optimize oauth2TokenApi\permissionApi尽量用本地实现类，提升执行效率

2024-08-08 15:42:43 +08:00 · 2024-08-08 15:42:43 +08:00 · bd706ecfd8
parent 99bef36c90
commit bd706ecfd8
1 changed files with 19 additions and 3 deletions
--- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoSecurityAutoConfiguration.java
+++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/YudaoSecurityAutoConfiguration.java
@ -1,5 +1,6 @@
 package cn.iocoder.yudao.framework.security.config;

+import cn.hutool.extra.spring.SpringUtil;
 import cn.iocoder.yudao.framework.security.core.aop.PreAuthenticatedAspect;
 import cn.iocoder.yudao.framework.security.core.context.TransmittableThreadLocalSecurityContextHolderStrategy;
 import cn.iocoder.yudao.framework.security.core.filter.TokenAuthenticationFilter;
@ -10,6 +11,7 @@ import cn.iocoder.yudao.framework.security.core.service.SecurityFrameworkService
 import cn.iocoder.yudao.framework.web.core.handler.GlobalExceptionHandler;
 import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi;
 import cn.iocoder.yudao.module.system.api.permission.PermissionApi;
+import jakarta.annotation.Resource;
 import org.springframework.beans.factory.config.MethodInvokingFactoryBean;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.autoconfigure.AutoConfigureOrder;
@ -21,11 +23,9 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.access.AccessDeniedHandler;

-import jakarta.annotation.Resource;
-
 /**
 * Spring Security 自动配置类，主要用于相关组件的配置
- *
+ * <p>
 * 注意，不能和 {@link YudaoWebSecurityConfigurerAdapter} 用一个，原因是会导致初始化报错。
 * 参见 https://stackoverflow.com/questions/53847050/spring-boot-delegatebuilder-cannot-be-null-on-autowiring-authenticationmanager 文档。
 *
@ -80,11 +80,27 @@ public class YudaoSecurityAutoConfiguration {
    @Bean
    public TokenAuthenticationFilter authenticationTokenFilter(GlobalExceptionHandler globalExceptionHandler,
                                                               OAuth2TokenApi oauth2TokenApi) {
+        // Cloud 专属逻辑：优先使用本地的 oauth2TokenApi 实现类，而不是 Feign 调用
+        try {
+            OAuth2TokenApi oAuth2TokenApiImpl = SpringUtil.getBean("OAuth2TokenApiImpl", OAuth2TokenApi.class);
+            if (oAuth2TokenApiImpl != null) {
+                oauth2TokenApi = oAuth2TokenApiImpl;
+            }
+        } catch (Exception ignored) {
+        }
        return new TokenAuthenticationFilter(securityProperties, globalExceptionHandler, oauth2TokenApi);
    }

    @Bean("ss") // 使用 Spring Security 的缩写，方便使用
    public SecurityFrameworkService securityFrameworkService(PermissionApi permissionApi) {
+        // Cloud 专属逻辑：优先使用本地的 permissionApi 实现类，而不是 Feign 调用
+        try {
+            PermissionApi permissionApiImpl = SpringUtil.getBean("permissionApiImpl", PermissionApi.class);
+            if (permissionApiImpl != null) {
+                permissionApi = permissionApiImpl;
+            }
+        } catch (Exception ignored) {
+        }
        return new SecurityFrameworkServiceImpl(permissionApi);
    }