diff --git a/youlai-common/common-core/src/main/java/com/youlai/common/constant/AuthConstants.java b/youlai-common/common-core/src/main/java/com/youlai/common/constant/AuthConstants.java index 2ac37c13a..67078ad3c 100644 --- a/youlai-common/common-core/src/main/java/com/youlai/common/constant/AuthConstants.java +++ b/youlai-common/common-core/src/main/java/com/youlai/common/constant/AuthConstants.java @@ -90,7 +90,7 @@ public interface AuthConstants { /** * 后台管理接口路径匹配 */ - String ADMIN_URL_PATTERN = "*_/youlai-admin/**"; + String ADMIN_URL_PATTERN = "/api.admin/**"; String LOGOUT_PATH = "/youlai-auth/oauth/logout"; diff --git a/youlai-gateway/src/main/java/com/youlai/gateway/filter/AuthGlobalFilter.java b/youlai-gateway/src/main/java/com/youlai/gateway/filter/AuthGlobalFilter.java index 89dfeeb33..25c3a9408 100644 --- a/youlai-gateway/src/main/java/com/youlai/gateway/filter/AuthGlobalFilter.java +++ b/youlai-gateway/src/main/java/com/youlai/gateway/filter/AuthGlobalFilter.java @@ -52,7 +52,7 @@ public class AuthGlobalFilter implements GlobalFilter, Ordered { return WebUtils.writeFailedToResponse(response, ResultCode.FORBIDDEN_OPERATION); } - // 无token放行 + // 非JWT或者JWT为空不作处理 String token = request.getHeaders().getFirst(AuthConstants.AUTHORIZATION_KEY); if (StrUtil.isBlank(token) || !token.startsWith(AuthConstants.AUTHORIZATION_PREFIX)) { return chain.filter(exchange); diff --git a/youlai-gateway/src/main/java/com/youlai/gateway/security/AuthorizationManager.java b/youlai-gateway/src/main/java/com/youlai/gateway/security/AuthorizationManager.java index 90bac7fbd..5ea859a93 100644 --- a/youlai-gateway/src/main/java/com/youlai/gateway/security/AuthorizationManager.java +++ b/youlai-gateway/src/main/java/com/youlai/gateway/security/AuthorizationManager.java @@ -37,8 +37,9 @@ public class AuthorizationManager implements ReactiveAuthorizationManager check(Mono mono, AuthorizationContext authorizationContext) { ServerHttpRequest request = authorizationContext.getExchange().getRequest(); - String path = request.getMethodValue() + "_" + request.getURI().getPath(); - log.info("请求,path={}", path); + // Restful接口权限设计 @link https://www.cnblogs.com/haoxianrui/p/14396990.html + String restPath = request.getMethodValue() + "_" + request.getURI().getPath(); + log.info("请求路径={}", restPath); PathMatcher pathMatcher = new AntPathMatcher(); // 对应跨域的预检请求直接放行 if (request.getMethod() == HttpMethod.OPTIONS) { @@ -46,20 +47,11 @@ public class AuthorizationManager implements ReactiveAuthorizationManager permissionRoles = redisTemplate.opsForHash().entries(AuthConstants.PERMISSION_ROLES_KEY); Iterator iterator = permissionRoles.keySet().iterator(); @@ -67,11 +59,10 @@ public class AuthorizationManager implements ReactiveAuthorizationManager authorities = new HashSet<>(); while (iterator.hasNext()) { String pattern = (String) iterator.next(); - if (pathMatcher.match(pattern, path)) { + if (pathMatcher.match(pattern, restPath)) { authorities.addAll(Convert.toList(String.class, permissionRoles.get(pattern))); } } - log.info("require authorities:{}", authorities); Mono authorizationDecisionMono = mono .filter(Authentication::isAuthenticated) @@ -79,9 +70,9 @@ public class AuthorizationManager implements ReactiveAuthorizationManager { // roleId是请求用户的角色(格式:ROLE_{roleId}),authorities是请求资源所需要角色的集合 - log.info("访问路径:{}", path); - log.info("用户角色信息:{}", roleId); - log.info("资源需要权限authorities:{}", authorities); + log.info("访问路径:{}", restPath); + log.info("用户角色:{}", roleId); + log.info("资源需要角色:{}", authorities); return authorities.contains(roleId); }) .map(AuthorizationDecision::new)