feat(security): 修复多租户环境下用户切换问题
- 在 TokenAuthenticationFilter 中添加逻辑,为没有 tenantId 的用户动态设置 tenantId - 通过 AdminUserApi 获取用户信息,确保跨租户切换时能够正确获取目标租户信息
This commit is contained in:
parent
dea7db83b9
commit
25d4f4cf02
|
@ -13,12 +13,16 @@ import cn.iocoder.yudao.framework.web.core.handler.GlobalExceptionHandler;
|
||||||
import cn.iocoder.yudao.framework.web.core.util.WebFrameworkUtils;
|
import cn.iocoder.yudao.framework.web.core.util.WebFrameworkUtils;
|
||||||
import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi;
|
import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi;
|
||||||
import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO;
|
import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO;
|
||||||
|
import cn.iocoder.yudao.module.system.api.tenant.TenantApi;
|
||||||
|
import cn.iocoder.yudao.module.system.api.user.AdminUserApi;
|
||||||
|
import cn.iocoder.yudao.module.system.api.user.dto.AdminUserRespDTO;
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import lombok.SneakyThrows;
|
import lombok.SneakyThrows;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.springframework.security.access.AccessDeniedException;
|
import org.springframework.security.access.AccessDeniedException;
|
||||||
import org.springframework.web.filter.OncePerRequestFilter;
|
import org.springframework.web.filter.OncePerRequestFilter;
|
||||||
|
|
||||||
|
import javax.annotation.Resource;
|
||||||
import javax.servlet.FilterChain;
|
import javax.servlet.FilterChain;
|
||||||
import javax.servlet.ServletException;
|
import javax.servlet.ServletException;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
@ -43,6 +47,9 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
||||||
|
|
||||||
private final OAuth2TokenApi oauth2TokenApi;
|
private final OAuth2TokenApi oauth2TokenApi;
|
||||||
|
|
||||||
|
@Resource
|
||||||
|
private AdminUserApi adminUserApi;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@SuppressWarnings("NullableProblems")
|
@SuppressWarnings("NullableProblems")
|
||||||
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
|
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
|
||||||
|
@ -74,6 +81,11 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
||||||
|
|
||||||
// 设置当前用户
|
// 设置当前用户
|
||||||
if (loginUser != null) {
|
if (loginUser != null) {
|
||||||
|
if(null == loginUser.getTenantId()){
|
||||||
|
CommonResult<AdminUserRespDTO> user = adminUserApi.getUser(loginUser.getId());
|
||||||
|
loginUser.setTenantId(user.getData().getTenantId());
|
||||||
|
}
|
||||||
|
|
||||||
SecurityFrameworkUtils.setLoginUser(loginUser, request);
|
SecurityFrameworkUtils.setLoginUser(loginUser, request);
|
||||||
}
|
}
|
||||||
// 继续过滤链
|
// 继续过滤链
|
||||||
|
|
Loading…
Reference in New Issue