diff --git a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/aspect/PreAuthorizeAspect.java b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/aspect/PreAuthorizeAspect.java index 52d937c3..1c3397c5 100644 --- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/aspect/PreAuthorizeAspect.java +++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/aspect/PreAuthorizeAspect.java @@ -21,7 +21,7 @@ import java.lang.reflect.Method; */ @Aspect @Component -@ConditionalOnProperty(prefix = "security.aspect", name = "enabled", havingValue = "true", matchIfMissing = true) +@ConditionalOnProperty(prefix = "security.annotation", name = "enabled", havingValue = "true", matchIfMissing = true) public class PreAuthorizeAspect { /** diff --git a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/config/PathPermissionMappingConfig.java b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/config/PathPermissionMappingConfig.java index 2a2a479a..7afd7523 100644 --- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/config/PathPermissionMappingConfig.java +++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/config/PathPermissionMappingConfig.java @@ -19,18 +19,21 @@ import java.util.*; /** * =====================================网关鉴权使用说明======================================= * 场景: - * 微服务部署在内网,确定安全,无需在每个微服务都实现一次权限控制的逻辑,可以在网关层面实现统一鉴权 + * 微服务部署在内网,确定安全,无需在每个微服务都实现鉴权的逻辑,可以在网关层面实现统一鉴权 * 使用方式: - * 1、在每个微服务的配置文件中添加参数:security.aspect.enabled: false 关闭系统默认的通过注解方式鉴权,默认开启 - * 2、在每个微服务的配置文件中添加参数:routePrefix: 值为网关中微服务匹配的路由地址,例如: /auth + * 1、在每个微服务的配置文件中添加参数:security.annotation.enabled: false 关闭系统默认的通过注解方式鉴权,默认开启 + * 2、在每个微服务的配置文件中添加参数:pathPrefix: 值为网关中微服务匹配的路由地址前缀,例如: /auth * 3、在网关配置文件中添加参数:security.gateway.enabled: true 启用网关统一鉴权,默认关闭 * * 通过反射扫描所有控制器,缓存所有控制器的映射路径以及对应的权限注解,缓存到redis,方便网关鉴权 */ -@ConditionalOnProperty(prefix = "security.gateway", name = "enabled", havingValue = "true") +@ConditionalOnProperty(prefix = "security.annotation", name = "enabled", havingValue = "false") public class PathPermissionMappingConfig { - @Value("${routePrefix}") - private String routePrefix; + /** + * 微服务在网关配置中predicates中的Path前缀,例如: /system + */ + @Value("${pathPrefix}") + private String pathPrefix; @PostConstruct public PathPermissionMappingConfig execute() { @@ -85,7 +88,7 @@ public class PathPermissionMappingConfig { private void addPathPermsMap(String perms, Map pathPermsMap, Set methods, Set patternValues) { for (RequestMethod method : methods) { for (String patternValue : patternValues) { - String key = routePrefix + patternValue + "_" + method.name(); + String key = pathPrefix + patternValue + "_" + method.name(); pathPermsMap.put(key, perms); } } diff --git a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java index 65cf539d..d2540622 100644 --- a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java +++ b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java @@ -133,21 +133,21 @@ public class AuthFilter implements GlobalFilter, Ordered if(!rolePerms.isEmpty()) { if(rolePerms.contains(SecurityConstants.ROLE_ANON)) { - log.info("允许访问公共权限:{},{}", api, rolePerms); + log.debug("允许访问公共权限:{},{}", api, rolePerms); return true; } rolePerms = rolePerms.stream().map(item -> item.substring(SecurityConstants.ROLE_PREFIX.length())).collect(Collectors.toSet()); // 求交集 rolePerms.retainAll(roles); if(!rolePerms.isEmpty()) { - log.info("允许访问角色权限:{}, {}", api, rolePerms); + log.debug("允许访问角色权限:{}, {}", api, rolePerms); return true; } } // 求交集 matchedPerms.retainAll(permissions); if(!matchedPerms.isEmpty()) { - log.info("允许访问资源权限:{},{}", api, matchedPerms); + log.debug("允许访问资源权限:{},{}", api, matchedPerms); return true; } }