     * 根据令牌获取用户名
+     * 
+     * @param token 令牌
+     * @return 用户名
+     */
+    public static String getUserName(String token)
+    {
+        Claims claims = parseToken(token);
+        return getValue(claims, SecurityConstants.DETAILS_USERNAME);
+    }
+
+    /**
+     * 根据身份信息获取用户名
+     * 
+     * @param claims 身份信息
+     * @return 用户名
+     */
+    public static String getUserName(Claims claims)
+    {
+        return getValue(claims, SecurityConstants.DETAILS_USERNAME);
+    }
+
+    /**
+     * 根据身份信息获取键值
+     * 
+     * @param claims 身份信息
+     * @param key 键
+     * @return 值
+     */
+    public static String getValue(Claims claims, String key)
+    {
+        return Convert.toStr(claims.get(key), "");
+    }
+}

ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/ServletUtils.java

@@ -130,6 +130,16 @@ public class ServletUtils
         }
     }
 
+    public static String getHeader(HttpServletRequest request, String name)
+    {
+        String value = request.getHeader(name);
+        if (StringUtils.isEmpty(value))
+        {
+            return StringUtils.EMPTY;
+        }
+        return urlDecode(value);
+    }
+
     public static Map<String, String> getHeaders(HttpServletRequest request)
     {
         Map<String, String> map = new LinkedHashMap<>();
@@ -216,7 +226,7 @@ public class ServletUtils
         }
         catch (UnsupportedEncodingException e)
         {
-            return "";
+            return StringUtils.EMPTY;
         }
     }
 
@@ -234,7 +244,7 @@ public class ServletUtils
         }
         catch (UnsupportedEncodingException e)
         {
-            return "";
+            return StringUtils.EMPTY;
         }
     }
 

ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/aspect/DataScopeAspect.java

@@ -3,12 +3,11 @@ package com.ruoyi.common.datascope.aspect;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Before;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import com.ruoyi.common.core.utils.StringUtils;
 import com.ruoyi.common.core.web.domain.BaseEntity;
 import com.ruoyi.common.datascope.annotation.DataScope;
-import com.ruoyi.common.security.service.TokenService;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.api.domain.SysRole;
 import com.ruoyi.system.api.domain.SysUser;
 import com.ruoyi.system.api.model.LoginUser;
@@ -52,9 +51,6 @@ public class DataScopeAspect
      */
     public static final String DATA_SCOPE = "dataScope";
 
-    @Autowired
-    private TokenService tokenService;
-
     @Before("@annotation(controllerDataScope)")
     public void doBefore(JoinPoint point, DataScope controllerDataScope) throws Throwable
     {
@@ -65,7 +61,7 @@ public class DataScopeAspect
     protected void handleDataScope(final JoinPoint joinPoint, DataScope controllerDataScope)
     {
         // 获取当前的用户
-        LoginUser loginUser = tokenService.getLoginUser();
+        LoginUser loginUser = SecurityUtils.getLoginUser();
         if (StringUtils.isNotNull(loginUser))
         {
             SysUser currentUser = loginUser.getSysUser();

ruoyi-common/ruoyi-common-log/src/main/java/com/ruoyi/common/log/aspect/LogAspect.java

@@ -16,13 +16,13 @@ import org.springframework.stereotype.Component;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.multipart.MultipartFile;
 import com.alibaba.fastjson.JSON;
-import com.ruoyi.common.core.utils.SecurityUtils;
 import com.ruoyi.common.core.utils.ServletUtils;
 import com.ruoyi.common.core.utils.StringUtils;
 import com.ruoyi.common.core.utils.ip.IpUtils;
 import com.ruoyi.common.log.annotation.Log;
 import com.ruoyi.common.log.enums.BusinessStatus;
 import com.ruoyi.common.log.service.AsyncLogService;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.api.domain.SysOperLog;
 
 /**

ruoyi-common/ruoyi-common-redis/src/main/java/com/ruoyi/common/redis/service/RedisService.java

@@ -74,6 +74,17 @@ public class RedisService
         return redisTemplate.expire(key, timeout, unit);
     }
 
+    /**
+     * 获取有效时间
+     *
+     * @param key Redis键
+     * @return 有效时间
+     */
+    public long getExpire(final String key)
+    {
+        return redisTemplate.getExpire(key);
+    }
+
     /**
      * 判断 key是否存在
      *

ruoyi-common/ruoyi-common-security/pom.xml

@@ -16,6 +16,12 @@
 
     <dependencies>
 
+        <!-- Spring Web -->
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-webmvc</artifactId>
+        </dependency>
+
         <!-- RuoYi Api System -->
         <dependency>
             <groupId>com.ruoyi</groupId>

ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/annotation/Logical.java

@@ -0,0 +1,20 @@
+package com.ruoyi.common.security.annotation;
+
+/**
+ * 权限注解的验证模式
+ * 
+ * @author ruoyi
+ *
+ */
+public enum Logical
+{
+    /**
+     * 必须具有所有的元素
+     */
+    AND,
+
+    /**
+     * 只需具有其中一个元素
+     */
+    OR
+}

ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/annotation/PreAuthorize.java

@@ -1,46 +0,0 @@
-package com.ruoyi.common.security.annotation;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-/**
- * 权限注解
- * 
- * @author ruoyi
- */
-@Target({ ElementType.TYPE, ElementType.METHOD })
-@Retention(RetentionPolicy.RUNTIME)
-public @interface PreAuthorize
-{
-    /**
-     * 验证用户是否具备某权限
-     */
-    public String hasPermi() default "";
-
-    /**
-     * 验证用户是否不具备某权限，与 hasPermi逻辑相反
-     */
-    public String lacksPermi() default "";
-
-    /**
-     * 验证用户是否具有以下任意一个权限
-     */
-    public String[] hasAnyPermi() default {};
-
-    /**
-     * 判断用户是否拥有某个角色
-     */
-    public String hasRole() default "";
-
-    /**
-     * 验证用户是否不具备某角色，与 isRole逻辑相反
-     */
-    public String lacksRole() default "";
-
-    /**
-     * 验证用户是否具有以下任意一个角色
-     */
-    public String[] hasAnyRoles() default {};
-}

ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/annotation/RequiresLogin.java

@@ -0,0 +1,18 @@
+package com.ruoyi.common.security.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * 登录认证：只有登录之后才能进入该方法
+ * 
+ * @author ruoyi
+ *
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ ElementType.METHOD, ElementType.TYPE })
+public @interface RequiresLogin
+{
+}

ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/annotation/RequiresPermissions.java

@@ -0,0 +1,27 @@
+package com.ruoyi.common.security.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * 权限认证：必须具有指定权限才能进入该方法
+ * 
+ * @author ruoyi
+ *
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ ElementType.METHOD, ElementType.TYPE })
+public @interface RequiresPermissions
+{
+    /**
+     * 需要校验的权限码
+     */
+    String[] value() default {};
+
+    /**
+     * 验证模式：AND | OR，默认AND
+     */
+    Logical logical() default Logical.AND;
+}

ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/annotation/RequiresRoles.java

@@ -0,0 +1,26 @@
+package com.ruoyi.common.security.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * 角色认证：必须具有指定角色标识才能进入该方法
+ * 
+ * @author ruoyi
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ ElementType.METHOD, ElementType.TYPE })
+public @interface RequiresRoles
+{
+    /**
+     * 需要校验的角色标识
+     */
+    String[] value() default {};
+
+    /**
+     * 验证逻辑：AND | OR，默认AND
+     */
+    Logical logical() default Logical.AND;
+}

ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/aspect/PreAuthorizeAspect.java

@@ -1,225 +1,97 @@
 package com.ruoyi.common.security.aspect;
 
 import java.lang.reflect.Method;
-import java.util.Collection;
 import org.aspectj.lang.ProceedingJoinPoint;
-import org.aspectj.lang.Signature;
 import org.aspectj.lang.annotation.Around;
 import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.annotation.Pointcut;
 import org.aspectj.lang.reflect.MethodSignature;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
-import org.springframework.util.CollectionUtils;
+import com.ruoyi.common.security.annotation.RequiresLogin;
-import org.springframework.util.PatternMatchUtils;
+import com.ruoyi.common.security.annotation.RequiresPermissions;
-import com.ruoyi.common.core.exception.PreAuthorizeException;
+import com.ruoyi.common.security.annotation.RequiresRoles;
-import com.ruoyi.common.core.utils.StringUtils;
+import com.ruoyi.common.security.auth.AuthUtil;
-import com.ruoyi.common.security.annotation.PreAuthorize;
-import com.ruoyi.common.security.service.TokenService;
-import com.ruoyi.system.api.model.LoginUser;
 
 /**
- * 自定义权限实现
+ * 基于 Spring Aop 的注解鉴权
  * 
- * @author ruoyi
+ * @author kong
  */
 @Aspect
 @Component
 public class PreAuthorizeAspect
 {
-    @Autowired
-    private TokenService tokenService;
-
-    /** 所有权限标识 */
-    private static final String ALL_PERMISSION = "*:*:*";
-
-    /** 管理员角色权限标识 */
-    private static final String SUPER_ADMIN = "admin";
-
-    /** 数组为0时 */
-    private static final Integer ARRAY_EMPTY = 0;
-
-    @Around("@annotation(com.ruoyi.common.security.annotation.PreAuthorize)")
-    public Object around(ProceedingJoinPoint point) throws Throwable
-    {
-        Signature signature = point.getSignature();
-        MethodSignature methodSignature = (MethodSignature) signature;
-        Method method = methodSignature.getMethod();
-        PreAuthorize annotation = method.getAnnotation(PreAuthorize.class);
-        if (annotation == null)
-        {
-            return point.proceed();
-        }
-
-        if (StringUtils.isNotEmpty(annotation.hasPermi()))
-        {
-            if (hasPermi(annotation.hasPermi()))
-            {
-                return point.proceed();
-            }
-            throw new PreAuthorizeException();
-        }
-        else if (StringUtils.isNotEmpty(annotation.lacksPermi()))
-        {
-            if (lacksPermi(annotation.lacksPermi()))
-            {
-                return point.proceed();
-            }
-            throw new PreAuthorizeException();
-        }
-        else if (ARRAY_EMPTY < annotation.hasAnyPermi().length)
-        {
-            if (hasAnyPermi(annotation.hasAnyPermi()))
-            {
-                return point.proceed();
-            }
-            throw new PreAuthorizeException();
-        }
-        else if (StringUtils.isNotEmpty(annotation.hasRole()))
-        {
-            if (hasRole(annotation.hasRole()))
-            {
-                return point.proceed();
-            }
-            throw new PreAuthorizeException();
-        }
-        else if (StringUtils.isNotEmpty(annotation.lacksRole()))
-        {
-            if (lacksRole(annotation.lacksRole()))
-            {
-                return point.proceed();
-            }
-            throw new PreAuthorizeException();
-        }
-        else if (ARRAY_EMPTY < annotation.hasAnyRoles().length)
-        {
-            if (hasAnyRoles(annotation.hasAnyRoles()))
-            {
-                return point.proceed();
-            }
-            throw new PreAuthorizeException();
-        }
-
-        return point.proceed();
-    }
-
     /**
-     * 验证用户是否具备某权限
+     * 构建
-     * 
-     * @param permission 权限字符串
-     * @return 用户是否具备某权限
      */
-    public boolean hasPermi(String permission)
+    public PreAuthorizeAspect()
     {
-        LoginUser userInfo = tokenService.getLoginUser();
-        if (StringUtils.isNull(userInfo) || CollectionUtils.isEmpty(userInfo.getPermissions()))
-        {
-            return false;
-        }
-        return hasPermissions(userInfo.getPermissions(), permission);
     }
 
     /**
-     * 验证用户是否不具备某权限，与 hasPermi逻辑相反
+     * 定义AOP签名 (切入所有使用鉴权注解的方法)
-     *
-     * @param permission 权限字符串
-     * @return 用户是否不具备某权限
      */
-    public boolean lacksPermi(String permission)
+    public static final String POINTCUT_SIGN = " @annotation(com.ruoyi.common.security.annotation.RequiresLogin) || "
-    {
+            + "@annotation(com.ruoyi.common.security.annotation.RequiresPermissions) || "
-        return hasPermi(permission) != true;
+            + "@annotation(com.ruoyi.common.security.annotation.RequiresRoles)";
-    }
 
     /**
-     * 验证用户是否具有以下任意一个权限
+     * 声明AOP签名
-     *
-     * @param permissions 权限列表
-     * @return 用户是否具有以下任意一个权限
      */
-    public boolean hasAnyPermi(String[] permissions)
+    @Pointcut(POINTCUT_SIGN)
+    public void pointcut()
     {
-        LoginUser userInfo = tokenService.getLoginUser();
-        if (StringUtils.isNull(userInfo) || CollectionUtils.isEmpty(userInfo.getPermissions()))
-        {
-            return false;
-        }
-        Collection<String> authorities = userInfo.getPermissions();
-        for (String permission : permissions)
-        {
-            if (permission != null && hasPermissions(authorities, permission))
-            {
-                return true;
-            }
-        }
-        return false;
     }
 
     /**
-     * 判断用户是否拥有某个角色
+     * 环绕切入
      * 
-     * @param role 角色字符串
+     * @param joinPoint 切面对象
-     * @return 用户是否具备某角色
+     * @return 底层方法执行后的返回值
+     * @throws Throwable 底层方法抛出的异常
      */
-    public boolean hasRole(String role)
+    @Around("pointcut()")
+    public Object around(ProceedingJoinPoint joinPoint) throws Throwable
     {
-        LoginUser userInfo = tokenService.getLoginUser();
+        // 注解鉴权
-        if (StringUtils.isNull(userInfo) || CollectionUtils.isEmpty(userInfo.getRoles()))
+        MethodSignature signature = (MethodSignature) joinPoint.getSignature();
+        checkMethodAnnotation(signature.getMethod());
+        try
         {
-            return false;
+            // 执行原有逻辑
+            Object obj = joinPoint.proceed();
+            return obj;
         }
-        for (String roleKey : userInfo.getRoles())
+        catch (Throwable e)
         {
-            if (SUPER_ADMIN.equals(roleKey) || roleKey.equals(role))
+            throw e;
-            {
-                return true;
-            }
         }
-        return false;
-    }
-
-    /**
-     * 验证用户是否不具备某角色，与 isRole逻辑相反。
-     *
-     * @param role 角色名称
-     * @return 用户是否不具备某角色
-     */
-    public boolean lacksRole(String role)
-    {
-        return hasRole(role) != true;
     }
 
