From e36b3642dad804a148c66a3500ca9a9969ae6bac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=A4=A9=E5=A4=A9=E5=90=91=E4=B8=8A?= <john.yi@qq.com>
Date: Tue, 29 Nov 2022 17:16:14 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E9=85=8D=E7=BD=AE=E5=8F=82?=
 =?UTF-8?q?=E6=95=B0=E7=9A=84=E5=90=8D=E5=AD=97=E5=92=8C=E6=97=A5=E5=BF=97?=
 =?UTF-8?q?=E8=BE=93=E5=87=BA=E7=BA=A7=E5=88=AB?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../security/aspect/PreAuthorizeAspect.java     |  2 +-
 .../config/PathPermissionMappingConfig.java     | 17 ++++++++++-------
 .../com/ruoyi/gateway/filter/AuthFilter.java    |  6 +++---
 3 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/aspect/PreAuthorizeAspect.java b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/aspect/PreAuthorizeAspect.java
index 52d937c3..1c3397c5 100644
--- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/aspect/PreAuthorizeAspect.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/aspect/PreAuthorizeAspect.java
@@ -21,7 +21,7 @@ import java.lang.reflect.Method;
  */
 @Aspect
 @Component
-@ConditionalOnProperty(prefix = "security.aspect", name = "enabled", havingValue = "true", matchIfMissing = true)
+@ConditionalOnProperty(prefix = "security.annotation", name = "enabled", havingValue = "true", matchIfMissing = true)
 public class PreAuthorizeAspect
 {
     /**
diff --git a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/config/PathPermissionMappingConfig.java b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/config/PathPermissionMappingConfig.java
index 2a2a479a..7afd7523 100644
--- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/config/PathPermissionMappingConfig.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/config/PathPermissionMappingConfig.java
@@ -19,18 +19,21 @@ import java.util.*;
 /**
  * =====================================网关鉴权使用说明=======================================
  * 场景：
- *      微服务部署在内网，确定安全，无需在每个微服务都实现一次权限控制的逻辑，可以在网关层面实现统一鉴权
+ *      微服务部署在内网，确定安全，无需在每个微服务都实现鉴权的逻辑，可以在网关层面实现统一鉴权
  * 使用方式：
- *      1、在每个微服务的配置文件中添加参数：security.aspect.enabled: false 关闭系统默认的通过注解方式鉴权，默认开启
- *      2、在每个微服务的配置文件中添加参数：routePrefix: 值为网关中微服务匹配的路由地址，例如: /auth
+ *      1、在每个微服务的配置文件中添加参数：security.annotation.enabled: false 关闭系统默认的通过注解方式鉴权，默认开启
+ *      2、在每个微服务的配置文件中添加参数：pathPrefix: 值为网关中微服务匹配的路由地址前缀，例如: /auth
  *      3、在网关配置文件中添加参数：security.gateway.enabled: true 启用网关统一鉴权，默认关闭
  *
  * 通过反射扫描所有控制器，缓存所有控制器的映射路径以及对应的权限注解，缓存到redis，方便网关鉴权
  */
-@ConditionalOnProperty(prefix = "security.gateway", name = "enabled", havingValue = "true")
+@ConditionalOnProperty(prefix = "security.annotation", name = "enabled", havingValue = "false")
 public class PathPermissionMappingConfig {
-    @Value("${routePrefix}")
-    private String routePrefix;
+    /**
+     * 微服务在网关配置中predicates中的Path前缀，例如： /system
+     */
+    @Value("${pathPrefix}")
+    private String pathPrefix;
 
     @PostConstruct
     public PathPermissionMappingConfig execute() {
@@ -85,7 +88,7 @@ public class PathPermissionMappingConfig {
     private void addPathPermsMap(String perms, Map<String, String> pathPermsMap, Set<RequestMethod> methods, Set<String> patternValues) {
         for (RequestMethod method : methods) {
             for (String patternValue : patternValues) {
-                String key = routePrefix + patternValue + "_" + method.name();
+                String key = pathPrefix + patternValue + "_" + method.name();
                 pathPermsMap.put(key, perms);
             }
         }
diff --git a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java
index 65cf539d..d2540622 100644
--- a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java
+++ b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java
@@ -133,21 +133,21 @@ public class AuthFilter implements GlobalFilter, Ordered
 
             if(!rolePerms.isEmpty()) {
                 if(rolePerms.contains(SecurityConstants.ROLE_ANON)) {
-                    log.info("允许访问公共权限:{}，{}", api, rolePerms);
+                    log.debug("允许访问公共权限:{}，{}", api, rolePerms);
                     return true;
                 }
                 rolePerms = rolePerms.stream().map(item -> item.substring(SecurityConstants.ROLE_PREFIX.length())).collect(Collectors.toSet());
                 // 求交集
                 rolePerms.retainAll(roles);
                 if(!rolePerms.isEmpty()) {
-                    log.info("允许访问角色权限:{}， {}", api, rolePerms);
+                    log.debug("允许访问角色权限:{}， {}", api, rolePerms);
                     return true;
                 }
             }
             // 求交集
             matchedPerms.retainAll(permissions);
             if(!matchedPerms.isEmpty()) {
-                log.info("允许访问资源权限:{}，{}", api, matchedPerms);
+                log.debug("允许访问资源权限:{}，{}", api, matchedPerms);
                 return true;
             }
         }