匿名访问不鉴权注解

This commit is contained in:
RuoYi 2026-04-10 18:15:43 +08:00
parent 94e558ea4a
commit 50a36e15de
2 changed files with 40 additions and 92 deletions

View File

@ -4,7 +4,6 @@ import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.Filter;
import org.apache.commons.io.IOUtils;
@ -17,6 +16,7 @@ import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSource
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
@ -145,6 +145,9 @@ public class ShiroConfig
@Value("${csrf.whites: ''}")
private String csrfWhites;
@Autowired
private PermitAllUrlProperties permitAllUrl;
/**
* 缓存管理器 使用Ehcache实现
*/
@ -315,11 +318,7 @@ public class ShiroConfig
filterChainDefinitionMap.put("/ruoyi/**", "anon");
filterChainDefinitionMap.put("/captcha/captchaImage**", "anon");
// 匿名访问不鉴权注解列表
List<String> permitAllUrl = SpringUtils.getBean(PermitAllUrlProperties.class).getUrls();
if (StringUtils.isNotEmpty(permitAllUrl))
{
permitAllUrl.forEach(url -> filterChainDefinitionMap.put(url, "anon"));
}
permitAllUrl.getUrls().forEach(url -> filterChainDefinitionMap.put(url, "anon"));
// 退出 logout地址shiro去清除session
filterChainDefinitionMap.put("/logout", "logout");
// 不需要拦截的访问

View File

@ -3,19 +3,19 @@ package com.ruoyi.framework.config.properties;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import org.springframework.aop.framework.Advised;
import java.util.regex.Pattern;
import org.apache.commons.lang3.RegExUtils;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.boot.autoconfigure.AutoConfigurationPackages;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.AnnotatedElementUtils;
import org.springframework.core.type.filter.AnnotationTypeFilter;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import com.ruoyi.common.annotation.Anonymous;
@ -27,102 +27,57 @@ import com.ruoyi.common.annotation.Anonymous;
@Configuration
public class PermitAllUrlProperties implements InitializingBean, ApplicationContextAware
{
private List<String> urls = new ArrayList<>();
private static final Pattern PATTERN = Pattern.compile("\\{(.*?)\\}");
private static final String ASTERISK = "*";
private ApplicationContext applicationContext;
private List<String> urls = new ArrayList<>();
@Override
public void afterPropertiesSet() throws Exception
{
Map<String, Object> controllers = applicationContext.getBeansWithAnnotation(Controller.class);
for (Object bean : controllers.values())
String basePackage = AutoConfigurationPackages.get(applicationContext.getAutowireCapableBeanFactory()).get(0);
ClassPathScanningCandidateComponentProvider scanner = new ClassPathScanningCandidateComponentProvider(false);
scanner.addIncludeFilter(new AnnotationTypeFilter(Controller.class));
for (BeanDefinition bd : scanner.findCandidateComponents(basePackage))
{
Class<?> beanClass;
if (bean instanceof Advised)
Class<?> beanClass = Class.forName(bd.getBeanClassName());
RequestMapping base = beanClass.getAnnotation(RequestMapping.class);
String[] baseUrl = base != null ? base.value() : new String[] {};
boolean classAnonymous = beanClass.isAnnotationPresent(Anonymous.class);
for (Method method : beanClass.getDeclaredMethods())
{
beanClass = ((Advised) bean).getTargetSource().getTarget().getClass();
}
else
{
beanClass = bean.getClass();
}
// 处理类级别的匿名访问注解
if (beanClass.isAnnotationPresent(Anonymous.class))
{
RequestMapping baseMapping = beanClass.getAnnotation(RequestMapping.class);
if (Objects.nonNull(baseMapping))
boolean methodAnonymous = method.isAnnotationPresent(Anonymous.class);
if (!classAnonymous && !methodAnonymous)
{
String[] baseUrl = baseMapping.value();
for (String url : baseUrl)
{
urls.add(prefix(url) + "/*");
}
continue;
}
}
// 处理方法级别的匿名访问注解
Method[] methods = beanClass.getDeclaredMethods();
for (Method method : methods)
{
if (method.isAnnotationPresent(Anonymous.class))
RequestMapping mapping = AnnotatedElementUtils.findMergedAnnotation(method, RequestMapping.class);
if (mapping != null && mapping.value().length > 0)
{
RequestMapping baseMapping = beanClass.getAnnotation(RequestMapping.class);
String[] baseUrl = {};
if (Objects.nonNull(baseMapping))
{
baseUrl = baseMapping.value();
}
if (method.isAnnotationPresent(RequestMapping.class))
{
RequestMapping requestMapping = method.getAnnotation(RequestMapping.class);
String[] uri = requestMapping.value();
urls.addAll(rebuildUrl(baseUrl, uri));
}
else if (method.isAnnotationPresent(GetMapping.class))
{
GetMapping requestMapping = method.getAnnotation(GetMapping.class);
String[] uri = requestMapping.value();
urls.addAll(rebuildUrl(baseUrl, uri));
}
else if (method.isAnnotationPresent(PostMapping.class))
{
PostMapping requestMapping = method.getAnnotation(PostMapping.class);
String[] uri = requestMapping.value();
urls.addAll(rebuildUrl(baseUrl, uri));
}
else if (method.isAnnotationPresent(PutMapping.class))
{
PutMapping requestMapping = method.getAnnotation(PutMapping.class);
String[] uri = requestMapping.value();
urls.addAll(rebuildUrl(baseUrl, uri));
}
else if (method.isAnnotationPresent(DeleteMapping.class))
{
DeleteMapping requestMapping = method.getAnnotation(DeleteMapping.class);
String[] uri = requestMapping.value();
urls.addAll(rebuildUrl(baseUrl, uri));
}
urls.addAll(rebuildUrl(baseUrl, mapping.value()));
}
}
}
}
@Override
public void setApplicationContext(ApplicationContext context) throws BeansException
{
this.applicationContext = context;
}
private List<String> rebuildUrl(String[] bases, String[] uris)
{
List<String> urls = new ArrayList<>();
for (String base : bases)
{
if (uris.length > 0)
for (String uri : uris)
{
for (String uri : uris)
{
urls.add(prefix(base) + prefix(uri));
}
}
else
{
urls.add(prefix(base));
urls.add(prefix(base) + prefix(RegExUtils.replaceAll(uri, PATTERN, ASTERISK)));
}
}
return urls;
@ -133,12 +88,6 @@ public class PermitAllUrlProperties implements InitializingBean, ApplicationCont
return seg.startsWith("/") ? seg : "/" + seg;
}
@Override
public void setApplicationContext(ApplicationContext context) throws BeansException
{
this.applicationContext = context;
}
public List<String> getUrls()
{
return urls;