     /**
-     * 验证用户是否具有以下任意一个角色
+     * 对一个Method对象进行注解检查
-     *
-     * @param roles 角色列表
-     * @return 用户是否具有以下任意一个角色
      */
-    public boolean hasAnyRoles(String[] roles)
+    public void checkMethodAnnotation(Method method)
     {
-        LoginUser userInfo = tokenService.getLoginUser();
+        // 校验 @RequiresLogin 注解
-        if (StringUtils.isNull(userInfo) || CollectionUtils.isEmpty(userInfo.getRoles()))
+        RequiresLogin requiresLogin = method.getAnnotation(RequiresLogin.class);
+        if (requiresLogin != null)
         {
-            return false;
+            AuthUtil.checkLogin();
         }
-        for (String role : roles)
+
+        // 校验 @RequiresRoles 注解
+        RequiresRoles requiresRoles = method.getAnnotation(RequiresRoles.class);
+        if (requiresRoles != null)
         {
-            if (hasRole(role))
+            AuthUtil.checkRole(requiresRoles);
-            {
-                return true;
-            }
         }
-        return false;
-    }
 
-    /**
+        // 校验 @RequiresPermissions 注解
-     * 判断是否包含权限
+        RequiresPermissions requiresPermissions = method.getAnnotation(RequiresPermissions.class);
-     * 
+        if (requiresPermissions != null)
-     * @param authorities 权限列表
+        {
-     * @param permission 权限字符串
+            AuthUtil.checkPermi(requiresPermissions);
-     * @return 用户是否具备某权限
+        }
-     */
-    private boolean hasPermissions(Collection<String> authorities, String permission)
-    {
-        return authorities.stream().filter(StringUtils::hasText)
-                .anyMatch(x -> ALL_PERMISSION.contains(x) || PatternMatchUtils.simpleMatch(x, permission));
     }
 }

ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/auth/AuthLogic.java

@@ -0,0 +1,371 @@
+package com.ruoyi.common.security.auth;
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+import org.springframework.util.PatternMatchUtils;
+import com.ruoyi.common.core.exception.auth.NotLoginException;
+import com.ruoyi.common.core.exception.auth.NotPermissionException;
+import com.ruoyi.common.core.exception.auth.NotRoleException;
+import com.ruoyi.common.core.utils.SpringUtils;
+import com.ruoyi.common.core.utils.StringUtils;
+import com.ruoyi.common.security.annotation.Logical;
+import com.ruoyi.common.security.annotation.RequiresLogin;
+import com.ruoyi.common.security.annotation.RequiresPermissions;
+import com.ruoyi.common.security.annotation.RequiresRoles;
+import com.ruoyi.common.security.service.TokenService;
+import com.ruoyi.common.security.utils.SecurityUtils;
+import com.ruoyi.system.api.model.LoginUser;
+
+/**
+ * Token 权限验证，逻辑实现类
+ * 
+ * @author ruoyi
+ */
+public class AuthLogic
+{
+    /** 所有权限标识 */
+    private static final String ALL_PERMISSION = "*:*:*";
+
+    /** 管理员角色权限标识 */
+    private static final String SUPER_ADMIN = "admin";
+
+    public TokenService tokenService = SpringUtils.getBean(TokenService.class);
+
+    /**
+     * 会话注销
+     */
+    public void logout()
+    {
+        String token = SecurityUtils.getToken();
+        if (token == null)
+        {
+            return;
+        }
+        logoutByToken(token);
+    }
+
+    /**
+     * 会话注销，根据指定Token
+     */
+    public void logoutByToken(String token)
+    {
+        tokenService.delLoginUser(token);
+    }
+
+    /**
+     * 检验用户是否已经登录，如未登录，则抛出异常
+     */
+    public void checkLogin()
+    {
+        getLoginUser();
+    }
+
+    /**
+     * 获取当前用户缓存信息, 如果未登录，则抛出异常
+     * 
+     * @return 用户缓存信息
+     */
+    public LoginUser getLoginUser()
+    {
+        String token = SecurityUtils.getToken();
+        if (token == null)
+        {
+            throw new NotLoginException("未提供token");
+        }
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        if (loginUser == null)
+        {
+            throw new NotLoginException("无效的token");
+        }
+        return loginUser;
+    }
+
+    /**
+     * 获取当前用户缓存信息, 如果未登录，则抛出异常
+     * 
+     * @param token 前端传递的认证信息
+     * @return 用户缓存信息
+     */
+    public LoginUser getLoginUser(String token)
+    {
+        return tokenService.getLoginUser(token);
+    }
+
+    /**
+     * 验证当前用户有效期, 如果相差不足360分钟，自动刷新缓存
+     * 
+     * @param loginUser 当前用户信息
+     */
+    public void verifyLoginUserExpire(LoginUser loginUser)
+    {
+        tokenService.verifyToken(loginUser);
+    }
+
+    /**
+     * 验证用户是否具备某权限
+     * 
+     * @param permission 权限字符串
+     * @return 用户是否具备某权限
+     */
+    public boolean hasPermi(String permission)
+    {
+        return hasPermi(getPermiList(), permission);
+    }
+
+    /**
+     * 验证用户是否具备某权限, 如果验证未通过，则抛出异常: NotPermissionException
+     * 
+     * @param permission 权限字符串
+     * @return 用户是否具备某权限
+     */
+    public void checkPermi(String permission)
+    {
+        if (!hasPermi(getPermiList(), permission))
+        {
+            throw new NotPermissionException(permission);
+        }
+    }
+
+    /**
+     * 根据注解(@RequiresPermissions)鉴权, 如果验证未通过，则抛出异常: NotPermissionException
+     * 
+     * @param requiresPermissions 注解对象
+     */
+    public void checkPermi(RequiresPermissions requiresPermissions)
+    {
+        if (requiresPermissions.logical() == Logical.AND)
+        {
+            checkPermiAnd(requiresPermissions.value());
+        }
+        else
+        {
+            checkPermiOr(requiresPermissions.value());
+        }
+    }
+
+    /**
+     * 验证用户是否含有指定权限，必须全部拥有
+     *
+     * @param permissions 权限列表
+     */
+    public void checkPermiAnd(String... permissions)
+    {
+        Set<String> permissionList = getPermiList();
+        for (String permission : permissions)
+        {
+            if (!hasPermi(permissionList, permission))
+            {
+                throw new NotPermissionException(permission);
+            }
+        }
+    }
+
+    /**
+     * 验证用户是否含有指定权限，只需包含其中一个
+     * 
+     * @param permissions 权限码数组
+     */
+    public void checkPermiOr(String... permissions)
+    {
+        Set<String> permissionList = getPermiList();
+        for (String permission : permissions)
+        {
+            if (hasPermi(permissionList, permission))
+            {
+                return;
+            }
+        }
+        if (permissions.length > 0)
+        {
+            throw new NotPermissionException(permissions);
+        }
+    }
+
+    /**
+     * 判断用户是否拥有某个角色
+     * 
+     * @param role 角色标识
+     * @return 用户是否具备某角色
+     */
+    public boolean hasRole(String role)
+    {
+        return hasRole(getRoleList(), role);
+    }
+
+    /**
+     * 判断用户是否拥有某个角色, 如果验证未通过，则抛出异常: NotRoleException
+     * 
+     * @param role 角色标识
+     */
+    public void checkRole(String role)
+    {
+        if (!hasRole(role))
+        {
+            throw new NotRoleException(role);
+        }
+    }
+
+    /**
+     * 根据注解(@RequiresRoles)鉴权
+     * 
+     * @param requiresRoles 注解对象
+     */
+    public void checkRole(RequiresRoles requiresRoles)
+    {
+        if (requiresRoles.logical() == Logical.AND)
+        {
+            checkRoleAnd(requiresRoles.value());
+        }
+        else
+        {
+            checkRoleOr(requiresRoles.value());
+        }
+    }
+
+    /**
+     * 验证用户是否含有指定角色，必须全部拥有
+     * 
+     * @param roles 角色标识数组
+     */
+    public void checkRoleAnd(String... roles)
+    {
+        Set<String> roleList = getRoleList();
+        for (String role : roles)
+        {
+            if (!hasRole(roleList, role))
+            {
+                throw new NotRoleException(role);
+            }
+        }
+    }
+
+    /**
+     * 验证用户是否含有指定角色，只需包含其中一个
+     * 
+     * @param roles 角色标识数组
+     */
+    public void checkRoleOr(String... roles)
+    {
+        Set<String> roleList = getRoleList();
+        for (String role : roles)
+        {
+            if (hasRole(roleList, role))
+            {
+                return;
+            }
+        }
+        if (roles.length > 0)
+        {
+            throw new NotRoleException(roles);
+        }
+    }
+
+    /**
+     * 根据注解(@RequiresLogin)鉴权
+     * 
+     * @param at 注解对象
+     */
+    public void checkByAnnotation(RequiresLogin at)
+    {
+        this.checkLogin();
+    }
+
+    /**
+     * 根据注解(@RequiresRoles)鉴权
+     * 
+     * @param at 注解对象
+     */
+    public void checkByAnnotation(RequiresRoles at)
+    {
+        String[] roleArray = at.value();
+        if (at.logical() == Logical.AND)
+        {
+            this.checkRoleAnd(roleArray);
+        }
+        else
+        {
+            this.checkRoleOr(roleArray);
+        }
+    }
+
+    /**
+     * 根据注解(@RequiresPermissions)鉴权
+     * 
+     * @param at 注解对象
+     */
+    public void checkByAnnotation(RequiresPermissions at)
+    {
+        String[] permissionArray = at.value();
+        if (at.logical() == Logical.AND)
+        {
+            this.checkPermiAnd(permissionArray);
+        }
+        else
+        {
+            this.checkPermiOr(permissionArray);
+        }
+    }
+
+    /**
+     * 获取当前账号的角色列表
+     * 
+     * @return 角色列表
+     */
+    public Set<String> getRoleList()
+    {
+        try
+        {
+            LoginUser loginUser = getLoginUser();
+            return loginUser.getRoles();
+        }
+        catch (Exception e)
+        {
+            return new HashSet<>();
+        }
+    }
+
+    /**
+     * 获取当前账号的权限列表
+     * 
+     * @return 权限列表
+     */
+    public Set<String> getPermiList()
+    {
+        try
+        {
+            LoginUser loginUser = getLoginUser();
+            return loginUser.getPermissions();
+        }
+        catch (Exception e)
+        {
+            return new HashSet<>();
+        }
+    }
+
+    /**
+     * 判断是否包含权限
+     * 
+     * @param authorities 权限列表
+     * @param permission 权限字符串
+     * @return 用户是否具备某权限
+     */
+    public boolean hasPermi(Collection<String> authorities, String permission)
+    {
+        return authorities.stream().filter(StringUtils::hasText)
+                .anyMatch(x -> ALL_PERMISSION.contains(x) || PatternMatchUtils.simpleMatch(x, permission));
+    }
+
+    /**
+     * 判断是否包含角色
+     * 
+     * @param roles 角色列表
+     * @param role 角色
+     * @return 用户是否具备某角色权限
+     */
+    public boolean hasRole(Collection<String> roles, String role)
+    {
+        return roles.stream().filter(StringUtils::hasText)
+                .anyMatch(x -> SUPER_ADMIN.contains(x) || PatternMatchUtils.simpleMatch(x, role));
+    }
+}

ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/auth/AuthUtil.java

@@ -0,0 +1,162 @@
+package com.ruoyi.common.security.auth;
+
+import com.ruoyi.common.security.annotation.RequiresPermissions;
+import com.ruoyi.common.security.annotation.RequiresRoles;
+import com.ruoyi.system.api.model.LoginUser;
+
+/**
+ * Token 权限验证工具类
+ * 
+ * @author ruoyi
+ */
+public class AuthUtil
+{
+    /**
+     * 底层的 AuthLogic 对象
+     */
+    public static AuthLogic authLogic = new AuthLogic();
+
+    /**
+     * 会话注销
+     */
+    public static void logout()
+    {
+        authLogic.logout();
+    }
+
+    /**
+     * 会话注销，根据指定Token
+     * 
+     * @param tokenValue 指定token
+     */
+    public static void logoutByToken(String token)
+    {
+        authLogic.logoutByToken(token);
+    }
+
+    /**
+     * 检验当前会话是否已经登录，如未登录，则抛出异常
+     */
+    public static void checkLogin()
+    {
+        authLogic.checkLogin();
+    }
+
+    /**
+     * 获取当前登录用户信息
+     */
+    public static LoginUser getLoginUser(String token)
+    {
+        return authLogic.getLoginUser(token);
+    }
+
+    /**
+     * 验证当前用户有效期
+     */
+    public static void verifyLoginUserExpire(LoginUser loginUser)
+    {
+        authLogic.verifyLoginUserExpire(loginUser);
+    }
+
+    /**
+     * 当前账号是否含有指定角色标识, 返回true或false
+     * 
+     * @param role 角色标识
+     * @return 是否含有指定角色标识
+     */
+    public static boolean hasRole(String role)
+    {
+        return authLogic.hasRole(role);
+    }
+
+    /**
+     * 当前账号是否含有指定角色标识, 如果验证未通过，则抛出异常: NotRoleException
+     * 
+     * @param role 角色标识
+     */
+    public static void checkRole(String role)
+    {
+        authLogic.checkRole(role);
+    }
+
+    /**
+     * 根据注解传入参数鉴权, 如果验证未通过，则抛出异常: NotRoleException
+     * 
+     * @param requiresRoles 角色权限注解
+     */
+    public static void checkRole(RequiresRoles requiresRoles)
+    {
+        authLogic.checkRole(requiresRoles);
+    }
+
+    /**
+     * 当前账号是否含有指定角色标识 [指定多个，必须全部验证通过]
+     * 
+     * @param roles 角色标识数组
+     */
+    public static void checkRoleAnd(String... roles)
+    {
+        authLogic.checkRoleAnd(roles);
+    }
+
+    /**
+     * 当前账号是否含有指定角色标识 [指定多个，只要其一验证通过即可]
+     * 
+     * @param roles 角色标识数组
+     */
+    public static void checkRoleOr(String... roles)
+    {
+        authLogic.checkRoleOr(roles);
+    }
+
+    /**
+     * 当前账号是否含有指定权限, 返回true或false
+     * 
+     * @param permission 权限码
+     * @return 是否含有指定权限
+     */
+    public static boolean hasPermi(String permission)
+    {
+        return authLogic.hasPermi(permission);
+    }
+
+    /**
+     * 当前账号是否含有指定权限, 如果验证未通过，则抛出异常: NotPermissionException
+     * 
+     * @param permission 权限码
+     */
+    public static void checkPermi(String permission)
+    {
+        authLogic.checkPermi(permission);
+    }
+
+    /**
+     * 根据注解传入参数鉴权, 如果验证未通过，则抛出异常: NotPermissionException
+     * 
+     * @param requiresPermissions 权限注解
+     */
+    public static void checkPermi(RequiresPermissions requiresPermissions)
+    {
+        authLogic.checkPermi(requiresPermissions);
+    }
+
+    /**
+     * 当前账号是否含有指定权限 [指定多个，必须全部验证通过]
+     * 
+     * @param permissions 权限码数组
+     */
+    public static void checkPermiAnd(String... permissions)
+    {
+        authLogic.checkPermiAnd(permissions);
+    }
+
+    /**
+     * 当前账号是否含有指定权限 [指定多个，只要其一验证通过即可]
+     * 
+     * @param permissions 权限码数组
+     */
+    public static void checkPermiOr(String... permissions)
+    {
+        authLogic.checkPermiOr(permissions);
+    }
+}

ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/config/WebMvcConfig.java

@@ -0,0 +1,33 @@
+package com.ruoyi.common.security.config;
+
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import com.ruoyi.common.security.interceptor.HeaderInterceptor;
+
+/**
+ * 拦截器配置
+ *
+ * @author ruoyi
+ */
+public class WebMvcConfig implements WebMvcConfigurer
+{
+    /** 不需要拦截地址 */
+    public static final String[] excludeUrls = { "/login", "/logout", "/refresh" };
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry)
+    {
+        registry.addInterceptor(getHeaderInterceptor())
+                .addPathPatterns("/**")
+                .excludePathPatterns(excludeUrls)
+                .order(-10);
+    }
+
+    /**
+     * 自定义请求头拦截器
+     */
+    public HeaderInterceptor getHeaderInterceptor()
+    {
+        return new HeaderInterceptor();
+    }
+}

ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/handler/GlobalExceptionHandler.java

@@ -11,8 +11,9 @@ import org.springframework.web.bind.annotation.RestControllerAdvice;
 import com.ruoyi.common.core.constant.HttpStatus;
 import com.ruoyi.common.core.exception.DemoModeException;
 import com.ruoyi.common.core.exception.InnerAuthException;
-import com.ruoyi.common.core.exception.PreAuthorizeException;
 import com.ruoyi.common.core.exception.ServiceException;
+import com.ruoyi.common.core.exception.auth.NotPermissionException;
+import com.ruoyi.common.core.exception.auth.NotRoleException;
 import com.ruoyi.common.core.utils.StringUtils;
 import com.ruoyi.common.core.web.domain.AjaxResult;
 
@@ -27,14 +28,25 @@ public class GlobalExceptionHandler
     private static final Logger log = LoggerFactory.getLogger(GlobalExceptionHandler.class);
 
     /**
-     * 权限异常
+     * 权限码异常
      */
-    @ExceptionHandler(PreAuthorizeException.class)
+    @ExceptionHandler(NotPermissionException.class)
-    public AjaxResult handlePreAuthorizeException(PreAuthorizeException e, HttpServletRequest request)
+    public AjaxResult handleNotPermissionException(NotPermissionException e, HttpServletRequest request)
     {
         String requestURI = request.getRequestURI();
-        log.error("请求地址'{}',权限校验失败'{}'", requestURI, e.getMessage());
+        log.error("请求地址'{}',权限码校验失败'{}'", requestURI, e.getMessage());
-        return AjaxResult.error(HttpStatus.FORBIDDEN, "没有权限，请联系管理员授权");
+        return AjaxResult.error(HttpStatus.FORBIDDEN, "没有访问权限，请联系管理员授权");
+    }
+
+    /**
+     * 角色权限异常
+     */
+    @ExceptionHandler(NotRoleException.class)
+    public AjaxResult handleNotRoleException(NotRoleException e, HttpServletRequest request)
+    {
+        String requestURI = request.getRequestURI();
+        log.error("请求地址'{}',角色权限校验失败'{}'", requestURI, e.getMessage());
+        return AjaxResult.error(HttpStatus.FORBIDDEN, "没有访问权限，请联系管理员授权");
     }
 
     /**

ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/interceptor/HeaderInterceptor.java

@@ -0,0 +1,54 @@
+package com.ruoyi.common.security.interceptor;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.AsyncHandlerInterceptor;
+import com.ruoyi.common.core.constant.SecurityConstants;
+import com.ruoyi.common.core.context.SecurityContextHolder;
+import com.ruoyi.common.core.utils.ServletUtils;
+import com.ruoyi.common.core.utils.StringUtils;
+import com.ruoyi.common.security.auth.AuthUtil;
+import com.ruoyi.common.security.utils.SecurityUtils;
+import com.ruoyi.system.api.model.LoginUser;
+
+/**
+ * 自定义请求头拦截器，将Header数据封装到线程变量中方便获取
+ * 注意：此拦截器会同时验证当前用户有效期自动刷新有效期
+ *
+ * @author ruoyi
+ */
+public class HeaderInterceptor implements AsyncHandlerInterceptor
+{
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception
+    {
+        if (!(handler instanceof HandlerMethod))
+        {
+            return true;
+        }
+
+        SecurityContextHolder.setUserId(ServletUtils.getHeader(request, SecurityConstants.DETAILS_USER_ID));
+        SecurityContextHolder.setUserName(ServletUtils.getHeader(request, SecurityConstants.DETAILS_USERNAME));
+        SecurityContextHolder.setUserKey(ServletUtils.getHeader(request, SecurityConstants.USER_KEY));
+
+        String token = SecurityUtils.getToken();
+        if (StringUtils.isNotEmpty(token))
+        {
+            LoginUser loginUser = AuthUtil.getLoginUser(token);
+            if (StringUtils.isNotNull(loginUser))
+            {
+                AuthUtil.verifyLoginUserExpire(loginUser);
+                SecurityContextHolder.set(SecurityConstants.LOGIN_USER, loginUser);
+            }
+        }
+        return true;
+    }
+
+    @Override
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
+            throws Exception
+    {
+        SecurityContextHolder.remove();
+    }
+}

ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/service/TokenService.java

@@ -7,13 +7,14 @@ import javax.servlet.http.HttpServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import com.ruoyi.common.core.constant.CacheConstants;
-import com.ruoyi.common.core.constant.Constants;
+import com.ruoyi.common.core.constant.SecurityConstants;
 import com.ruoyi.common.core.utils.IdUtils;
-import com.ruoyi.common.core.utils.SecurityUtils;
+import com.ruoyi.common.core.utils.JwtUtils;
 import com.ruoyi.common.core.utils.ServletUtils;
 import com.ruoyi.common.core.utils.StringUtils;
 import com.ruoyi.common.core.utils.ip.IpUtils;
 import com.ruoyi.common.redis.service.RedisService;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.api.model.LoginUser;
 
 /**
@@ -27,31 +28,41 @@ public class TokenService
     @Autowired
     private RedisService redisService;
 
-    private final static long EXPIRE_TIME = Constants.TOKEN_EXPIRE * 60;
+    protected static final long MILLIS_SECOND = 1000;
+
+    protected static final long MILLIS_MINUTE = 60 * MILLIS_SECOND;
+
+    private final static long expireTime = CacheConstants.EXPIRATION;
 
     private final static String ACCESS_TOKEN = CacheConstants.LOGIN_TOKEN_KEY;
 
-    protected static final long MILLIS_SECOND = 1000;
+    private final static Long MILLIS_MINUTE_TEN = CacheConstants.REFRESH_TIME * MILLIS_MINUTE;
 
     /**
      * 创建令牌
      */
     public Map<String, Object> createToken(LoginUser loginUser)
     {
-        // 生成token
         String token = IdUtils.fastUUID();
+        Long userId = loginUser.getSysUser().getUserId();
+        String userName = loginUser.getSysUser().getUserName();
         loginUser.setToken(token);
-        loginUser.setUserid(loginUser.getSysUser().getUserId());
+        loginUser.setUserid(userId);
-        loginUser.setUsername(loginUser.getSysUser().getUserName());
+        loginUser.setUsername(userName);
         loginUser.setIpaddr(IpUtils.getIpAddr(ServletUtils.getRequest()));
         refreshToken(loginUser);
 
-        // 保存或更新用户token
+        // Jwt存储信息
-        Map<String, Object> map = new HashMap<String, Object>();
+        Map<String, Object> claimsMap = new HashMap<String, Object>();
-        map.put("access_token", token);
+        claimsMap.put(SecurityConstants.USER_KEY, token);
-        map.put("expires_in", EXPIRE_TIME);
+        claimsMap.put(SecurityConstants.DETAILS_USER_ID, userId);
-        redisService.setCacheObject(ACCESS_TOKEN + token, loginUser, EXPIRE_TIME, TimeUnit.SECONDS);
+        claimsMap.put(SecurityConstants.DETAILS_USERNAME, userName);
-        return map;
+
+        // 接口返回信息
+        Map<String, Object> rspMap = new HashMap<String, Object>();
+        rspMap.put("access_token", JwtUtils.createToken(claimsMap));
+        rspMap.put("expires_in", expireTime);
+        return rspMap;
     }
 
     /**
@@ -83,13 +94,20 @@ public class TokenService
      */
     public LoginUser getLoginUser(String token)
     {
-        if (StringUtils.isNotEmpty(token))
+        LoginUser user = null;
+        try
+        {
+            if (StringUtils.isNotEmpty(token))
+            {
+                String userkey = JwtUtils.getUserKey(token);
+                user = redisService.getCacheObject(getTokenKey(userkey));
+                return user;
+            }
+        }
+        catch (Exception e)
         {
-            String userKey = getTokenKey(token);
-            LoginUser user = redisService.getCacheObject(userKey);
-            return user;
         }
-        return null;
+        return user;
     }
 
     /**
@@ -103,12 +121,30 @@ public class TokenService
         }
     }
 
+    /**
+     * 删除用户缓存信息
+     */
     public void delLoginUser(String token)
     {
         if (StringUtils.isNotEmpty(token))
         {
-            String userKey = getTokenKey(token);
+            String userkey = JwtUtils.getUserKey(token);
-            redisService.deleteObject(userKey);
+            redisService.deleteObject(getTokenKey(userkey));
+        }
+    }
+
+    /**
+     * 验证令牌有效期，相差不足120分钟，自动刷新缓存
+     *
+     * @param loginUser
+     */
+    public void verifyToken(LoginUser loginUser)
+    {
+        long expireTime = loginUser.getExpireTime();
+        long currentTime = System.currentTimeMillis();
+        if (expireTime - currentTime <= MILLIS_MINUTE_TEN)
+        {
+            refreshToken(loginUser);
         }
     }
 
@@ -120,10 +156,10 @@ public class TokenService
     public void refreshToken(LoginUser loginUser)
     {
         loginUser.setLoginTime(System.currentTimeMillis());
-        loginUser.setExpireTime(loginUser.getLoginTime() + EXPIRE_TIME * MILLIS_SECOND);
+        loginUser.setExpireTime(loginUser.getLoginTime() + expireTime * MILLIS_MINUTE);
         // 根据uuid将loginUser缓存
         String userKey = getTokenKey(loginUser.getToken());
-        redisService.setCacheObject(userKey, loginUser, EXPIRE_TIME, TimeUnit.SECONDS);
+        redisService.setCacheObject(userKey, loginUser, expireTime, TimeUnit.MINUTES);
     }
 
     private String getTokenKey(String token)

ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/utils/SecurityUtils.java

@@ -1,9 +1,13 @@
-package com.ruoyi.common.core.utils;
+package com.ruoyi.common.security.utils;
 
 import javax.servlet.http.HttpServletRequest;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import com.ruoyi.common.core.constant.SecurityConstants;
-import com.ruoyi.common.core.text.Convert;
+import com.ruoyi.common.core.constant.TokenConstants;
+import com.ruoyi.common.core.context.SecurityContextHolder;
+import com.ruoyi.common.core.utils.ServletUtils;
+import com.ruoyi.common.core.utils.StringUtils;
+import com.ruoyi.system.api.model.LoginUser;
 
 /**
  * 权限获取工具类
@@ -13,20 +17,35 @@ import com.ruoyi.common.core.text.Convert;
 public class SecurityUtils
 {
     /**
-     * 获取用户
+     * 获取用户ID
+     */
+    public static Long getUserId()
+    {
+        return SecurityContextHolder.getUserId();
+    }
+
+    /**
+     * 获取用户名称
      */
     public static String getUsername()
     {
-        String username = ServletUtils.getRequest().getHeader(SecurityConstants.DETAILS_USERNAME);
+        return SecurityContextHolder.getUserName();
-        return ServletUtils.urlDecode(username);
     }
 
     /**
-     * 获取用户ID
+     * 获取用户key
      */
-    public static Long getUserId()
+    public static String getUserKey()
+    {
+        return SecurityContextHolder.getUserKey();
+    }
+
+    /**
+     * 获取登录用户信息
+     */
+    public static LoginUser getLoginUser()
     {
-        return Convert.toLong(ServletUtils.getRequest().getHeader(SecurityConstants.DETAILS_USER_ID));
+        return SecurityContextHolder.get(SecurityConstants.LOGIN_USER, LoginUser.class);
     }
 
     /**
@@ -42,18 +61,20 @@ public class SecurityUtils
      */
     public static String getToken(HttpServletRequest request)
     {
-        String token = request.getHeader(SecurityConstants.TOKEN_AUTHENTICATION);
+        // 从header获取token标识
+        String token = request.getHeader(TokenConstants.AUTHENTICATION);
         return replaceTokenPrefix(token);
     }
 
     /**
-     * 替换token前缀
+     * 裁剪token前缀
      */
     public static String replaceTokenPrefix(String token)
     {
-        if (StringUtils.isNotEmpty(token) && token.startsWith(SecurityConstants.TOKEN_PREFIX))
+        // 如果前端设置了令牌前缀，则裁剪掉前缀
+        if (StringUtils.isNotEmpty(token) && token.startsWith(TokenConstants.PREFIX))
         {
-            token = token.replace(SecurityConstants.TOKEN_PREFIX, "");
+            token = token.replaceFirst(TokenConstants.PREFIX, "");
         }
         return token;
     }

ruoyi-common/ruoyi-common-security/src/main/resources/META-INF/spring.factories

@@ -1,4 +1,5 @@
 org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
+  com.ruoyi.common.security.config.WebMvcConfig,\
   com.ruoyi.common.security.service.TokenService,\
   com.ruoyi.common.security.aspect.PreAuthorizeAspect,\
   com.ruoyi.common.security.aspect.InnerAuthAspect,\

ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java

@@ -1,26 +1,24 @@
 package com.ruoyi.gateway.filter;
 
-import javax.annotation.Resource;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cloud.gateway.filter.GatewayFilterChain;
 import org.springframework.cloud.gateway.filter.GlobalFilter;
 import org.springframework.core.Ordered;
-import org.springframework.data.redis.core.ValueOperations;
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.stereotype.Component;
 import org.springframework.web.server.ServerWebExchange;
-import com.alibaba.fastjson.JSONObject;
 import com.ruoyi.common.core.constant.CacheConstants;
-import com.ruoyi.common.core.constant.Constants;
 import com.ruoyi.common.core.constant.HttpStatus;
 import com.ruoyi.common.core.constant.SecurityConstants;
-import com.ruoyi.common.core.utils.SecurityUtils;
+import com.ruoyi.common.core.constant.TokenConstants;
+import com.ruoyi.common.core.utils.JwtUtils;
 import com.ruoyi.common.core.utils.ServletUtils;
 import com.ruoyi.common.core.utils.StringUtils;
 import com.ruoyi.common.redis.service.RedisService;
 import com.ruoyi.gateway.config.properties.IgnoreWhiteProperties;
+import io.jsonwebtoken.Claims;
 import reactor.core.publisher.Mono;
 
 /**
@@ -33,18 +31,14 @@ public class AuthFilter implements GlobalFilter, Ordered
 {
     private static final Logger log = LoggerFactory.getLogger(AuthFilter.class);
 
-    private final static long EXPIRE_TIME = Constants.TOKEN_EXPIRE * 60;
-
     // 排除过滤的 uri 地址，nacos自行添加
     @Autowired
     private IgnoreWhiteProperties ignoreWhite;
 
-    @Resource(name = "stringRedisTemplate")
-    private ValueOperations<String, String> sops;
-
     @Autowired
     private RedisService redisService;
 
+
     @Override
     public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain)
     {
@@ -62,22 +56,26 @@ public class AuthFilter implements GlobalFilter, Ordered
         {
             return unauthorizedResponse(exchange, "令牌不能为空");
         }
-        String userStr = sops.get(getTokenKey(token));
+        Claims claims = JwtUtils.parseToken(token);
-        if (StringUtils.isEmpty(userStr))
+        if (claims == null)
+        {
+            return unauthorizedResponse(exchange, "令牌已过期或验证不正确！");
+        }
+        String userkey = JwtUtils.getUserKey(claims);
+        boolean islogin = redisService.hasKey(getTokenKey(userkey));
+        if (!islogin)
         {
             return unauthorizedResponse(exchange, "登录状态已过期");
         }
-        JSONObject cacheObj = JSONObject.parseObject(userStr);
+        String userid = JwtUtils.getUserId(claims);
-        String userid = cacheObj.getString("userid");
+        String username = JwtUtils.getUserName(claims);
-        String username = cacheObj.getString("username");
         if (StringUtils.isEmpty(userid) || StringUtils.isEmpty(username))
         {
             return unauthorizedResponse(exchange, "令牌验证失败");
         }
 
-        // 设置过期时间
-        redisService.expire(getTokenKey(token), EXPIRE_TIME);
         // 设置用户信息到请求
+        addHeader(mutate, SecurityConstants.USER_KEY, userkey);
         addHeader(mutate, SecurityConstants.DETAILS_USER_ID, userid);
         addHeader(mutate, SecurityConstants.DETAILS_USERNAME, username);
         // 内部请求来源参数清除
@@ -120,8 +118,13 @@ public class AuthFilter implements GlobalFilter, Ordered
      */
     private String getToken(ServerHttpRequest request)
     {
-        String token = request.getHeaders().getFirst(SecurityConstants.TOKEN_AUTHENTICATION);
+        String token = request.getHeaders().getFirst(TokenConstants.AUTHENTICATION);
-        return SecurityUtils.replaceTokenPrefix(token);
+        // 如果前端设置了令牌前缀，则裁剪掉前缀
+        if (StringUtils.isNotEmpty(token) && token.startsWith(TokenConstants.PREFIX))
+        {
+            token = token.replaceFirst(TokenConstants.PREFIX, StringUtils.EMPTY);
+        }
+        return token;
     }
 
     @Override

ruoyi-gateway/src/main/java/com/ruoyi/gateway/handler/SentinelFallbackHandler.java

@@ -17,7 +17,7 @@ public class SentinelFallbackHandler implements WebExceptionHandler
 {
     private Mono<Void> writeResponse(ServerResponse response, ServerWebExchange exchange)
     {
-        return ServletUtils.webFluxResponseWriter(exchange.getResponse(), "请求超过最大数，请稍后再试");
+        return ServletUtils.webFluxResponseWriter(exchange.getResponse(), "请求超过最大数，请稍候再试");
     }
 
     @Override

ruoyi-modules/ruoyi-gen/src/main/java/com/ruoyi/gen/controller/GenController.java

@@ -22,7 +22,7 @@ import com.ruoyi.common.core.web.domain.AjaxResult;
 import com.ruoyi.common.core.web.page.TableDataInfo;
 import com.ruoyi.common.log.annotation.Log;
 import com.ruoyi.common.log.enums.BusinessType;
-import com.ruoyi.common.security.annotation.PreAuthorize;
+import com.ruoyi.common.security.annotation.RequiresPermissions;
 import com.ruoyi.gen.domain.GenTable;
 import com.ruoyi.gen.domain.GenTableColumn;
 import com.ruoyi.gen.service.IGenTableColumnService;
@@ -46,7 +46,7 @@ public class GenController extends BaseController
     /**
      * 查询代码生成列表
      */
-    @PreAuthorize(hasPermi = "tool:gen:list")
+    @RequiresPermissions("tool:gen:list")
     @GetMapping("/list")
     public TableDataInfo genList(GenTable genTable)
     {
@@ -58,7 +58,7 @@ public class GenController extends BaseController
     /**
      * 修改代码生成业务
      */
-    @PreAuthorize(hasPermi = "tool:gen:query")
+    @RequiresPermissions("tool:gen:query")
     @GetMapping(value = "/{talbleId}")
     public AjaxResult getInfo(@PathVariable Long talbleId)
     {
@@ -75,7 +75,7 @@ public class GenController extends BaseController
     /**
      * 查询数据库列表
      */
-    @PreAuthorize(hasPermi = "tool:gen:list")
+    @RequiresPermissions("tool:gen:list")
     @GetMapping("/db/list")
     public TableDataInfo dataList(GenTable genTable)
     {
@@ -100,7 +100,7 @@ public class GenController extends BaseController
     /**
      * 导入表结构（保存）
      */
-    @PreAuthorize(hasPermi = "tool:gen:import")
+    @RequiresPermissions("tool:gen:import")
     @Log(title = "代码生成", businessType = BusinessType.IMPORT)
     @PostMapping("/importTable")
     public AjaxResult importTableSave(String tables)
@@ -115,7 +115,7 @@ public class GenController extends BaseController
     /**
      * 修改保存代码生成业务
      */
-    @PreAuthorize(hasPermi = "tool:gen:edit")
+    @RequiresPermissions("tool:gen:edit")
     @Log(title = "代码生成", businessType = BusinessType.UPDATE)
     @PutMapping
     public AjaxResult editSave(@Validated @RequestBody GenTable genTable)
@@ -128,7 +128,7 @@ public class GenController extends BaseController
     /**
      * 删除代码生成
      */
-    @PreAuthorize(hasPermi = "tool:gen:remove")
+    @RequiresPermissions("tool:gen:remove")
     @Log(title = "代码生成", businessType = BusinessType.DELETE)
     @DeleteMapping("/{tableIds}")
     public AjaxResult remove(@PathVariable Long[] tableIds)
@@ -140,7 +140,7 @@ public class GenController extends BaseController
     /**
      * 预览代码
      */
-    @PreAuthorize(hasPermi = "tool:gen:preview")
+    @RequiresPermissions("tool:gen:preview")
     @GetMapping("/preview/{tableId}")
     public AjaxResult preview(@PathVariable("tableId") Long tableId) throws IOException
     {
@@ -151,7 +151,7 @@ public class GenController extends BaseController
     /**
      * 生成代码（下载方式）
      */
-    @PreAuthorize(hasPermi = "tool:gen:code")
+    @RequiresPermissions("tool:gen:code")
     @Log(title = "代码生成", businessType = BusinessType.GENCODE)
     @GetMapping("/download/{tableName}")
     public void download(HttpServletResponse response, @PathVariable("tableName") String tableName) throws IOException
@@ -163,7 +163,7 @@ public class GenController extends BaseController
     /**
      * 生成代码（自定义路径）
      */
-    @PreAuthorize(hasPermi = "tool:gen:code")
+    @RequiresPermissions("tool:gen:code")
     @Log(title = "代码生成", businessType = BusinessType.GENCODE)
     @GetMapping("/genCode/{tableName}")
     public AjaxResult genCode(@PathVariable("tableName") String tableName)
@@ -175,7 +175,7 @@ public class GenController extends BaseController
     /**
      * 同步数据库
      */
-    @PreAuthorize(hasPermi = "tool:gen:edit")
+    @RequiresPermissions("tool:gen:edit")
     @Log(title = "代码生成", businessType = BusinessType.UPDATE)
     @GetMapping("/synchDb/{tableName}")
     public AjaxResult synchDb(@PathVariable("tableName") String tableName)
@@ -187,7 +187,7 @@ public class GenController extends BaseController
     /**
      * 批量生成代码
      */
-    @PreAuthorize(hasPermi = "tool:gen:code")
+    @RequiresPermissions("tool:gen:code")
     @Log(title = "代码生成", businessType = BusinessType.GENCODE)
     @GetMapping("/batchGenCode")
     public void batchGenCode(HttpServletResponse response, String tables) throws IOException

ruoyi-modules/ruoyi-gen/src/main/java/com/ruoyi/gen/service/GenTableServiceImpl.java

@@ -26,8 +26,8 @@ import com.ruoyi.common.core.constant.Constants;
 import com.ruoyi.common.core.constant.GenConstants;
 import com.ruoyi.common.core.exception.ServiceException;
 import com.ruoyi.common.core.text.CharsetKit;
-import com.ruoyi.common.core.utils.SecurityUtils;
 import com.ruoyi.common.core.utils.StringUtils;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.gen.domain.GenTable;
 import com.ruoyi.gen.domain.GenTableColumn;
 import com.ruoyi.gen.mapper.GenTableColumnMapper;

ruoyi-modules/ruoyi-gen/src/main/resources/vm/java/controller.java.vm

@@ -14,7 +14,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import com.ruoyi.common.log.annotation.Log;
 import com.ruoyi.common.log.enums.BusinessType;
-import com.ruoyi.common.security.annotation.PreAuthorize;
+import com.ruoyi.common.security.annotation.RequiresPermissions;
 import ${packageName}.domain.${ClassName};
 import ${packageName}.service.I${ClassName}Service;
 import com.ruoyi.common.core.web.controller.BaseController;
@@ -41,7 +41,7 @@ public class ${ClassName}Controller extends BaseController
     /**
      * 查询${functionName}列表
      */
-    @PreAuthorize(hasPermi = "${permissionPrefix}:list")
+    @RequiresPermissions("${permissionPrefix}:list")
     @GetMapping("/list")
 #if($table.crud || $table.sub)
     public TableDataInfo list(${ClassName} ${className})
@@ -61,7 +61,7 @@ public class ${ClassName}Controller extends BaseController
     /**
      * 导出${functionName}列表
      */
-    @PreAuthorize(hasPermi = "${permissionPrefix}:export")
+    @RequiresPermissions("${permissionPrefix}:export")
     @Log(title = "${functionName}", businessType = BusinessType.EXPORT)
     @PostMapping("/export")
     public void export(HttpServletResponse response, ${ClassName} ${className}) throws IOException
@@ -74,7 +74,7 @@ public class ${ClassName}Controller extends BaseController
     /**
      * 获取${functionName}详细信息
      */
-    @PreAuthorize(hasPermi = "${permissionPrefix}:query")
+    @RequiresPermissions("${permissionPrefix}:query")
     @GetMapping(value = "/{${pkColumn.javaField}}")
     public AjaxResult getInfo(@PathVariable("${pkColumn.javaField}") ${pkColumn.javaType} ${pkColumn.javaField})
     {
@@ -84,7 +84,7 @@ public class ${ClassName}Controller extends BaseController
     /**
      * 新增${functionName}
      */
-    @PreAuthorize(hasPermi = "${permissionPrefix}:add")
+    @RequiresPermissions("${permissionPrefix}:add")
     @Log(title = "${functionName}", businessType = BusinessType.INSERT)
     @PostMapping
     public AjaxResult add(@RequestBody ${ClassName} ${className})
@@ -95,7 +95,7 @@ public class ${ClassName}Controller extends BaseController
     /**
      * 修改${functionName}
      */
-    @PreAuthorize(hasPermi = "${permissionPrefix}:edit")
+    @RequiresPermissions("${permissionPrefix}:edit")
     @Log(title = "${functionName}", businessType = BusinessType.UPDATE)
     @PutMapping
     public AjaxResult edit(@RequestBody ${ClassName} ${className})
@@ -106,7 +106,7 @@ public class ${ClassName}Controller extends BaseController
     /**
      * 删除${functionName}
      */
-    @PreAuthorize(hasPermi = "${permissionPrefix}:remove")
+    @RequiresPermissions("${permissionPrefix}:remove")
     @Log(title = "${functionName}", businessType = BusinessType.DELETE)
 	@DeleteMapping("/{${pkColumn.javaField}s}")
     public AjaxResult remove(@PathVariable ${pkColumn.javaType}[] ${pkColumn.javaField}s)

ruoyi-modules/ruoyi-job/src/main/java/com/ruoyi/job/controller/SysJobController.java

