diff --git a/sa-token-doc/doc/_sidebar.md b/sa-token-doc/doc/_sidebar.md index 44199835..5c7d7a46 100644 --- a/sa-token-doc/doc/_sidebar.md +++ b/sa-token-doc/doc/_sidebar.md @@ -98,8 +98,9 @@ - [数据读写三大作用域](/fun/three-scope) - [TokenInfo参数详解](/fun/token-info) - [异常细分状态码](/fun/exception-code) - - [解决反向代理 uri 丢失的问题](/fun/curr-domain) - [参考:把权限放在缓存里](/fun/jur-cache) + - [参考:把路由拦截鉴权动态化](/fun/dynamic-router-check) + - [解决反向代理 uri 丢失的问题](/fun/curr-domain) - [解决跨域问题](/fun/cors-filter) - [技术选型:SSO 与 OAuth2 对比](/fun/sso-vs-oauth2) - [框架源码所有技术栈](/fun/tech-stack) diff --git a/sa-token-doc/doc/fun/dynamic-router-check.md b/sa-token-doc/doc/fun/dynamic-router-check.md new file mode 100644 index 00000000..abe4d010 --- /dev/null +++ b/sa-token-doc/doc/fun/dynamic-router-check.md @@ -0,0 +1,58 @@ +# 参考:把路由拦截鉴权动态化 + +框架提供的示例是硬代码写死的,不过稍微做一下更改,你就可以让他动态化 + +--- + +参考如下: + +``` java +@Override +public void addInterceptors(InterceptorRegistry registry) { + registry.addInterceptor(new SaInterceptor(handle -> { + SaRouter + .match("/**") + .notMatch(excludePaths()) + .check(r -> StpUtil.checkLogin()); + })).addPathPatterns("/**"); +} + +// 动态获取哪些 path 可以忽略鉴权 +public List excludePaths() { + // 此处仅为示例,实际项目你可以写任意代码来查询这些path + return Arrays.asList("/path1", "/path2", "/path3"); +} +``` + +如果不仅仅是登录校验,还需要鉴权,那也很简单: +``` java +@Override +public void addInterceptors(InterceptorRegistry registry) { + registry.addInterceptor(new SaInterceptor(handle -> { + // 遍历校验规则,依次鉴权 + Map rules = getAuthRules(); + for (String path : rules.keySet()) { + SaRouter.match(path, () -> StpUtil.checkPermission(rules.get(path))); + } + })).addPathPatterns("/**"); +} + +// 动态获取鉴权规则 +public Map getAuthRules() { + // key 代表要拦截的 path,value 代表需要校验的权限 + Map authMap = new LinkedHashMap<>(); + authMap.put("/user/**", "user"); + authMap.put("/admin/**", "admin"); + authMap.put("/article/**", "article"); + // 更多规则 ... + return authMap; +} +``` + + + + + + + + diff --git a/sa-token-doc/doc/more/common-questions.md b/sa-token-doc/doc/more/common-questions.md index 8e57bdd1..a4e08f66 100644 --- a/sa-token-doc/doc/more/common-questions.md +++ b/sa-token-doc/doc/more/common-questions.md @@ -257,50 +257,7 @@ SaRouter.match("/**").notMatch("/login", "/reg").check(r -> StpUtil.checkLogin() ### Q:路由拦截鉴权,可以做成动态的吗? -框架提供的示例是硬代码写死的,不过稍微做一下改的,你就可以让他动态化,比如: -``` java -@Override -public void addInterceptors(InterceptorRegistry registry) { - registry.addInterceptor(new SaInterceptor(handle -> { - SaRouter - .match("/**") - .notMatch(excludePaths()) - .check(r -> StpUtil.checkLogin()); - })).addPathPatterns("/**"); -} - -// 动态获取哪些 path 可以忽略鉴权 -public List excludePaths() { - // 此处仅为示例,实际项目你可以写任意代码来查询这些path - return Arrays.asList("/path1", "/path2", "/path3"); -} -``` - -如果不仅仅是登录校验,还需要鉴权,那也很简单: -``` java -@Override -public void addInterceptors(InterceptorRegistry registry) { - registry.addInterceptor(new SaInterceptor(handle -> { - // 遍历校验规则,依次鉴权 - Map rules = getAuthRules(); - for (String path : rules.keySet()) { - SaRouter.match(path, () -> StpUtil.checkPermission(rules.get(path))); - } - })).addPathPatterns("/**"); -} - -// 动态获取鉴权规则 -public Map getAuthRules() { - // key 代表要拦截的 path,value 代表需要校验的权限 - Map authMap = new LinkedHashMap<>(); - authMap.put("/user/**", "user"); - authMap.put("/admin/**", "admin"); - authMap.put("/article/**", "article"); - // 更多规则 ... - return authMap; -} -``` - +参考:[把路由拦截鉴权动态化](/fun/dynamic-router-check) ### Q:我不想让框架自动操作Cookie,怎么办? 在配置文件将`isReadCookie`值配置为`false`