From 3aa306c72f0edf7fe7ea4133c80944c87bf0efd8 Mon Sep 17 00:00:00 2001 From: lihongjie0209 Date: Sun, 10 Sep 2023 20:24:21 +0800 Subject: [PATCH] =?UTF-8?q?=E5=AE=8C=E5=96=84=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/java/cn/lihongjie/coal/filter/AuthFilter.java | 4 +++- .../java/cn/lihongjie/coal/spring/config/SecurityConfig.java | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/main/java/cn/lihongjie/coal/filter/AuthFilter.java b/src/main/java/cn/lihongjie/coal/filter/AuthFilter.java index a3013bf2..1e472c4e 100644 --- a/src/main/java/cn/lihongjie/coal/filter/AuthFilter.java +++ b/src/main/java/cn/lihongjie/coal/filter/AuthFilter.java @@ -14,6 +14,7 @@ import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import lombok.SneakyThrows; +import org.apache.commons.lang3.BooleanUtils; import org.apache.commons.lang3.StringUtils; import org.apache.http.entity.ContentType; import org.slf4j.MDC; @@ -132,7 +133,8 @@ public class AuthFilter extends OncePerRequestFilter { .filter(x -> StringUtils.equals(x.getId(), resource.get().getId())).findAny(); - if (userResource.isEmpty() && !user.getSysAdmin()) { + if (userResource.isEmpty() && BooleanUtils.isFalse(user.getSysAdmin())) { + writeResponse(new BizException("invalidAccess", "当前资源未授权,请联系机构管理员处理。"), response); } else { diff --git a/src/main/java/cn/lihongjie/coal/spring/config/SecurityConfig.java b/src/main/java/cn/lihongjie/coal/spring/config/SecurityConfig.java index fe98571a..d32a4fec 100644 --- a/src/main/java/cn/lihongjie/coal/spring/config/SecurityConfig.java +++ b/src/main/java/cn/lihongjie/coal/spring/config/SecurityConfig.java @@ -27,6 +27,8 @@ public class SecurityConfig { }) .csrf(AbstractHttpConfigurer::disable) + .logout(AbstractHttpConfigurer::disable) + .formLogin(AbstractHttpConfigurer::disable) .build();