feat(菜单模块): 修改部分权限代码

src/main/java/com/zsc/edu/gateway/framework/security/CustomSessionInformationExpiredStrategy.java

@@ -1,30 +1,33 @@
 package com.zsc.edu.gateway.framework.security;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.zsc.edu.gateway.exception.ExceptionResult;
-import com.zsc.edu.gateway.framework.SpringBeanUtil;
 import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.web.session.SessionInformationExpiredEvent;
 import org.springframework.security.web.session.SessionInformationExpiredStrategy;
+import org.springframework.stereotype.Component;
 
 import java.io.IOException;
 import java.time.LocalDateTime;
+import java.util.Map;
 
 /**
  * @author harry_yao
  */
+@Component
 public class CustomSessionInformationExpiredStrategy implements SessionInformationExpiredStrategy {
     @Override
     public void onExpiredSessionDetected(SessionInformationExpiredEvent event) throws IOException {
-        ObjectMapper objectMapper = SpringBeanUtil.getBean(ObjectMapper.class);
+
         HttpServletResponse response = event.getResponse();
         response.setStatus(HttpStatus.UNAUTHORIZED.value());
         response.setContentType("application/json;charset=utf-8");
-        ExceptionResult result = new ExceptionResult("会话已过期（有可能是您同时登录了太多的太多的客户端)",
-            HttpStatus.UNAUTHORIZED.value(),
-            LocalDateTime.now());
-        response.getWriter().print(objectMapper.writeValueAsString(result));
+        ObjectMapper objectMapper = new ObjectMapper();
+        response.getWriter().print(objectMapper.writeValueAsString(Map.of(
+                "msg", "会话已过期（有可能是您同时登录了太多的太多的客户端)",
+                "code", HttpStatus.UNAUTHORIZED.value(),
+                "timestamp", LocalDateTime.now()
+        )));
         response.flushBuffer();
     }
-}
+}

src/main/java/com/zsc/edu/gateway/framework/security/JsonAuthenticationFilter.java

@@ -26,12 +26,12 @@ public class JsonAuthenticationFilter extends UsernamePasswordAuthenticationFilt
                 Map map = new ObjectMapper().readValue(request.getInputStream(), Map.class);
                 String username = map.get("username").toString();
                 String password = map.get("password").toString();
-
                 username = (username != null) ? username : "";
                 username = username.trim();
                 password = (password != null) ? password : "";
                 password = password.trim();
-                UsernamePasswordAuthenticationToken authRequest = UsernamePasswordAuthenticationToken.unauthenticated(username, password);
+                UsernamePasswordAuthenticationToken authRequest =
+                        UsernamePasswordAuthenticationToken.unauthenticated(username, password);
                 // Allow subclasses to set the "details" property
                 setDetails(request, authRequest);
                 return this.getAuthenticationManager().authenticate(authRequest);
@@ -41,6 +41,4 @@ public class JsonAuthenticationFilter extends UsernamePasswordAuthenticationFilt
         }
         return super.attemptAuthentication(request, response);
     }
-
-
 }

src/main/java/com/zsc/edu/gateway/framework/security/SpringSecurityConfig.java

@@ -41,6 +41,7 @@ public class SpringSecurityConfig {
     private final CustomAccessDeniedHandler customAccessDeniedHandler;
     private final SessionRegistry sessionRegistry;
     private final SecurityBeanConfig securityBeanConfig;
+    private final CustomSessionInformationExpiredStrategy customSessionInformationExpiredStrategy;
 
     @Resource
     private final DataSource dataSource;
@@ -86,9 +87,6 @@ public class SpringSecurityConfig {
                         .requestMatchers(HttpMethod.GET, "/api/rest/user/me","/api/rest/user/register","/api/rest/user/send-email").permitAll()
                         .requestMatchers(HttpMethod.POST, "/api/rest/user/login","/api/rest/user/register").permitAll()
                         .requestMatchers("/api/**").authenticated()
-                        .requestMatchers("/api/**").access((authentication, object) -> {
-                            return new AuthorizationDecision(true);
-                        })
                 )
                         // 不用注解，直接通过判断路径实现动态访问权限
 //                        .requestMatchers("/api/**").access((authentication, object) -> {
@@ -148,7 +146,7 @@ public class SpringSecurityConfig {
                 .sessionManagement(session -> session
                         .maximumSessions(3)
                         .sessionRegistry(sessionRegistry)
-                        .expiredSessionStrategy(new CustomSessionInformationExpiredStrategy()))
+                        .expiredSessionStrategy(customSessionInformationExpiredStrategy))
                 .build();
 
     }