@@ -15,7 +15,6 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import com.ruoyi.common.core.constant.Constants;
 import com.ruoyi.common.core.exception.job.TaskException;
-import com.ruoyi.common.core.utils.SecurityUtils;
 import com.ruoyi.common.core.utils.StringUtils;
 import com.ruoyi.common.core.utils.poi.ExcelUtil;
 import com.ruoyi.common.core.web.controller.BaseController;
@@ -23,7 +22,8 @@ import com.ruoyi.common.core.web.domain.AjaxResult;
 import com.ruoyi.common.core.web.page.TableDataInfo;
 import com.ruoyi.common.log.annotation.Log;
 import com.ruoyi.common.log.enums.BusinessType;
-import com.ruoyi.common.security.annotation.PreAuthorize;
+import com.ruoyi.common.security.annotation.RequiresPermissions;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.job.domain.SysJob;
 import com.ruoyi.job.service.ISysJobService;
 import com.ruoyi.job.util.CronUtils;
@@ -43,7 +43,7 @@ public class SysJobController extends BaseController
     /**
      * 查询定时任务列表
      */
-    @PreAuthorize(hasPermi = "monitor:job:list")
+    @RequiresPermissions("monitor:job:list")
     @GetMapping("/list")
     public TableDataInfo list(SysJob sysJob)
     {
@@ -55,7 +55,7 @@ public class SysJobController extends BaseController
     /**
      * 导出定时任务列表
      */
-    @PreAuthorize(hasPermi = "monitor:job:export")
+    @RequiresPermissions("monitor:job:export")
     @Log(title = "定时任务", businessType = BusinessType.EXPORT)
     @PostMapping("/export")
     public void export(HttpServletResponse response, SysJob sysJob) throws IOException
@@ -68,7 +68,7 @@ public class SysJobController extends BaseController
     /**
      * 获取定时任务详细信息
      */
-    @PreAuthorize(hasPermi = "monitor:job:query")
+    @RequiresPermissions("monitor:job:query")
     @GetMapping(value = "/{jobId}")
     public AjaxResult getInfo(@PathVariable("jobId") Long jobId)
     {
@@ -78,7 +78,7 @@ public class SysJobController extends BaseController
     /**
      * 新增定时任务
      */
-    @PreAuthorize(hasPermi = "monitor:job:add")
+    @RequiresPermissions("monitor:job:add")
     @Log(title = "定时任务", businessType = BusinessType.INSERT)
     @PostMapping
     public AjaxResult add(@RequestBody SysJob job) throws SchedulerException, TaskException
@@ -106,7 +106,7 @@ public class SysJobController extends BaseController
     /**
      * 修改定时任务
      */
-    @PreAuthorize(hasPermi = "monitor:job:edit")
+    @RequiresPermissions("monitor:job:edit")
     @Log(title = "定时任务", businessType = BusinessType.UPDATE)
     @PutMapping
     public AjaxResult edit(@RequestBody SysJob job) throws SchedulerException, TaskException
@@ -134,7 +134,7 @@ public class SysJobController extends BaseController
     /**
      * 定时任务状态修改
      */
-    @PreAuthorize(hasPermi = "monitor:job:changeStatus")
+    @RequiresPermissions("monitor:job:changeStatus")
     @Log(title = "定时任务", businessType = BusinessType.UPDATE)
     @PutMapping("/changeStatus")
     public AjaxResult changeStatus(@RequestBody SysJob job) throws SchedulerException
@@ -147,7 +147,7 @@ public class SysJobController extends BaseController
     /**
      * 定时任务立即执行一次
      */
-    @PreAuthorize(hasPermi = "monitor:job:changeStatus")
+    @RequiresPermissions("monitor:job:changeStatus")
     @Log(title = "定时任务", businessType = BusinessType.UPDATE)
     @PutMapping("/run")
     public AjaxResult run(@RequestBody SysJob job) throws SchedulerException
@@ -159,7 +159,7 @@ public class SysJobController extends BaseController
     /**
      * 删除定时任务
      */
-    @PreAuthorize(hasPermi = "monitor:job:remove")
+    @RequiresPermissions("monitor:job:remove")
     @Log(title = "定时任务", businessType = BusinessType.DELETE)
     @DeleteMapping("/{jobIds}")
     public AjaxResult remove(@PathVariable Long[] jobIds) throws SchedulerException, TaskException

ruoyi-modules/ruoyi-job/src/main/java/com/ruoyi/job/controller/SysJobLogController.java

@@ -16,7 +16,7 @@ import com.ruoyi.common.core.web.domain.AjaxResult;
 import com.ruoyi.common.core.web.page.TableDataInfo;
 import com.ruoyi.common.log.annotation.Log;
 import com.ruoyi.common.log.enums.BusinessType;
-import com.ruoyi.common.security.annotation.PreAuthorize;
+import com.ruoyi.common.security.annotation.RequiresPermissions;
 import com.ruoyi.job.domain.SysJobLog;
 import com.ruoyi.job.service.ISysJobLogService;
 
@@ -35,7 +35,7 @@ public class SysJobLogController extends BaseController
     /**
      * 查询定时任务调度日志列表
      */
-    @PreAuthorize(hasPermi = "monitor:job:list")
+    @RequiresPermissions("monitor:job:list")
     @GetMapping("/list")
     public TableDataInfo list(SysJobLog sysJobLog)
     {
@@ -47,7 +47,7 @@ public class SysJobLogController extends BaseController
     /**
      * 导出定时任务调度日志列表
      */
-    @PreAuthorize(hasPermi = "monitor:job:export")
+    @RequiresPermissions("monitor:job:export")
     @Log(title = "任务调度日志", businessType = BusinessType.EXPORT)
     @PostMapping("/export")
     public void export(HttpServletResponse response, SysJobLog sysJobLog) throws IOException
@@ -60,7 +60,7 @@ public class SysJobLogController extends BaseController
     /**
      * 根据调度编号获取详细信息
      */
-    @PreAuthorize(hasPermi = "monitor:job:query")
+    @RequiresPermissions("monitor:job:query")
     @GetMapping(value = "/{configId}")
     public AjaxResult getInfo(@PathVariable Long jobLogId)
     {
@@ -70,7 +70,7 @@ public class SysJobLogController extends BaseController
     /**
      * 删除定时任务调度日志
      */
-    @PreAuthorize(hasPermi = "monitor:job:remove")
+    @RequiresPermissions("monitor:job:remove")
     @Log(title = "定时任务调度日志", businessType = BusinessType.DELETE)
     @DeleteMapping("/{jobLogIds}")
     public AjaxResult remove(@PathVariable Long[] jobLogIds)
@@ -81,7 +81,7 @@ public class SysJobLogController extends BaseController
     /**
      * 清空定时任务调度日志
      */
-    @PreAuthorize(hasPermi = "monitor:job:remove")
+    @RequiresPermissions("monitor:job:remove")
     @Log(title = "调度日志", businessType = BusinessType.CLEAN)
     @DeleteMapping("/clean")
     public AjaxResult clean()

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysConfigController.java

@@ -14,14 +14,14 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import com.ruoyi.common.core.constant.UserConstants;
-import com.ruoyi.common.core.utils.SecurityUtils;
 import com.ruoyi.common.core.utils.poi.ExcelUtil;
 import com.ruoyi.common.core.web.controller.BaseController;
 import com.ruoyi.common.core.web.domain.AjaxResult;
 import com.ruoyi.common.core.web.page.TableDataInfo;
 import com.ruoyi.common.log.annotation.Log;
 import com.ruoyi.common.log.enums.BusinessType;
-import com.ruoyi.common.security.annotation.PreAuthorize;
+import com.ruoyi.common.security.annotation.RequiresPermissions;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.domain.SysConfig;
 import com.ruoyi.system.service.ISysConfigService;
 
@@ -40,7 +40,7 @@ public class SysConfigController extends BaseController
     /**
      * 获取参数配置列表
      */
-    @PreAuthorize(hasPermi = "system:config:list")
+    @RequiresPermissions("system:config:list")
     @GetMapping("/list")
     public TableDataInfo list(SysConfig config)
     {
@@ -50,7 +50,7 @@ public class SysConfigController extends BaseController
     }
 
     @Log(title = "参数管理", businessType = BusinessType.EXPORT)
-    @PreAuthorize(hasPermi = "system:config:export")
+    @RequiresPermissions("system:config:export")
     @PostMapping("/export")
     public void export(HttpServletResponse response, SysConfig config) throws IOException
     {
@@ -80,7 +80,7 @@ public class SysConfigController extends BaseController
     /**
      * 新增参数配置
      */
-    @PreAuthorize(hasPermi = "system:config:add")
+    @RequiresPermissions("system:config:add")
     @Log(title = "参数管理", businessType = BusinessType.INSERT)
     @PostMapping
     public AjaxResult add(@Validated @RequestBody SysConfig config)
@@ -96,7 +96,7 @@ public class SysConfigController extends BaseController
     /**
      * 修改参数配置
      */
-    @PreAuthorize(hasPermi = "system:config:edit")
+    @RequiresPermissions("system:config:edit")
     @Log(title = "参数管理", businessType = BusinessType.UPDATE)
     @PutMapping
     public AjaxResult edit(@Validated @RequestBody SysConfig config)
@@ -112,7 +112,7 @@ public class SysConfigController extends BaseController
     /**
      * 删除参数配置
      */
-    @PreAuthorize(hasPermi = "system:config:remove")
+    @RequiresPermissions("system:config:remove")
     @Log(title = "参数管理", businessType = BusinessType.DELETE)
     @DeleteMapping("/{configIds}")
     public AjaxResult remove(@PathVariable Long[] configIds)
@@ -124,7 +124,7 @@ public class SysConfigController extends BaseController
     /**
      * 刷新参数缓存
      */
-    @PreAuthorize(hasPermi = "system:config:remove")
+    @RequiresPermissions("system:config:remove")
     @Log(title = "参数管理", businessType = BusinessType.CLEAN)
     @DeleteMapping("/refreshCache")
     public AjaxResult refreshCache()

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysDeptController.java

@@ -14,13 +14,13 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import com.ruoyi.common.core.constant.UserConstants;
-import com.ruoyi.common.core.utils.SecurityUtils;
 import com.ruoyi.common.core.utils.StringUtils;
 import com.ruoyi.common.core.web.controller.BaseController;
 import com.ruoyi.common.core.web.domain.AjaxResult;
 import com.ruoyi.common.log.annotation.Log;
 import com.ruoyi.common.log.enums.BusinessType;
-import com.ruoyi.common.security.annotation.PreAuthorize;
+import com.ruoyi.common.security.annotation.RequiresPermissions;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.api.domain.SysDept;
 import com.ruoyi.system.service.ISysDeptService;
 
@@ -39,7 +39,7 @@ public class SysDeptController extends BaseController
     /**
      * 获取部门列表
      */
-    @PreAuthorize(hasPermi = "system:dept:list")
+    @RequiresPermissions("system:dept:list")
     @GetMapping("/list")
     public AjaxResult list(SysDept dept)
     {
@@ -50,7 +50,7 @@ public class SysDeptController extends BaseController
     /**
      * 查询部门列表（排除节点）
      */
-    @PreAuthorize(hasPermi = "system:dept:list")
+    @RequiresPermissions("system:dept:list")
     @GetMapping("/list/exclude/{deptId}")
     public AjaxResult excludeChild(@PathVariable(value = "deptId", required = false) Long deptId)
     {
@@ -71,7 +71,7 @@ public class SysDeptController extends BaseController
     /**
      * 根据部门编号获取详细信息
      */
-    @PreAuthorize(hasPermi = "system:dept:query")
+    @RequiresPermissions("system:dept:query")
     @GetMapping(value = "/{deptId}")
     public AjaxResult getInfo(@PathVariable Long deptId)
     {
@@ -105,7 +105,7 @@ public class SysDeptController extends BaseController
     /**
      * 新增部门
      */
-    @PreAuthorize(hasPermi = "system:dept:add")
+    @RequiresPermissions("system:dept:add")
     @Log(title = "部门管理", businessType = BusinessType.INSERT)
     @PostMapping
     public AjaxResult add(@Validated @RequestBody SysDept dept)
@@ -121,7 +121,7 @@ public class SysDeptController extends BaseController
     /**
      * 修改部门
      */
-    @PreAuthorize(hasPermi = "system:dept:edit")
+    @RequiresPermissions("system:dept:edit")
     @Log(title = "部门管理", businessType = BusinessType.UPDATE)
     @PutMapping
     public AjaxResult edit(@Validated @RequestBody SysDept dept)
@@ -146,7 +146,7 @@ public class SysDeptController extends BaseController
     /**
      * 删除部门
      */
-    @PreAuthorize(hasPermi = "system:dept:remove")
+    @RequiresPermissions("system:dept:remove")
     @Log(title = "部门管理", businessType = BusinessType.DELETE)
     @DeleteMapping("/{deptId}")
     public AjaxResult remove(@PathVariable Long deptId)

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysDictDataController.java

@@ -14,7 +14,6 @@ import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
-import com.ruoyi.common.core.utils.SecurityUtils;
 import com.ruoyi.common.core.utils.StringUtils;
 import com.ruoyi.common.core.utils.poi.ExcelUtil;
 import com.ruoyi.common.core.web.controller.BaseController;
@@ -22,7 +21,8 @@ import com.ruoyi.common.core.web.domain.AjaxResult;
 import com.ruoyi.common.core.web.page.TableDataInfo;
 import com.ruoyi.common.log.annotation.Log;
 import com.ruoyi.common.log.enums.BusinessType;
-import com.ruoyi.common.security.annotation.PreAuthorize;
+import com.ruoyi.common.security.annotation.RequiresPermissions;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.api.domain.SysDictData;
 import com.ruoyi.system.service.ISysDictDataService;
 import com.ruoyi.system.service.ISysDictTypeService;
@@ -42,7 +42,7 @@ public class SysDictDataController extends BaseController
     @Autowired
     private ISysDictTypeService dictTypeService;
 
-    @PreAuthorize(hasPermi = "system:dict:list")
+    @RequiresPermissions("system:dict:list")
     @GetMapping("/list")
     public TableDataInfo list(SysDictData dictData)
     {
@@ -52,7 +52,7 @@ public class SysDictDataController extends BaseController
     }
 
