From 28f1d15e2ecb6f8f92c84f817d1eee1c7d87d8bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=96=AF=E7=8B=82=E7=9A=84=E7=8B=AE=E5=AD=90li?= <15040126243@163.com> Date: Wed, 15 Jun 2022 16:25:57 +0800 Subject: [PATCH] =?UTF-8?q?add=20=E5=A2=9E=E5=8A=A0=20dubbo=20=E5=86=85?= =?UTF-8?q?=E7=BD=91=E9=89=B4=E6=9D=83=E6=94=BE=E8=A1=8C=20InnerExclude=20?= =?UTF-8?q?=E6=B3=A8=E8=A7=A3=20=E7=94=A8=E4=BA=8E=E6=94=BE=E8=A1=8C=20dub?= =?UTF-8?q?bo=20=E6=9C=8D=E5=8A=A1=E4=B9=8B=E9=97=B4=E7=9A=84=E5=86=85?= =?UTF-8?q?=E7=BD=91=E8=B0=83=E7=94=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/core/annotation/InnerExclude.java | 15 +++++++++++++++ .../filter/SaTokenDubboConsumerFilter.java | 17 ++++++++++++++++- .../filter/SaTokenDubboProviderFilter.java | 15 +++++++++++++++ 3 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/annotation/InnerExclude.java diff --git a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/annotation/InnerExclude.java b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/annotation/InnerExclude.java new file mode 100644 index 00000000..13b91e96 --- /dev/null +++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/annotation/InnerExclude.java @@ -0,0 +1,15 @@ +package com.ruoyi.common.core.annotation; + +import java.lang.annotation.*; + +/** + * dubbo 内网鉴权放行 + * + * @author Lion Li + */ +@Inherited +@Target({ElementType.METHOD, ElementType.TYPE}) +@Retention(RetentionPolicy.RUNTIME) +@Documented +public @interface InnerExclude { +} diff --git a/ruoyi-common/ruoyi-common-dubbo/src/main/java/cn/dev33/satoken/context/dubbo/filter/SaTokenDubboConsumerFilter.java b/ruoyi-common/ruoyi-common-dubbo/src/main/java/cn/dev33/satoken/context/dubbo/filter/SaTokenDubboConsumerFilter.java index 9b33f8ef..8ea566f7 100644 --- a/ruoyi-common/ruoyi-common-dubbo/src/main/java/cn/dev33/satoken/context/dubbo/filter/SaTokenDubboConsumerFilter.java +++ b/ruoyi-common/ruoyi-common-dubbo/src/main/java/cn/dev33/satoken/context/dubbo/filter/SaTokenDubboConsumerFilter.java @@ -6,11 +6,16 @@ import cn.dev33.satoken.id.SaIdUtil; import cn.dev33.satoken.spring.SaBeanInject; import cn.dev33.satoken.stp.StpUtil; import cn.dev33.satoken.util.SaTokenConsts; +import cn.hutool.core.annotation.AnnotationUtil; +import com.ruoyi.common.core.annotation.InnerExclude; import com.ruoyi.common.core.utils.SpringUtils; +import lombok.SneakyThrows; import org.apache.dubbo.common.constants.CommonConstants; import org.apache.dubbo.common.extension.Activate; import org.apache.dubbo.rpc.*; +import java.lang.reflect.Method; + /** * * Sa-Token 整合 Dubbo Consumer端过滤器 @@ -23,6 +28,7 @@ import org.apache.dubbo.rpc.*; @Activate(group = {CommonConstants.CONSUMER}, order = Integer.MIN_VALUE) public class SaTokenDubboConsumerFilter implements Filter { + @SneakyThrows(NoSuchMethodException.class) @Override public Result invoke(Invoker invoker, Invocation invocation) throws RpcException { // 强制初始化 Sa-Token 相关配置 解决内网鉴权元数据加载报错问题 @@ -30,7 +36,16 @@ public class SaTokenDubboConsumerFilter implements Filter { // 追加 Id-Token 参数 if(SaManager.getConfig().getCheckIdToken()) { - RpcContext.getServiceContext().setAttachment(SaIdUtil.ID_TOKEN, SaIdUtil.getToken()); + Class clazz = invoker.getInterface(); + Method method = clazz.getMethod(invocation.getMethodName(), invocation.getParameterTypes()); + // 检查是否有内网鉴权排除注解 + if (AnnotationUtil.hasAnnotation(clazz, InnerExclude.class) + || AnnotationUtil.hasAnnotation(method, InnerExclude.class)) { + // 不传递 Id-Token + } else { + RpcContext.getServiceContext().setAttachment(SaIdUtil.ID_TOKEN, SaIdUtil.getToken()); + } + } // 1. 调用前,向下传递会话Token diff --git a/ruoyi-common/ruoyi-common-dubbo/src/main/java/cn/dev33/satoken/context/dubbo/filter/SaTokenDubboProviderFilter.java b/ruoyi-common/ruoyi-common-dubbo/src/main/java/cn/dev33/satoken/context/dubbo/filter/SaTokenDubboProviderFilter.java index 1a3b3346..6c1e445d 100644 --- a/ruoyi-common/ruoyi-common-dubbo/src/main/java/cn/dev33/satoken/context/dubbo/filter/SaTokenDubboProviderFilter.java +++ b/ruoyi-common/ruoyi-common-dubbo/src/main/java/cn/dev33/satoken/context/dubbo/filter/SaTokenDubboProviderFilter.java @@ -3,11 +3,16 @@ package cn.dev33.satoken.context.dubbo.filter; import cn.dev33.satoken.SaManager; import cn.dev33.satoken.id.SaIdUtil; import cn.dev33.satoken.spring.SaBeanInject; +import cn.hutool.core.annotation.AnnotationUtil; +import com.ruoyi.common.core.annotation.InnerExclude; import com.ruoyi.common.core.utils.SpringUtils; +import lombok.SneakyThrows; import org.apache.dubbo.common.constants.CommonConstants; import org.apache.dubbo.common.extension.Activate; import org.apache.dubbo.rpc.*; +import java.lang.reflect.Method; + /** * * Sa-Token 整合 Dubbo Provider端过滤器 @@ -20,6 +25,7 @@ import org.apache.dubbo.rpc.*; @Activate(group = {CommonConstants.PROVIDER}, order = Integer.MIN_VALUE) public class SaTokenDubboProviderFilter implements Filter { + @SneakyThrows(NoSuchMethodException.class) @Override public Result invoke(Invoker invoker, Invocation invocation) throws RpcException { // 强制初始化 Sa-Token 相关配置 解决内网鉴权元数据加载报错问题 @@ -27,6 +33,15 @@ public class SaTokenDubboProviderFilter implements Filter { // RPC 调用鉴权 if(SaManager.getConfig().getCheckIdToken()) { + + Class clazz = invoker.getInterface(); + Method method = clazz.getMethod(invocation.getMethodName(), invocation.getParameterTypes()); + // 检查是否有内网鉴权排除注解 + if (AnnotationUtil.hasAnnotation(clazz, InnerExclude.class) + || AnnotationUtil.hasAnnotation(method, InnerExclude.class)) { + return invoker.invoke(invocation); + } + String idToken = invocation.getAttachment(SaIdUtil.ID_TOKEN); SaIdUtil.checkToken(idToken); }