diff --git a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoSecurityAutoConfiguration.java b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoSecurityAutoConfiguration.java index a24999176..c3d44a278 100644 --- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoSecurityAutoConfiguration.java +++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoSecurityAutoConfiguration.java @@ -1,5 +1,6 @@ package cn.iocoder.yudao.framework.security.config; +import cn.hutool.extra.spring.SpringUtil; import cn.iocoder.yudao.framework.security.core.aop.PreAuthenticatedAspect; import cn.iocoder.yudao.framework.security.core.context.TransmittableThreadLocalSecurityContextHolderStrategy; import cn.iocoder.yudao.framework.security.core.filter.TokenAuthenticationFilter; @@ -10,6 +11,7 @@ import cn.iocoder.yudao.framework.security.core.service.SecurityFrameworkService import cn.iocoder.yudao.framework.web.core.handler.GlobalExceptionHandler; import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi; import cn.iocoder.yudao.module.system.api.permission.PermissionApi; +import jakarta.annotation.Resource; import org.springframework.beans.factory.config.MethodInvokingFactoryBean; import org.springframework.boot.autoconfigure.AutoConfiguration; import org.springframework.boot.autoconfigure.AutoConfigureOrder; @@ -21,11 +23,9 @@ import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.access.AccessDeniedHandler; -import jakarta.annotation.Resource; - /** * Spring Security 自动配置类,主要用于相关组件的配置 - * + *

* 注意,不能和 {@link YudaoWebSecurityConfigurerAdapter} 用一个,原因是会导致初始化报错。 * 参见 https://stackoverflow.com/questions/53847050/spring-boot-delegatebuilder-cannot-be-null-on-autowiring-authenticationmanager 文档。 * @@ -80,11 +80,27 @@ public class YudaoSecurityAutoConfiguration { @Bean public TokenAuthenticationFilter authenticationTokenFilter(GlobalExceptionHandler globalExceptionHandler, OAuth2TokenApi oauth2TokenApi) { + // Cloud 专属逻辑:优先使用本地的 oauth2TokenApi 实现类,而不是 Feign 调用 + try { + OAuth2TokenApi oAuth2TokenApiImpl = SpringUtil.getBean("OAuth2TokenApiImpl", OAuth2TokenApi.class); + if (oAuth2TokenApiImpl != null) { + oauth2TokenApi = oAuth2TokenApiImpl; + } + } catch (Exception ignored) { + } return new TokenAuthenticationFilter(securityProperties, globalExceptionHandler, oauth2TokenApi); } @Bean("ss") // 使用 Spring Security 的缩写,方便使用 public SecurityFrameworkService securityFrameworkService(PermissionApi permissionApi) { + // Cloud 专属逻辑:优先使用本地的 permissionApi 实现类,而不是 Feign 调用 + try { + PermissionApi permissionApiImpl = SpringUtil.getBean("permissionApiImpl", PermissionApi.class); + if (permissionApiImpl != null) { + permissionApi = permissionApiImpl; + } + } catch (Exception ignored) { + } return new SecurityFrameworkServiceImpl(permissionApi); }