     @Log(title = "字典数据", businessType = BusinessType.EXPORT)
-    @PreAuthorize(hasPermi = "system:dict:export")
+    @RequiresPermissions("system:dict:export")
     @PostMapping("/export")
     public void export(HttpServletResponse response, SysDictData dictData) throws IOException
     {
@@ -64,7 +64,7 @@ public class SysDictDataController extends BaseController
     /**
      * 查询字典数据详细
      */
-    @PreAuthorize(hasPermi = "system:dict:query")
+    @RequiresPermissions("system:dict:query")
     @GetMapping(value = "/{dictCode}")
     public AjaxResult getInfo(@PathVariable Long dictCode)
     {
@@ -88,7 +88,7 @@ public class SysDictDataController extends BaseController
     /**
      * 新增字典类型
      */
-    @PreAuthorize(hasPermi = "system:dict:add")
+    @RequiresPermissions("system:dict:add")
     @Log(title = "字典数据", businessType = BusinessType.INSERT)
     @PostMapping
     public AjaxResult add(@Validated @RequestBody SysDictData dict)
@@ -100,7 +100,7 @@ public class SysDictDataController extends BaseController
     /**
      * 修改保存字典类型
      */
-    @PreAuthorize(hasPermi = "system:dict:edit")
+    @RequiresPermissions("system:dict:edit")
     @Log(title = "字典数据", businessType = BusinessType.UPDATE)
     @PutMapping
     public AjaxResult edit(@Validated @RequestBody SysDictData dict)
@@ -112,7 +112,7 @@ public class SysDictDataController extends BaseController
     /**
      * 删除字典类型
      */
-    @PreAuthorize(hasPermi = "system:dict:remove")
+    @RequiresPermissions("system:dict:remove")
     @Log(title = "字典类型", businessType = BusinessType.DELETE)
     @DeleteMapping("/{dictCodes}")
     public AjaxResult remove(@PathVariable Long[] dictCodes)

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysDictTypeController.java

@@ -14,14 +14,14 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import com.ruoyi.common.core.constant.UserConstants;
-import com.ruoyi.common.core.utils.SecurityUtils;
 import com.ruoyi.common.core.utils.poi.ExcelUtil;
 import com.ruoyi.common.core.web.controller.BaseController;
 import com.ruoyi.common.core.web.domain.AjaxResult;
 import com.ruoyi.common.core.web.page.TableDataInfo;
 import com.ruoyi.common.log.annotation.Log;
 import com.ruoyi.common.log.enums.BusinessType;
-import com.ruoyi.common.security.annotation.PreAuthorize;
+import com.ruoyi.common.security.annotation.RequiresPermissions;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.api.domain.SysDictType;
 import com.ruoyi.system.service.ISysDictTypeService;
 
@@ -37,7 +37,7 @@ public class SysDictTypeController extends BaseController
     @Autowired
     private ISysDictTypeService dictTypeService;
 
-    @PreAuthorize(hasPermi = "system:dict:list")
+    @RequiresPermissions("system:dict:list")
     @GetMapping("/list")
     public TableDataInfo list(SysDictType dictType)
     {
@@ -47,7 +47,7 @@ public class SysDictTypeController extends BaseController
     }
 
     @Log(title = "字典类型", businessType = BusinessType.EXPORT)
-    @PreAuthorize(hasPermi = "system:dict:export")
+    @RequiresPermissions("system:dict:export")
     @PostMapping("/export")
     public void export(HttpServletResponse response, SysDictType dictType) throws IOException
     {
@@ -59,7 +59,7 @@ public class SysDictTypeController extends BaseController
     /**
      * 查询字典类型详细
      */
-    @PreAuthorize(hasPermi = "system:dict:query")
+    @RequiresPermissions("system:dict:query")
     @GetMapping(value = "/{dictId}")
     public AjaxResult getInfo(@PathVariable Long dictId)
     {
@@ -69,7 +69,7 @@ public class SysDictTypeController extends BaseController
     /**
      * 新增字典类型
      */
-    @PreAuthorize(hasPermi = "system:dict:add")
+    @RequiresPermissions("system:dict:add")
     @Log(title = "字典类型", businessType = BusinessType.INSERT)
     @PostMapping
     public AjaxResult add(@Validated @RequestBody SysDictType dict)
@@ -85,7 +85,7 @@ public class SysDictTypeController extends BaseController
     /**
      * 修改字典类型
      */
-    @PreAuthorize(hasPermi = "system:dict:edit")
+    @RequiresPermissions("system:dict:edit")
     @Log(title = "字典类型", businessType = BusinessType.UPDATE)
     @PutMapping
     public AjaxResult edit(@Validated @RequestBody SysDictType dict)
@@ -101,7 +101,7 @@ public class SysDictTypeController extends BaseController
     /**
      * 删除字典类型
      */
-    @PreAuthorize(hasPermi = "system:dict:remove")
+    @RequiresPermissions("system:dict:remove")
     @Log(title = "字典类型", businessType = BusinessType.DELETE)
     @DeleteMapping("/{dictIds}")
     public AjaxResult remove(@PathVariable Long[] dictIds)
@@ -113,7 +113,7 @@ public class SysDictTypeController extends BaseController
     /**
      * 刷新字典缓存
      */
-    @PreAuthorize(hasPermi = "system:dict:remove")
+    @RequiresPermissions("system:dict:remove")
     @Log(title = "字典类型", businessType = BusinessType.CLEAN)
     @DeleteMapping("/refreshCache")
     public AjaxResult refreshCache()

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysLogininforController.java

@@ -18,7 +18,7 @@ import com.ruoyi.common.core.web.page.TableDataInfo;
 import com.ruoyi.common.log.annotation.Log;
 import com.ruoyi.common.log.enums.BusinessType;
 import com.ruoyi.common.security.annotation.InnerAuth;
-import com.ruoyi.common.security.annotation.PreAuthorize;
+import com.ruoyi.common.security.annotation.RequiresPermissions;
 import com.ruoyi.system.api.domain.SysLogininfor;
 import com.ruoyi.system.service.ISysLogininforService;
 
@@ -34,7 +34,7 @@ public class SysLogininforController extends BaseController
     @Autowired
     private ISysLogininforService logininforService;
 
-    @PreAuthorize(hasPermi = "system:logininfor:list")
+    @RequiresPermissions("system:logininfor:list")
     @GetMapping("/list")
     public TableDataInfo list(SysLogininfor logininfor)
     {
@@ -44,7 +44,7 @@ public class SysLogininforController extends BaseController
     }
 
     @Log(title = "登录日志", businessType = BusinessType.EXPORT)
-    @PreAuthorize(hasPermi = "system:logininfor:export")
+    @RequiresPermissions("system:logininfor:export")
     @PostMapping("/export")
     public void export(HttpServletResponse response, SysLogininfor logininfor) throws IOException
     {
@@ -53,7 +53,7 @@ public class SysLogininforController extends BaseController
         util.exportExcel(response, list, "登录日志");
     }
 
-    @PreAuthorize(hasPermi = "system:logininfor:remove")
+    @RequiresPermissions("system:logininfor:remove")
     @Log(title = "登录日志", businessType = BusinessType.DELETE)
     @DeleteMapping("/{infoIds}")
     public AjaxResult remove(@PathVariable Long[] infoIds)
@@ -61,7 +61,7 @@ public class SysLogininforController extends BaseController
         return toAjax(logininforService.deleteLogininforByIds(infoIds));
     }
 
-    @PreAuthorize(hasPermi = "system:logininfor:remove")
+    @RequiresPermissions("system:logininfor:remove")
     @Log(title = "登录日志", businessType = BusinessType.DELETE)
     @DeleteMapping("/clean")
     public AjaxResult clean()

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysMenuController.java

@@ -12,13 +12,13 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import com.ruoyi.common.core.constant.UserConstants;
-import com.ruoyi.common.core.utils.SecurityUtils;
 import com.ruoyi.common.core.utils.StringUtils;
 import com.ruoyi.common.core.web.controller.BaseController;
 import com.ruoyi.common.core.web.domain.AjaxResult;
 import com.ruoyi.common.log.annotation.Log;
 import com.ruoyi.common.log.enums.BusinessType;
-import com.ruoyi.common.security.annotation.PreAuthorize;
+import com.ruoyi.common.security.annotation.RequiresPermissions;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.domain.SysMenu;
 import com.ruoyi.system.service.ISysMenuService;
 
@@ -37,7 +37,7 @@ public class SysMenuController extends BaseController
     /**
      * 获取菜单列表
      */
-    @PreAuthorize(hasPermi = "system:menu:list")
+    @RequiresPermissions("system:menu:list")
     @GetMapping("/list")
     public AjaxResult list(SysMenu menu)
     {
@@ -49,7 +49,7 @@ public class SysMenuController extends BaseController
     /**
      * 根据菜单编号获取详细信息
      */
-    @PreAuthorize(hasPermi = "system:menu:query")
+    @RequiresPermissions("system:menu:query")
     @GetMapping(value = "/{menuId}")
     public AjaxResult getInfo(@PathVariable Long menuId)
     {
@@ -84,7 +84,7 @@ public class SysMenuController extends BaseController
     /**
      * 新增菜单
      */
-    @PreAuthorize(hasPermi = "system:menu:add")
+    @RequiresPermissions("system:menu:add")
     @Log(title = "菜单管理", businessType = BusinessType.INSERT)
     @PostMapping
     public AjaxResult add(@Validated @RequestBody SysMenu menu)
@@ -104,7 +104,7 @@ public class SysMenuController extends BaseController
     /**
      * 修改菜单
      */
-    @PreAuthorize(hasPermi = "system:menu:edit")
+    @RequiresPermissions("system:menu:edit")
     @Log(title = "菜单管理", businessType = BusinessType.UPDATE)
     @PutMapping
     public AjaxResult edit(@Validated @RequestBody SysMenu menu)
@@ -128,7 +128,7 @@ public class SysMenuController extends BaseController
     /**
      * 删除菜单
      */
-    @PreAuthorize(hasPermi = "system:menu:remove")
+    @RequiresPermissions("system:menu:remove")
     @Log(title = "菜单管理", businessType = BusinessType.DELETE)
     @DeleteMapping("/{menuId}")
     public AjaxResult remove(@PathVariable("menuId") Long menuId)

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysNoticeController.java

@@ -11,13 +11,13 @@ import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
-import com.ruoyi.common.core.utils.SecurityUtils;
 import com.ruoyi.common.core.web.controller.BaseController;
 import com.ruoyi.common.core.web.domain.AjaxResult;
 import com.ruoyi.common.core.web.page.TableDataInfo;
 import com.ruoyi.common.log.annotation.Log;
 import com.ruoyi.common.log.enums.BusinessType;
-import com.ruoyi.common.security.annotation.PreAuthorize;
+import com.ruoyi.common.security.annotation.RequiresPermissions;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.domain.SysNotice;
 import com.ruoyi.system.service.ISysNoticeService;
 
@@ -36,7 +36,7 @@ public class SysNoticeController extends BaseController
     /**
      * 获取通知公告列表
      */
-    @PreAuthorize(hasPermi = "system:notice:list")
+    @RequiresPermissions("system:notice:list")
     @GetMapping("/list")
     public TableDataInfo list(SysNotice notice)
     {
@@ -48,7 +48,7 @@ public class SysNoticeController extends BaseController
     /**
      * 根据通知公告编号获取详细信息
      */
-    @PreAuthorize(hasPermi = "system:notice:query")
+    @RequiresPermissions("system:notice:query")
     @GetMapping(value = "/{noticeId}")
     public AjaxResult getInfo(@PathVariable Long noticeId)
     {
@@ -58,7 +58,7 @@ public class SysNoticeController extends BaseController
     /**
      * 新增通知公告
      */
-    @PreAuthorize(hasPermi = "system:notice:add")
+    @RequiresPermissions("system:notice:add")
     @Log(title = "通知公告", businessType = BusinessType.INSERT)
     @PostMapping
     public AjaxResult add(@Validated @RequestBody SysNotice notice)
@@ -70,7 +70,7 @@ public class SysNoticeController extends BaseController
     /**
      * 修改通知公告
      */
-    @PreAuthorize(hasPermi = "system:notice:edit")
+    @RequiresPermissions("system:notice:edit")
     @Log(title = "通知公告", businessType = BusinessType.UPDATE)
     @PutMapping
     public AjaxResult edit(@Validated @RequestBody SysNotice notice)
@@ -82,7 +82,7 @@ public class SysNoticeController extends BaseController
     /**
      * 删除通知公告
      */
-    @PreAuthorize(hasPermi = "system:notice:remove")
+    @RequiresPermissions("system:notice:remove")
     @Log(title = "通知公告", businessType = BusinessType.DELETE)
     @DeleteMapping("/{noticeIds}")
     public AjaxResult remove(@PathVariable Long[] noticeIds)

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysOperlogController.java

@@ -18,7 +18,7 @@ import com.ruoyi.common.core.web.page.TableDataInfo;
 import com.ruoyi.common.log.annotation.Log;
 import com.ruoyi.common.log.enums.BusinessType;
 import com.ruoyi.common.security.annotation.InnerAuth;
-import com.ruoyi.common.security.annotation.PreAuthorize;
+import com.ruoyi.common.security.annotation.RequiresPermissions;
 import com.ruoyi.system.api.domain.SysOperLog;
 import com.ruoyi.system.service.ISysOperLogService;
 
@@ -34,7 +34,7 @@ public class SysOperlogController extends BaseController
     @Autowired
     private ISysOperLogService operLogService;
 
-    @PreAuthorize(hasPermi = "system:operlog:list")
+    @RequiresPermissions("system:operlog:list")
     @GetMapping("/list")
     public TableDataInfo list(SysOperLog operLog)
     {
@@ -44,7 +44,7 @@ public class SysOperlogController extends BaseController
     }
 
     @Log(title = "操作日志", businessType = BusinessType.EXPORT)
-    @PreAuthorize(hasPermi = "system:operlog:export")
+    @RequiresPermissions("system:operlog:export")
     @PostMapping("/export")
     public void export(HttpServletResponse response, SysOperLog operLog) throws IOException
     {
@@ -54,14 +54,14 @@ public class SysOperlogController extends BaseController
     }
 
     @Log(title = "操作日志", businessType = BusinessType.DELETE)
-    @PreAuthorize(hasPermi = "system:operlog:remove")
+    @RequiresPermissions("system:operlog:remove")
     @DeleteMapping("/{operIds}")
     public AjaxResult remove(@PathVariable Long[] operIds)
     {
         return toAjax(operLogService.deleteOperLogByIds(operIds));
     }
 
-    @PreAuthorize(hasPermi = "system:operlog:remove")
+    @RequiresPermissions("system:operlog:remove")
     @Log(title = "操作日志", businessType = BusinessType.CLEAN)
     @DeleteMapping("/clean")
     public AjaxResult clean()

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysPostController.java

@@ -14,14 +14,14 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import com.ruoyi.common.core.constant.UserConstants;
-import com.ruoyi.common.core.utils.SecurityUtils;
 import com.ruoyi.common.core.utils.poi.ExcelUtil;
 import com.ruoyi.common.core.web.controller.BaseController;
 import com.ruoyi.common.core.web.domain.AjaxResult;
 import com.ruoyi.common.core.web.page.TableDataInfo;
 import com.ruoyi.common.log.annotation.Log;
 import com.ruoyi.common.log.enums.BusinessType;
-import com.ruoyi.common.security.annotation.PreAuthorize;
+import com.ruoyi.common.security.annotation.RequiresPermissions;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.domain.SysPost;
 import com.ruoyi.system.service.ISysPostService;
 
