feat(菜单模块): 修改部分权限代码

2024-12-19 09:50:56 +08:00 · 2024-12-19 09:50:56 +08:00 · 547021ca13
commit 547021ca13
parent 4948086526
3 changed files with 15 additions and 16 deletions
--- a/src/main/java/com/zsc/edu/gateway/framework/security/CustomSessionInformationExpiredStrategy.java
+++ b/src/main/java/com/zsc/edu/gateway/framework/security/CustomSessionInformationExpiredStrategy.java
@ -1,30 +1,33 @@
 package com.zsc.edu.gateway.framework.security;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.zsc.edu.gateway.exception.ExceptionResult;
 import com.zsc.edu.gateway.framework.SpringBeanUtil;
 import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.web.session.SessionInformationExpiredEvent;
 import org.springframework.security.web.session.SessionInformationExpiredStrategy;
 import org.springframework.stereotype.Component;
 import java.io.IOException;
 import java.time.LocalDateTime;
 import java.util.Map;
 /**
 * @author harry_yao
 */
@Component
 public class CustomSessionInformationExpiredStrategy implements SessionInformationExpiredStrategy {
    @Override
    public void onExpiredSessionDetected(SessionInformationExpiredEvent event) throws IOException {
-        ObjectMapper objectMapper = SpringBeanUtil.getBean(ObjectMapper.class);
+
        HttpServletResponse response = event.getResponse();
        response.setStatus(HttpStatus.UNAUTHORIZED.value());
        response.setContentType("application/json;charset=utf-8");
-        ExceptionResult result = new ExceptionResult("会话已过期（有可能是您同时登录了太多的太多的客户端)",
+        ObjectMapper objectMapper = new ObjectMapper();
-            HttpStatus.UNAUTHORIZED.value(),
+        response.getWriter().print(objectMapper.writeValueAsString(Map.of(
-            LocalDateTime.now());
+                "msg", "会话已过期（有可能是您同时登录了太多的太多的客户端)",
-        response.getWriter().print(objectMapper.writeValueAsString(result));
+                "code", HttpStatus.UNAUTHORIZED.value(),
                "timestamp", LocalDateTime.now()
        )));
        response.flushBuffer();
    }
 }
--- a/src/main/java/com/zsc/edu/gateway/framework/security/JsonAuthenticationFilter.java
+++ b/src/main/java/com/zsc/edu/gateway/framework/security/JsonAuthenticationFilter.java
@ -26,12 +26,12 @@ public class JsonAuthenticationFilter extends UsernamePasswordAuthenticationFilt
                Map map = new ObjectMapper().readValue(request.getInputStream(), Map.class);
                String username = map.get("username").toString();
                String password = map.get("password").toString();
                username = (username != null) ? username : "";
                username = username.trim();
                password = (password != null) ? password : "";
                password = password.trim();
-                UsernamePasswordAuthenticationToken authRequest = UsernamePasswordAuthenticationToken.unauthenticated(username, password);
+                UsernamePasswordAuthenticationToken authRequest =
                        UsernamePasswordAuthenticationToken.unauthenticated(username, password);
                // Allow subclasses to set the "details" property
                setDetails(request, authRequest);
                return this.getAuthenticationManager().authenticate(authRequest);
@ -41,6 +41,4 @@ public class JsonAuthenticationFilter extends UsernamePasswordAuthenticationFilt
        }
        return super.attemptAuthentication(request, response);
    }
 }
--- a/src/main/java/com/zsc/edu/gateway/framework/security/SpringSecurityConfig.java
+++ b/src/main/java/com/zsc/edu/gateway/framework/security/SpringSecurityConfig.java
@ -41,6 +41,7 @@ public class SpringSecurityConfig {
    private final CustomAccessDeniedHandler customAccessDeniedHandler;
    private final SessionRegistry sessionRegistry;
    private final SecurityBeanConfig securityBeanConfig;
    private final CustomSessionInformationExpiredStrategy customSessionInformationExpiredStrategy;
    @Resource
    private final DataSource dataSource;
@ -86,9 +87,6 @@ public class SpringSecurityConfig {
                        .requestMatchers(HttpMethod.GET, "/api/rest/user/me","/api/rest/user/register","/api/rest/user/send-email").permitAll()
                        .requestMatchers(HttpMethod.POST, "/api/rest/user/login","/api/rest/user/register").permitAll()
                        .requestMatchers("/api/**").authenticated()
                        .requestMatchers("/api/**").access((authentication, object) -> {
                            return new AuthorizationDecision(true);
                        })
                )
                        // 不用注解，直接通过判断路径实现动态访问权限
 //                        .requestMatchers("/api/**").access((authentication, object) -> {
@ -148,7 +146,7 @@ public class SpringSecurityConfig {
                .sessionManagement(session -> session
                        .maximumSessions(3)
                        .sessionRegistry(sessionRegistry)
-                        .expiredSessionStrategy(new CustomSessionInformationExpiredStrategy()))
+                        .expiredSessionStrategy(customSessionInformationExpiredStrategy))
                .build();
    }