feat(security): 修复多租户环境下用户切换问题

- 在 TokenAuthenticationFilter 中添加逻辑,为没有 tenantId 的用户动态设置 tenantId
- 通过 AdminUserApi 获取用户信息,确保跨租户切换时能够正确获取目标租户信息
This commit is contained in:
weike6538 2025-06-26 18:27:23 +08:00
parent dea7db83b9
commit 25d4f4cf02
1 changed files with 12 additions and 0 deletions

View File

@ -13,12 +13,16 @@ import cn.iocoder.yudao.framework.web.core.handler.GlobalExceptionHandler;
import cn.iocoder.yudao.framework.web.core.util.WebFrameworkUtils; import cn.iocoder.yudao.framework.web.core.util.WebFrameworkUtils;
import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi; import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi;
import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO; import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO;
import cn.iocoder.yudao.module.system.api.tenant.TenantApi;
import cn.iocoder.yudao.module.system.api.user.AdminUserApi;
import cn.iocoder.yudao.module.system.api.user.dto.AdminUserRespDTO;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import lombok.SneakyThrows; import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.AccessDeniedException;
import org.springframework.web.filter.OncePerRequestFilter; import org.springframework.web.filter.OncePerRequestFilter;
import javax.annotation.Resource;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
@ -43,6 +47,9 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
private final OAuth2TokenApi oauth2TokenApi; private final OAuth2TokenApi oauth2TokenApi;
@Resource
private AdminUserApi adminUserApi;
@Override @Override
@SuppressWarnings("NullableProblems") @SuppressWarnings("NullableProblems")
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
@ -74,6 +81,11 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
// 设置当前用户 // 设置当前用户
if (loginUser != null) { if (loginUser != null) {
if(null == loginUser.getTenantId()){
CommonResult<AdminUserRespDTO> user = adminUserApi.getUser(loginUser.getId());
loginUser.setTenantId(user.getData().getTenantId());
}
SecurityFrameworkUtils.setLoginUser(loginUser, request); SecurityFrameworkUtils.setLoginUser(loginUser, request);
} }
// 继续过滤链 // 继续过滤链