@@ -40,7 +40,7 @@ public class SysPostController extends BaseController
     /**
      * 获取岗位列表
      */
-    @PreAuthorize(hasPermi = "system:post:list")
+    @RequiresPermissions("system:post:list")
     @GetMapping("/list")
     public TableDataInfo list(SysPost post)
     {
@@ -50,7 +50,7 @@ public class SysPostController extends BaseController
     }
 
     @Log(title = "岗位管理", businessType = BusinessType.EXPORT)
-    @PreAuthorize(hasPermi = "system:post:export")
+    @RequiresPermissions("system:post:export")
     @PostMapping("/export")
     public void export(HttpServletResponse response, SysPost post) throws IOException
     {
@@ -62,7 +62,7 @@ public class SysPostController extends BaseController
     /**
      * 根据岗位编号获取详细信息
      */
-    @PreAuthorize(hasPermi = "system:post:query")
+    @RequiresPermissions("system:post:query")
     @GetMapping(value = "/{postId}")
     public AjaxResult getInfo(@PathVariable Long postId)
     {
@@ -72,7 +72,7 @@ public class SysPostController extends BaseController
     /**
      * 新增岗位
      */
-    @PreAuthorize(hasPermi = "system:post:add")
+    @RequiresPermissions("system:post:add")
     @Log(title = "岗位管理", businessType = BusinessType.INSERT)
     @PostMapping
     public AjaxResult add(@Validated @RequestBody SysPost post)
@@ -92,7 +92,7 @@ public class SysPostController extends BaseController
     /**
      * 修改岗位
      */
-    @PreAuthorize(hasPermi = "system:post:edit")
+    @RequiresPermissions("system:post:edit")
     @Log(title = "岗位管理", businessType = BusinessType.UPDATE)
     @PutMapping
     public AjaxResult edit(@Validated @RequestBody SysPost post)
@@ -112,7 +112,7 @@ public class SysPostController extends BaseController
     /**
      * 删除岗位
      */
-    @PreAuthorize(hasPermi = "system:post:remove")
+    @RequiresPermissions("system:post:remove")
     @Log(title = "岗位管理", businessType = BusinessType.DELETE)
     @DeleteMapping("/{postIds}")
     public AjaxResult remove(@PathVariable Long[] postIds)

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysProfileController.java

@@ -12,14 +12,13 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.multipart.MultipartFile;
 import com.ruoyi.common.core.constant.UserConstants;
 import com.ruoyi.common.core.domain.R;
-import com.ruoyi.common.core.utils.SecurityUtils;
-import com.ruoyi.common.core.utils.ServletUtils;
 import com.ruoyi.common.core.utils.StringUtils;
 import com.ruoyi.common.core.web.controller.BaseController;
 import com.ruoyi.common.core.web.domain.AjaxResult;
 import com.ruoyi.common.log.annotation.Log;
 import com.ruoyi.common.log.enums.BusinessType;
 import com.ruoyi.common.security.service.TokenService;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.api.RemoteFileService;
 import com.ruoyi.system.api.domain.SysFile;
 import com.ruoyi.system.api.domain.SysUser;
@@ -75,7 +74,7 @@ public class SysProfileController extends BaseController
         {
             return AjaxResult.error("修改用户'" + user.getUserName() + "'失败，邮箱账号已存在");
         }
-        LoginUser loginUser = tokenService.getLoginUser();
+        LoginUser loginUser = SecurityUtils.getLoginUser();
         SysUser sysUser = loginUser.getSysUser();
         user.setUserId(sysUser.getUserId());
         user.setPassword(null);
@@ -113,7 +112,7 @@ public class SysProfileController extends BaseController
         if (userService.resetUserPwd(username, SecurityUtils.encryptPassword(newPassword)) > 0)
         {
             // 更新缓存用户密码
-            LoginUser loginUser = tokenService.getLoginUser();
+            LoginUser loginUser = SecurityUtils.getLoginUser();
             loginUser.getSysUser().setPassword(SecurityUtils.encryptPassword(newPassword));
             tokenService.setLoginUser(loginUser);
             return AjaxResult.success();
@@ -130,7 +129,7 @@ public class SysProfileController extends BaseController
     {
         if (!file.isEmpty())
         {
-            LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
+            LoginUser loginUser = SecurityUtils.getLoginUser();
             R<SysFile> fileResult = remoteFileService.upload(file);
             if (StringUtils.isNull(fileResult) || StringUtils.isNull(fileResult.getData()))
             {

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysRoleController.java

@@ -14,14 +14,14 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import com.ruoyi.common.core.constant.UserConstants;
-import com.ruoyi.common.core.utils.SecurityUtils;
 import com.ruoyi.common.core.utils.poi.ExcelUtil;
 import com.ruoyi.common.core.web.controller.BaseController;
 import com.ruoyi.common.core.web.domain.AjaxResult;
 import com.ruoyi.common.core.web.page.TableDataInfo;
 import com.ruoyi.common.log.annotation.Log;
 import com.ruoyi.common.log.enums.BusinessType;
-import com.ruoyi.common.security.annotation.PreAuthorize;
+import com.ruoyi.common.security.annotation.RequiresPermissions;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.api.domain.SysRole;
 import com.ruoyi.system.api.domain.SysUser;
 import com.ruoyi.system.domain.SysUserRole;
@@ -43,7 +43,7 @@ public class SysRoleController extends BaseController
     @Autowired
     private ISysUserService userService;
 
-    @PreAuthorize(hasPermi = "system:role:list")
+    @RequiresPermissions("system:role:list")
     @GetMapping("/list")
     public TableDataInfo list(SysRole role)
     {
@@ -53,7 +53,7 @@ public class SysRoleController extends BaseController
     }
 
     @Log(title = "角色管理", businessType = BusinessType.EXPORT)
-    @PreAuthorize(hasPermi = "system:role:export")
+    @RequiresPermissions("system:role:export")
     @PostMapping("/export")
     public void export(HttpServletResponse response, SysRole role) throws IOException
     {
@@ -65,7 +65,7 @@ public class SysRoleController extends BaseController
     /**
      * 根据角色编号获取详细信息
      */
-    @PreAuthorize(hasPermi = "system:role:query")
+    @RequiresPermissions("system:role:query")
     @GetMapping(value = "/{roleId}")
     public AjaxResult getInfo(@PathVariable Long roleId)
     {
@@ -76,7 +76,7 @@ public class SysRoleController extends BaseController
     /**
      * 新增角色
      */
-    @PreAuthorize(hasPermi = "system:role:add")
+    @RequiresPermissions("system:role:add")
     @Log(title = "角色管理", businessType = BusinessType.INSERT)
     @PostMapping
     public AjaxResult add(@Validated @RequestBody SysRole role)
@@ -97,7 +97,7 @@ public class SysRoleController extends BaseController
     /**
      * 修改保存角色
      */
-    @PreAuthorize(hasPermi = "system:role:edit")
+    @RequiresPermissions("system:role:edit")
     @Log(title = "角色管理", businessType = BusinessType.UPDATE)
     @PutMapping
     public AjaxResult edit(@Validated @RequestBody SysRole role)
@@ -118,7 +118,7 @@ public class SysRoleController extends BaseController
     /**
      * 修改保存数据权限
      */
-    @PreAuthorize(hasPermi = "system:role:edit")
+    @RequiresPermissions("system:role:edit")
     @Log(title = "角色管理", businessType = BusinessType.UPDATE)
     @PutMapping("/dataScope")
     public AjaxResult dataScope(@RequestBody SysRole role)
@@ -130,7 +130,7 @@ public class SysRoleController extends BaseController
     /**
      * 状态修改
      */
-    @PreAuthorize(hasPermi = "system:role:edit")
+    @RequiresPermissions("system:role:edit")
     @Log(title = "角色管理", businessType = BusinessType.UPDATE)
     @PutMapping("/changeStatus")
     public AjaxResult changeStatus(@RequestBody SysRole role)
@@ -143,7 +143,7 @@ public class SysRoleController extends BaseController
     /**
      * 删除角色
      */
-    @PreAuthorize(hasPermi = "system:role:remove")
+    @RequiresPermissions("system:role:remove")
     @Log(title = "角色管理", businessType = BusinessType.DELETE)
     @DeleteMapping("/{roleIds}")
     public AjaxResult remove(@PathVariable Long[] roleIds)
@@ -154,7 +154,7 @@ public class SysRoleController extends BaseController
     /**
      * 获取角色选择框列表
      */
-    @PreAuthorize(hasPermi = "system:role:query")
+    @RequiresPermissions("system:role:query")
     @GetMapping("/optionselect")
     public AjaxResult optionselect()
     {
@@ -163,7 +163,7 @@ public class SysRoleController extends BaseController
     /**
      * 查询已分配用户角色列表
      */
-    @PreAuthorize(hasPermi = "system:role:list")
+    @RequiresPermissions("system:role:list")
     @GetMapping("/authUser/allocatedList")
     public TableDataInfo allocatedList(SysUser user)
     {
@@ -175,7 +175,7 @@ public class SysRoleController extends BaseController
     /**
      * 查询未分配用户角色列表
      */
-    @PreAuthorize(hasPermi = "system:role:list")
+    @RequiresPermissions("system:role:list")
     @GetMapping("/authUser/unallocatedList")
     public TableDataInfo unallocatedList(SysUser user)
     {
@@ -187,7 +187,7 @@ public class SysRoleController extends BaseController
     /**
      * 取消授权用户
      */
-    @PreAuthorize(hasPermi = "system:role:edit")
+    @RequiresPermissions("system:role:edit")
     @Log(title = "角色管理", businessType = BusinessType.GRANT)
     @PutMapping("/authUser/cancel")
     public AjaxResult cancelAuthUser(@RequestBody SysUserRole userRole)
@@ -198,7 +198,7 @@ public class SysRoleController extends BaseController
     /**
      * 批量取消授权用户
      */
-    @PreAuthorize(hasPermi = "system:role:edit")
+    @RequiresPermissions("system:role:edit")
     @Log(title = "角色管理", businessType = BusinessType.GRANT)
     @PutMapping("/authUser/cancelAll")
     public AjaxResult cancelAuthUserAll(Long roleId, Long[] userIds)
@@ -209,7 +209,7 @@ public class SysRoleController extends BaseController
     /**
      * 批量选择用户授权
      */
-    @PreAuthorize(hasPermi = "system:role:edit")
+    @RequiresPermissions("system:role:edit")
     @Log(title = "角色管理", businessType = BusinessType.GRANT)
     @PutMapping("/authUser/selectAll")
     public AjaxResult selectAuthUserAll(Long roleId, Long[] userIds)

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java

@@ -19,7 +19,6 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.multipart.MultipartFile;
 import com.ruoyi.common.core.constant.UserConstants;
 import com.ruoyi.common.core.domain.R;
-import com.ruoyi.common.core.utils.SecurityUtils;
 import com.ruoyi.common.core.utils.StringUtils;
 import com.ruoyi.common.core.utils.poi.ExcelUtil;
 import com.ruoyi.common.core.web.controller.BaseController;
@@ -28,7 +27,8 @@ import com.ruoyi.common.core.web.page.TableDataInfo;
 import com.ruoyi.common.log.annotation.Log;
 import com.ruoyi.common.log.enums.BusinessType;
 import com.ruoyi.common.security.annotation.InnerAuth;
-import com.ruoyi.common.security.annotation.PreAuthorize;
+import com.ruoyi.common.security.annotation.RequiresPermissions;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.api.domain.SysRole;
 import com.ruoyi.system.api.domain.SysUser;
 import com.ruoyi.system.api.model.LoginUser;
@@ -65,7 +65,7 @@ public class SysUserController extends BaseController
     /**
      * 获取用户列表
      */
-    @PreAuthorize(hasPermi = "system:user:list")
+    @RequiresPermissions("system:user:list")
     @GetMapping("/list")
     public TableDataInfo list(SysUser user)
     {
@@ -75,7 +75,7 @@ public class SysUserController extends BaseController
     }
 
     @Log(title = "用户管理", businessType = BusinessType.EXPORT)
-    @PreAuthorize(hasPermi = "system:user:export")
+    @RequiresPermissions("system:user:export")
     @PostMapping("/export")
     public void export(HttpServletResponse response, SysUser user) throws IOException
     {
@@ -85,7 +85,7 @@ public class SysUserController extends BaseController
     }
 
     @Log(title = "用户管理", businessType = BusinessType.IMPORT)
-    @PreAuthorize(hasPermi = "system:user:import")
+    @RequiresPermissions("system:user:import")
     @PostMapping("/importData")
     public AjaxResult importData(MultipartFile file, boolean updateSupport) throws Exception
     {
@@ -168,7 +168,7 @@ public class SysUserController extends BaseController
     /**
      * 根据用户编号获取详细信息
      */
-    @PreAuthorize(hasPermi = "system:user:query")
+    @RequiresPermissions("system:user:query")
     @GetMapping(value = { "/", "/{userId}" })
     public AjaxResult getInfo(@PathVariable(value = "userId", required = false) Long userId)
     {
@@ -189,7 +189,7 @@ public class SysUserController extends BaseController
     /**
      * 新增用户
      */
-    @PreAuthorize(hasPermi = "system:user:add")
+    @RequiresPermissions("system:user:add")
     @Log(title = "用户管理", businessType = BusinessType.INSERT)
     @PostMapping
     public AjaxResult add(@Validated @RequestBody SysUser user)
@@ -216,7 +216,7 @@ public class SysUserController extends BaseController
     /**
      * 修改用户
      */
-    @PreAuthorize(hasPermi = "system:user:edit")
+    @RequiresPermissions("system:user:edit")
     @Log(title = "用户管理", businessType = BusinessType.UPDATE)
     @PutMapping
     public AjaxResult edit(@Validated @RequestBody SysUser user)
@@ -239,7 +239,7 @@ public class SysUserController extends BaseController
     /**
      * 删除用户
      */
-    @PreAuthorize(hasPermi = "system:user:remove")
+    @RequiresPermissions("system:user:remove")
     @Log(title = "用户管理", businessType = BusinessType.DELETE)
     @DeleteMapping("/{userIds}")
     public AjaxResult remove(@PathVariable Long[] userIds)
@@ -254,7 +254,7 @@ public class SysUserController extends BaseController
     /**
      * 重置密码
      */
-    @PreAuthorize(hasPermi = "system:user:edit")
+    @RequiresPermissions("system:user:edit")
     @Log(title = "用户管理", businessType = BusinessType.UPDATE)
     @PutMapping("/resetPwd")
     public AjaxResult resetPwd(@RequestBody SysUser user)
@@ -268,7 +268,7 @@ public class SysUserController extends BaseController
     /**
      * 状态修改
      */
-    @PreAuthorize(hasPermi = "system:user:edit")
+    @RequiresPermissions("system:user:edit")
     @Log(title = "用户管理", businessType = BusinessType.UPDATE)
     @PutMapping("/changeStatus")
     public AjaxResult changeStatus(@RequestBody SysUser user)
@@ -281,7 +281,7 @@ public class SysUserController extends BaseController
     /**
      * 根据用户编号获取授权角色
      */
-    @PreAuthorize(hasPermi = "system:user:query")
+    @RequiresPermissions("system:user:query")
     @GetMapping("/authRole/{userId}")
     public AjaxResult authRole(@PathVariable("userId") Long userId)
     {
@@ -296,7 +296,7 @@ public class SysUserController extends BaseController
     /**
      * 用户授权角色
      */
-    @PreAuthorize(hasPermi = "system:user:edit")
+    @RequiresPermissions("system:user:edit")
     @Log(title = "用户管理", businessType = BusinessType.GRANT)
     @PutMapping("/authRole")
     public AjaxResult insertAuthRole(Long userId, Long[] roleIds)

