From 11a70628ce55863910a0e164e469125f2442d8be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B5=B7=E8=A8=80?= <2439534736@qq.com> Date: Thu, 28 May 2026 16:00:05 +0800 Subject: [PATCH] =?UTF-8?q?fix(security):=20=E7=BB=9F=E4=B8=80=E5=BC=82?= =?UTF-8?q?=E5=B8=B8=E5=A4=84=E7=90=86=E5=93=8D=E5=BA=94=E6=A0=BC=E5=BC=8F?= =?UTF-8?q?=E5=B9=B6=E5=AE=8C=E5=96=84=E6=8B=A6=E6=88=AA=E5=99=A8=E9=85=8D?= =?UTF-8?q?=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 将全局异常处理器中的返回类型从 GenericResponse 统一为 RetObj - 更新登录、权限、角色异常的错误消息为中文提示 - 在拦截器配置中添加 swagger-ui 相关路径的排除规则 - 将拦截器中的 postHandle 方法改为 afterCompletion 以确保请求结束后清理 ThreadLocal - 修复 StpInterfaceImpl 中的类型转换问题,确保用户ID正确转换为Long类型 --- .../exception/GlobalExceptionHandler.java | 18 +++++++++--------- .../interceptor/InterceptorConfig.java | 4 +++- .../interceptor/SaTokenContextInterceptor.java | 4 ++-- .../basedemo/interceptor/StpInterfaceImpl.java | 3 ++- 4 files changed, 16 insertions(+), 13 deletions(-) diff --git a/src/main/java/cn/xf/basedemo/common/exception/GlobalExceptionHandler.java b/src/main/java/cn/xf/basedemo/common/exception/GlobalExceptionHandler.java index 61b2261..f348930 100644 --- a/src/main/java/cn/xf/basedemo/common/exception/GlobalExceptionHandler.java +++ b/src/main/java/cn/xf/basedemo/common/exception/GlobalExceptionHandler.java @@ -30,10 +30,10 @@ public class GlobalExceptionHandler { */ @ExceptionHandler(cn.dev33.satoken.exception.NotLoginException.class) @ResponseStatus(HttpStatus.UNAUTHORIZED) - public GenericResponse handleNotLoginException(cn.dev33.satoken.exception.NotLoginException e, + public RetObj handleNotLoginException(cn.dev33.satoken.exception.NotLoginException e, HttpServletRequest request) { - log.warn("Not logged in [URL:{}]: {}", request.getRequestURI(), e.getMessage()); - return new GenericResponse<>(401, null, "Please login first"); + log.warn("未登录或 Token 失效 [URL:{}]: {}", request.getRequestURI(), e.getMessage()); + return new RetObj<>(SystemStatus.UNAUTHORIZED.getCode(), "未登录或登录已过期"); } /** @@ -41,10 +41,10 @@ public class GlobalExceptionHandler { */ @ExceptionHandler(cn.dev33.satoken.exception.NotPermissionException.class) @ResponseStatus(HttpStatus.FORBIDDEN) - public GenericResponse handleNotPermissionException(cn.dev33.satoken.exception.NotPermissionException e, + public RetObj handleNotPermissionException(cn.dev33.satoken.exception.NotPermissionException e, HttpServletRequest request) { - log.warn("No permission [URL:{}]: {}", request.getRequestURI(), e.getMessage()); - return new GenericResponse<>(403, null, "No permission to access this resource"); + log.warn("无权限访问 [URL:{}]: {}", request.getRequestURI(), e.getMessage()); + return new RetObj<>(SystemStatus.FORBIDDEN.getCode(), "没有访问该资源的权限"); } /** @@ -52,10 +52,10 @@ public class GlobalExceptionHandler { */ @ExceptionHandler(cn.dev33.satoken.exception.NotRoleException.class) @ResponseStatus(HttpStatus.FORBIDDEN) - public GenericResponse handleNotRoleException(cn.dev33.satoken.exception.NotRoleException e, + public RetObj handleNotRoleException(cn.dev33.satoken.exception.NotRoleException e, HttpServletRequest request) { - log.warn("No role [URL:{}]: {}", request.getRequestURI(), e.getMessage()); - return new GenericResponse<>(403, null, "Insufficient role privileges"); + log.warn("角色不足 [URL:{}]: {}", request.getRequestURI(), e.getMessage()); + return new RetObj<>(SystemStatus.FORBIDDEN.getCode(), "角色权限不足"); } /** diff --git a/src/main/java/cn/xf/basedemo/interceptor/InterceptorConfig.java b/src/main/java/cn/xf/basedemo/interceptor/InterceptorConfig.java index 6d3a0fc..e7d30d3 100644 --- a/src/main/java/cn/xf/basedemo/interceptor/InterceptorConfig.java +++ b/src/main/java/cn/xf/basedemo/interceptor/InterceptorConfig.java @@ -27,7 +27,9 @@ public class InterceptorConfig implements WebMvcConfigurer { "/swagger-resources/**", "/webjars/**", "/v3/**", - "/doc.html" + "/doc.html", + "/swagger-ui.html", + "/swagger-ui/**" }; @Override diff --git a/src/main/java/cn/xf/basedemo/interceptor/SaTokenContextInterceptor.java b/src/main/java/cn/xf/basedemo/interceptor/SaTokenContextInterceptor.java index f2a4ec6..f5ec79b 100644 --- a/src/main/java/cn/xf/basedemo/interceptor/SaTokenContextInterceptor.java +++ b/src/main/java/cn/xf/basedemo/interceptor/SaTokenContextInterceptor.java @@ -33,8 +33,8 @@ public class SaTokenContextInterceptor implements HandlerInterceptor { } @Override - public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, - ModelAndView modelAndView) throws Exception { + public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) + throws Exception { // 请求结束后清理 ThreadLocal,防止内存泄漏 SessionContext.getInstance().clear(); } diff --git a/src/main/java/cn/xf/basedemo/interceptor/StpInterfaceImpl.java b/src/main/java/cn/xf/basedemo/interceptor/StpInterfaceImpl.java index 1460268..89a7c8a 100644 --- a/src/main/java/cn/xf/basedemo/interceptor/StpInterfaceImpl.java +++ b/src/main/java/cn/xf/basedemo/interceptor/StpInterfaceImpl.java @@ -35,6 +35,7 @@ public class StpInterfaceImpl implements StpInterface { @Override public List getRoleList(Object userId, String s) { // 获取用户角色数据 - return sysRoleMapper.getRoleListByUserId((Long) userId); + Long uId = Long.valueOf(userId.toString()); + return sysRoleMapper.getRoleListByUserId(uId); } }