diff --git a/sa-token-demo-springboot/src/main/java/com/pj/test/TestController.java b/sa-token-demo-springboot/src/main/java/com/pj/test/TestController.java index 096ac1c495d941d7be40774f635c3f4a2e0ca402..9288499268d42aad5dde8f8a0f84d63d5eeb3643 100644 --- a/sa-token-demo-springboot/src/main/java/com/pj/test/TestController.java +++ b/sa-token-demo-springboot/src/main/java/com/pj/test/TestController.java @@ -11,6 +11,7 @@ import com.fasterxml.jackson.databind.ObjectMapper; import cn.dev33.satoken.annotation.SaCheckLogin; import cn.dev33.satoken.annotation.SaCheckPermission; +import cn.dev33.satoken.annotation.SaCheckRole; import cn.dev33.satoken.annotation.SaMode; import cn.dev33.satoken.session.SaSessionCustomUtil; import cn.dev33.satoken.stp.SaTokenInfo; @@ -151,13 +152,14 @@ public class TestController { // 测试注解式鉴权, 浏览器访问: http://localhost:8081/test/atCheck @SaCheckLogin // 注解式鉴权:当前会话必须登录才能通过 + @SaCheckRole("super-admin") // 注解式鉴权:当前会话必须具有指定角色标识才能通过 @SaCheckPermission("user-add") // 注解式鉴权:当前会话必须具有指定权限才能通过 @RequestMapping("atCheck") public AjaxJson atCheck() { System.out.println("======================= 进入方法,测试注解鉴权接口 ========================= "); System.out.println("只有通过注解鉴权,才能进入此方法"); - StpUtil.checkActivityTimeout(); - StpUtil.updateLastActivityToNow(); +// StpUtil.checkActivityTimeout(); +// StpUtil.updateLastActivityToNow(); return AjaxJson.getSuccess(); } diff --git a/sa-token-spring-boot-starter/src/main/java/cn/dev33/satoken/interceptor/SaCheckInterceptor.java b/sa-token-spring-boot-starter/src/main/java/cn/dev33/satoken/interceptor/SaCheckInterceptor.java index e47fae468a211ae3281374746ee6d180f97c28f3..82a47625b7a16b971cc0ed0c83fc5d0f871bb2dd 100644 --- a/sa-token-spring-boot-starter/src/main/java/cn/dev33/satoken/interceptor/SaCheckInterceptor.java +++ b/sa-token-spring-boot-starter/src/main/java/cn/dev33/satoken/interceptor/SaCheckInterceptor.java @@ -8,6 +8,7 @@ import org.springframework.web.servlet.HandlerInterceptor; import cn.dev33.satoken.annotation.SaCheckLogin; import cn.dev33.satoken.annotation.SaCheckPermission; +import cn.dev33.satoken.annotation.SaCheckRole; import cn.dev33.satoken.annotation.SaMode; import cn.dev33.satoken.stp.StpLogic; import cn.dev33.satoken.stp.StpUtil; @@ -58,25 +59,47 @@ public class SaCheckInterceptor implements HandlerInterceptor { stpLogic.checkLogin(); } + // ----------- 验证角色 + // 验证方法上的 + SaCheckRole scr = method.getMethodAnnotation(SaCheckRole.class); + if(scr != null) { + String[] roleArray = scr.value(); + if(scr.mode() == SaMode.AND) { + stpLogic.checkRoleAnd(roleArray); // 必须全部都有 + } else { + stpLogic.checkRoleOr(roleArray); // 有一个就行了 + } + } + // 验证类上的 + scr = method.getBeanType().getAnnotation(SaCheckRole.class); + if(scr != null) { + String[] roleArray = scr.value(); + if(scr.mode() == SaMode.AND) { + stpLogic.checkRoleAnd(roleArray); // 必须全部都有 + } else { + stpLogic.checkRoleOr(roleArray); // 有一个就行了 + } + } + // ----------- 验证权限 // 验证方法上的 SaCheckPermission scp = method.getMethodAnnotation(SaCheckPermission.class); if(scp != null) { - String[] permissionCodeArray = scp.value(); + String[] permissionArray = scp.value(); if(scp.mode() == SaMode.AND) { - stpLogic.checkPermissionAnd(permissionCodeArray); // 必须全部都有 + stpLogic.checkPermissionAnd(permissionArray); // 必须全部都有 } else { - stpLogic.checkPermissionOr(permissionCodeArray); // 有一个就行了 + stpLogic.checkPermissionOr(permissionArray); // 有一个就行了 } } // 验证类上的 scp = method.getBeanType().getAnnotation(SaCheckPermission.class); if(scp != null) { - String[] permissionCodeArray = scp.value(); + String[] permissionArray = scp.value(); if(scp.mode() == SaMode.AND) { - stpLogic.checkPermissionAnd(permissionCodeArray); // 必须全部都有 + stpLogic.checkPermissionAnd(permissionArray); // 必须全部都有 } else { - stpLogic.checkPermissionOr(permissionCodeArray); // 有一个就行了 + stpLogic.checkPermissionOr(permissionArray); // 有一个就行了 } }