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserOnlineController.java

@@ -18,7 +18,7 @@ import com.ruoyi.common.core.web.page.TableDataInfo;
 import com.ruoyi.common.log.annotation.Log;
 import com.ruoyi.common.log.enums.BusinessType;
 import com.ruoyi.common.redis.service.RedisService;
-import com.ruoyi.common.security.annotation.PreAuthorize;
+import com.ruoyi.common.security.annotation.RequiresPermissions;
 import com.ruoyi.system.api.model.LoginUser;
 import com.ruoyi.system.domain.SysUserOnline;
 import com.ruoyi.system.service.ISysUserOnlineService;
@@ -38,7 +38,7 @@ public class SysUserOnlineController extends BaseController
     @Autowired
     private RedisService redisService;
 
-    @PreAuthorize(hasPermi = "monitor:online:list")
+    @RequiresPermissions("monitor:online:list")
     @GetMapping("/list")
     public TableDataInfo list(String ipaddr, String userName)
     {
@@ -81,7 +81,7 @@ public class SysUserOnlineController extends BaseController
     /**
      * 强退用户
      */
-    @PreAuthorize(hasPermi = "monitor:online:forceLogout")
+    @RequiresPermissions("monitor:online:forceLogout")
     @Log(title = "在线用户", businessType = BusinessType.FORCE)
     @DeleteMapping("/{tokenId}")
     public AjaxResult forceLogout(@PathVariable String tokenId)

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysRoleMapper.java

@@ -40,7 +40,7 @@ public interface SysRoleMapper
      * @param userId 用户ID
      * @return 选中角色ID列表
      */
-    public List<Integer> selectRoleListByUserId(Long userId);
+    public List<Long> selectRoleListByUserId(Long userId);
 
     /**
      * 通过角色ID查询角色

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java

@@ -49,7 +49,7 @@ public interface ISysRoleService
      * @param userId 用户ID
      * @return 选中角色ID列表
      */
-    public List<Integer> selectRoleListByUserId(Long userId);
+    public List<Long> selectRoleListByUserId(Long userId);
 
     /**
      * 通过角色ID查询角色

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java

@@ -9,10 +9,10 @@ import org.springframework.stereotype.Service;
 import com.ruoyi.common.core.constant.UserConstants;
 import com.ruoyi.common.core.exception.ServiceException;
 import com.ruoyi.common.core.text.Convert;
-import com.ruoyi.common.core.utils.SecurityUtils;
 import com.ruoyi.common.core.utils.SpringUtils;
 import com.ruoyi.common.core.utils.StringUtils;
 import com.ruoyi.common.datascope.annotation.DataScope;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.api.domain.SysDept;
 import com.ruoyi.system.api.domain.SysRole;
 import com.ruoyi.system.api.domain.SysUser;

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java

@@ -12,8 +12,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import com.ruoyi.common.core.constant.Constants;
 import com.ruoyi.common.core.constant.UserConstants;
-import com.ruoyi.common.core.utils.SecurityUtils;
 import com.ruoyi.common.core.utils.StringUtils;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.api.domain.SysRole;
 import com.ruoyi.system.api.domain.SysUser;
 import com.ruoyi.system.domain.SysMenu;

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java

@@ -10,10 +10,10 @@ import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import com.ruoyi.common.core.constant.UserConstants;
 import com.ruoyi.common.core.exception.ServiceException;
-import com.ruoyi.common.core.utils.SecurityUtils;
 import com.ruoyi.common.core.utils.SpringUtils;
 import com.ruoyi.common.core.utils.StringUtils;
 import com.ruoyi.common.datascope.annotation.DataScope;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.api.domain.SysRole;
 import com.ruoyi.system.api.domain.SysUser;
 import com.ruoyi.system.domain.SysRoleDept;
@@ -122,7 +122,7 @@ public class SysRoleServiceImpl implements ISysRoleService
      * @return 选中角色ID列表
      */
     @Override
-    public List<Integer> selectRoleListByUserId(Long userId)
+    public List<Long> selectRoleListByUserId(Long userId)
     {
         return roleMapper.selectRoleListByUserId(userId);
     }

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java

@@ -9,10 +9,10 @@ import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import com.ruoyi.common.core.constant.UserConstants;
 import com.ruoyi.common.core.exception.ServiceException;
-import com.ruoyi.common.core.utils.SecurityUtils;
 import com.ruoyi.common.core.utils.SpringUtils;
 import com.ruoyi.common.core.utils.StringUtils;
 import com.ruoyi.common.datascope.annotation.DataScope;
+import com.ruoyi.common.security.utils.SecurityUtils;
 import com.ruoyi.system.api.domain.SysRole;
 import com.ruoyi.system.api.domain.SysUser;
 import com.ruoyi.system.domain.SysPost;

ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysRoleMapper.xml

@@ -65,7 +65,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
 		<include refid="selectRoleVo"/>
 	</select>
 	
-	<select id="selectRoleListByUserId" parameterType="Long" resultType="Integer">
+	<select id="selectRoleListByUserId" parameterType="Long" resultType="Long">
 		select r.role_id
         from sys_role r
 	        left join sys_user_role ur on ur.role_id = r.role_id

ruoyi-ui/src/layout/components/Settings/index.vue

@@ -162,7 +162,7 @@ export default {
       this.sideTheme = val;
     },
     saveSetting() {
-      this.$modal.loading("正在保存到本地，请稍后...");
+      this.$modal.loading("正在保存到本地，请稍候...");
       this.$cache.local.set(
         "layout-setting",
         `{
@@ -178,7 +178,7 @@ export default {
       setTimeout(this.$modal.closeLoading(), 1000)
     },
     resetSetting() {
-      this.$modal.loading("正在清除设置缓存并刷新，请稍后...");
+      this.$modal.loading("正在清除设置缓存并刷新，请稍候...");
       this.$cache.local.remove("layout-setting")
       setTimeout("window.location.reload()", 1000)
     }

ruoyi-ui/src/plugins/auth.js

@@ -0,0 +1,60 @@
+import store from '@/store'
+
+function authPermission(permission) {
+  const all_permission = "*:*:*";
+  const permissions = store.getters && store.getters.permissions
+  if (permission && permission.length > 0) {
+    return permissions.some(v => {
+      return all_permission === v || v === permission
+    })
+  } else {
+    return false
+  }
+}
+
+function authRole(role) {
+  const super_admin = "admin";
+  const roles = store.getters && store.getters.roles
+  if (role && role.length > 0) {
+    return roles.some(v => {
+      return super_admin === v || v === role
+    })
+  } else {
+    return false
+  }
+}
+
+export default {
+  // 验证用户是否具备某权限
+  hasPermi(permission) {
+    return authPermission(permission);
+  },
+  // 验证用户是否含有指定权限，只需包含其中一个
+  hasPermiOr(permissions) {
+    return permissions.some(item => {
+      return authPermission(item)
+    })
+  },
+  // 验证用户是否含有指定权限，必须全部拥有
+  hasPermiAnd(permissions) {
+    return permissions.every(item => {
+      return authPermission(item)
+    })
+  },
+  // 验证用户是否具备某角色
+  hasRole(role) {
+    return authRole(role);
+  },
+  // 验证用户是否含有指定角色，只需包含其中一个
+  hasRoleOr(roles) {
+    return roles.some(item => {
+      return authRole(item)
+    })
+  },
+  // 验证用户是否含有指定角色，必须全部拥有
+  hasRoleAnd(roles) {
+    return roles.every(item => {
+      return authRole(item)
+    })
+  }
+}

ruoyi-ui/src/plugins/download.js

@@ -1,6 +1,8 @@
-import { saveAs } from 'file-saver'
 import axios from 'axios'
+import { Message } from 'element-ui'
+import { saveAs } from 'file-saver'
 import { getToken } from '@/utils/auth'
+import { blobValidate } from "@/utils/ruoyi";
 
 const baseURL = process.env.VUE_APP_BASE_API
 
@@ -12,9 +14,14 @@ export default {
       url: url,
       responseType: 'blob',
       headers: { 'Authorization': 'Bearer ' + getToken() }
-    }).then(res => {
+    }).then(async (res) => {
-      const blob = new Blob([res.data], { type: 'application/zip' })
+      const isLogin = await blobValidate(res.data);
-      this.saveAs(blob, name)
+      if (isLogin) {
+        const blob = new Blob([res.data], { type: 'application/zip' })
+        this.saveAs(blob, name)
+      } else {
+        Message.error('无效的会话，或者会话已过期，请重新登录。');
+      }
     })
   },
   saveAs(text, name, opts) {

ruoyi-ui/src/plugins/index.js

@@ -1,9 +1,12 @@
+import auth from './auth'
 import cache from './cache'
 import modal from './modal'
 import download from './download'
 
 export default {
   install(Vue) {
+    // 认证对象
+    Vue.prototype.$auth = auth
     // 缓存对象
     Vue.prototype.$cache = cache
     // 模态框对象

ruoyi-ui/src/store/modules/permission.js

@@ -86,7 +86,7 @@ function filterChildren(childrenMap, lastRouter = false) {
   var children = []
   childrenMap.forEach((el, index) => {
     if (el.children && el.children.length) {
-      if (el.component === 'ParentView') {
+      if (el.component === 'ParentView' && !lastRouter) {
         el.children.forEach(c => {
           c.path = el.path + '/' + c.path
           if (c.children && c.children.length) {
@@ -106,8 +106,13 @@ function filterChildren(childrenMap, lastRouter = false) {
   return children
 }
 
-export const loadView = (view) => { // 路由懒加载
+export const loadView = (view) => {
-  return (resolve) => require([`@/views/${view}`], resolve)
+  if (process.env.NODE_ENV === 'development') {
+    return (resolve) => require([`@/views/${view}`], resolve)
+  } else {
+    // 使用 import 实现生产环境的路由懒加载
+    return () => import(`@/views/${view}`)
+  }
 }
 
 export default permission

ruoyi-ui/src/utils/request.js

@@ -3,7 +3,7 @@ import { Notification, MessageBox, Message, Loading } from 'element-ui'
 import store from '@/store'
 import { getToken } from '@/utils/auth'
 import errorCode from '@/utils/errorCode'
-import { tansParams } from "@/utils/ruoyi";
+import { tansParams, blobValidate } from "@/utils/ruoyi";
 import { saveAs } from 'file-saver'
 
 let downloadLoadingInstance;
@@ -43,6 +43,10 @@ service.interceptors.response.use(res => {
     const code = res.data.code || 200;
     // 获取错误信息
     const msg = errorCode[code] || res.data.msg || errorCode['default']
+    // 二进制数据则直接返回
+    if(res.request.responseType ===  'blob' || res.request.responseType ===  'arraybuffer'){
+      return res.data
+    }
     if (code === 401) {
       MessageBox.confirm('登录状态已过期，您可以继续留在该页面，或者重新登录', '系统提示', {
           confirmButtonText: '重新登录',
@@ -93,15 +97,19 @@ service.interceptors.response.use(res => {
 
 // 通用下载方法
 export function download(url, params, filename) {
-  downloadLoadingInstance = Loading.service({ text: "正在下载数据，请稍后", spinner: "el-icon-loading", background: "rgba(0, 0, 0, 0.7)", })
+  downloadLoadingInstance = Loading.service({ text: "正在下载数据，请稍候", spinner: "el-icon-loading", background: "rgba(0, 0, 0, 0.7)", })
   return service.post(url, params, {
     transformRequest: [(params) => { return tansParams(params) }],
     headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
     responseType: 'blob'
-  }).then((data) => {
+  }).then(async (data) => {
-    const content = data
+    const isLogin = await blobValidate(data);
-    const blob = new Blob([content])
+    if (isLogin) {
-    saveAs(blob, filename)
+      const blob = new Blob([data])
+      saveAs(blob, filename)
+    } else {
+      Message.error('无效的会话，或者会话已过期，请重新登录。');
+    }
     downloadLoadingInstance.close();
   }).catch((r) => {
     console.error(r)

ruoyi-ui/src/utils/ruoyi.js

@@ -214,3 +214,14 @@ export function tansParams(params) {
 	}
 	return result
 }
+
+// 验证是否为blob格式
+export async function blobValidate(data) {
+    try {
+      const text = await data.text();
+      JSON.parse(text);
+      return false;
+    } catch (error) {
+      return true;
+    }
+}

ruoyi-ui/src/views/system/role/index.vue

@@ -199,7 +199,7 @@
             ref="menu"
             node-key="id"
             :check-strictly="!form.menuCheckStrictly"
-            empty-text="加载中，请稍后"
+            empty-text="加载中，请稍候"
             :props="defaultProps"
           ></el-tree>
         </el-form-item>
@@ -244,7 +244,7 @@
             ref="dept"
             node-key="id"
             :check-strictly="!form.deptCheckStrictly"
-            empty-text="加载中，请稍后"
+            empty-text="加载中，请稍候"
             :props="defaultProps"
           ></el-tree>
         </el-form-item>