init

ruoyi-common/ruoyi-common-security/pom.xml

@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <groupId>org.dromara</groupId>
+        <artifactId>ruoyi-common</artifactId>
+        <version>${revision}</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>ruoyi-common-security</artifactId>
+
+    <description>
+        ruoyi-common-security 安全模块
+    </description>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.dromara</groupId>
+            <artifactId>ruoyi-common-satoken</artifactId>
+        </dependency>
+
+        <!-- Sa-Token 权限认证, 在线文档：http://sa-token.dev33.cn/ -->
+        <dependency>
+            <groupId>cn.dev33</groupId>
+            <artifactId>sa-token-spring-boot3-starter</artifactId>
+        </dependency>
+
+    </dependencies>
+
+</project>

ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfiguration.java

@@ -0,0 +1,64 @@
+package org.dromara.common.security.config;
+
+import cn.dev33.satoken.SaManager;
+import cn.dev33.satoken.filter.SaServletFilter;
+import cn.dev33.satoken.httpauth.basic.SaHttpBasicUtil;
+import cn.dev33.satoken.interceptor.SaInterceptor;
+import cn.dev33.satoken.same.SaSameUtil;
+import cn.dev33.satoken.util.SaResult;
+import org.dromara.common.core.constant.HttpStatus;
+import org.dromara.common.core.utils.SpringUtils;
+import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+/**
+ * 权限安全配置
+ *
+ * @author Lion Li
+ */
+@AutoConfiguration
+public class SecurityConfiguration implements WebMvcConfigurer {
+
+    /**
+     * 注册sa-token的拦截器
+     */
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        // 注册路由拦截器，自定义验证规则
+        registry.addInterceptor(new SaInterceptor()).addPathPatterns("/**");
+    }
+
+    /**
+     * 校验是否从网关转发
+     */
+    @Bean
+    public SaServletFilter getSaServletFilter() {
+        return new SaServletFilter()
+            .addInclude("/**")
+            .addExclude("/actuator", "/actuator/**")
+            .setAuth(obj -> {
+                if (SaManager.getConfig().getCheckSameToken()) {
+                    SaSameUtil.checkCurrentRequestToken();
+                }
+            })
+            .setError(e -> SaResult.error("认证失败，无法访问系统资源").setCode(HttpStatus.UNAUTHORIZED));
+    }
+
+    /**
+     * 对 actuator 健康检查接口 做账号密码鉴权
+     */
+    @Bean
+    public SaServletFilter actuatorFilter() {
+        String username = SpringUtils.getProperty("spring.cloud.nacos.discovery.metadata.username");
+        String password = SpringUtils.getProperty("spring.cloud.nacos.discovery.metadata.userpassword");
+        return new SaServletFilter()
+            .addInclude("/actuator", "/actuator/**")
+            .setAuth(obj -> {
+                SaHttpBasicUtil.check(username + ":" + password);
+            })
+            .setError(e -> SaResult.error(e.getMessage()).setCode(HttpStatus.UNAUTHORIZED));
+    }
+
+}

ruoyi-common/ruoyi-common-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports

@@ -0,0 +1 @@
+org.dromara.common.security.config.SecurityConfiguration