fix: 修复jenkins执行接口场景不能正常查看结果的问题

This commit is contained in:
CaptainB 2024-06-04 17:05:36 +08:00 committed by 刘瑞斌
parent 2f43a7882b
commit 4c48bae74f
7 changed files with 83 additions and 21 deletions

View File

@ -162,10 +162,31 @@
<version>${quartz-starter.version}</version>
</dependency>
<!-- shiro -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-web-starter</artifactId>
<version>${shiro.version}</version>
<classifier>jakarta</classifier>
<exclusions>
<exclusion>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-starter</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-web</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring-boot-starter</artifactId>
<version>${shiro.version}</version>
<classifier>jakarta</classifier>
<exclusions>
<exclusion>
<groupId>org.apache.shiro</groupId>
@ -182,6 +203,18 @@
<artifactId>shiro-web</artifactId>
<version>${shiro.version}</version>
<classifier>jakarta</classifier>
<exclusions>
<exclusion>
<artifactId>shiro-core</artifactId>
<groupId>org.apache.shiro</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>${shiro.version}</version>
<classifier>jakarta</classifier>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
@ -193,6 +226,10 @@
<artifactId>shiro-web</artifactId>
<groupId>org.apache.shiro</groupId>
</exclusion>
<exclusion>
<artifactId>shiro-core</artifactId>
<groupId>org.apache.shiro</groupId>
</exclusion>
</exclusions>
</dependency>

View File

@ -51,14 +51,6 @@ public class ShiroConfig {
return shiroFilterFactoryBean;
}
@Bean(name = "shiroFilter")
public FilterRegistrationBean<Filter> shiroFilter(ShiroFilterFactoryBean shiroFilterFactoryBean) throws Exception {
FilterRegistrationBean<Filter> registration = new FilterRegistrationBean<>();
registration.setFilter((Filter) Objects.requireNonNull(shiroFilterFactoryBean.getObject()));
registration.setDispatcherTypes(EnumSet.allOf(DispatcherType.class));
return registration;
}
@Bean
public MemoryConstrainedCacheManager memoryConstrainedCacheManager() {
return new MemoryConstrainedCacheManager();

View File

@ -5,5 +5,5 @@ import org.apache.ibatis.annotations.Param;
import java.util.List;
public interface ExtCheckOwnerMapper {
boolean checkoutOwner(@Param("table") String resourceType, @Param("projectId") String projectId, @Param("ids") List ids);
boolean checkoutOwner(@Param("table") String resourceType, @Param("userId") String userId, @Param("ids") List ids);
}

View File

@ -2,12 +2,15 @@
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="io.metersphere.base.mapper.ext.ExtCheckOwnerMapper">
<select id="checkoutOwner" resultType="boolean">
SELECT count(id) = ${ids.size()}
FROM ${table}
WHERE project_id = #{projectId}
and id in
SELECT count(1) > 0
FROM user_group
WHERE source_id IN (SELECT project_id
FROM ${table} JOIN project ON ${table}.project_id = project.id
WHERE ${table}.id IN
<foreach collection="ids" item="id" separator="," open="(" close=")">
#{id}
</foreach>
</foreach>)
AND user_id = #{userId}
</select>
</mapper>

View File

@ -3,9 +3,9 @@ package io.metersphere.controller.handler;
import io.metersphere.commons.exception.MSException;
import io.metersphere.commons.utils.LogUtil;
import org.apache.shiro.ShiroException;
import org.apache.shiro.authz.UnauthorizedException;
import org.apache.shiro.lang.ShiroException;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RestControllerAdvice;

View File

@ -7,8 +7,13 @@ import io.metersphere.commons.exception.MSException;
import io.metersphere.commons.utils.SessionUtils;
import io.metersphere.i18n.Translator;
import jakarta.annotation.Resource;
import jakarta.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.web.util.WebUtils;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.After;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
@ -20,9 +25,10 @@ import org.springframework.expression.ExpressionParser;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.expression.spel.support.StandardEvaluationContext;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.List;
@ -43,6 +49,16 @@ public class CheckOwnerAspect {
@Before("pointcut()")
public void before(JoinPoint joinPoint) {
// apikey 过来的请求
RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
if (requestAttributes != null) {
HttpServletRequest request = (HttpServletRequest) requestAttributes.resolveReference(RequestAttributes.REFERENCE_REQUEST);
if (ApiKeyHandler.isApiKeyCall(request) && !SecurityUtils.getSubject().isAuthenticated()) {
String userId = ApiKeyHandler.getUser(WebUtils.toHttp(request));
SecurityUtils.getSubject().login(new UsernamePasswordToken(userId, SSOSessionHandler.random));
}
}
//从切面织入点处通过反射机制获取织入点处的方法
MethodSignature signature = (MethodSignature) joinPoint.getSignature();
//获取切入点所在的方法
@ -59,6 +75,7 @@ public class CheckOwnerAspect {
return;
}
// 操作内容
//获取方法参数名
String[] params = discoverer.getParameterNames(method);
@ -73,14 +90,27 @@ public class CheckOwnerAspect {
Expression titleExp = parser.parseExpression(resourceId);
Object v = titleExp.getValue(context, Object.class);
if (v instanceof String id) {
if (!extCheckOwnerMapper.checkoutOwner(resourceType, SessionUtils.getCurrentProjectId(), List.of(id))) {
if (!extCheckOwnerMapper.checkoutOwner(resourceType, SessionUtils.getUserId(), List.of(id))) {
MSException.throwException(Translator.get("check_owner_case"));
}
}
if (v instanceof List ids) {
if (!extCheckOwnerMapper.checkoutOwner(resourceType, SessionUtils.getCurrentProjectId(), ids)) {
if (!extCheckOwnerMapper.checkoutOwner(resourceType, SessionUtils.getUserId(), ids)) {
MSException.throwException(Translator.get("check_owner_case"));
}
}
}
@After("pointcut()")
public void after() {
// apikey 过来的请求
RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
if (requestAttributes != null) {
HttpServletRequest request = (HttpServletRequest) requestAttributes.resolveReference(RequestAttributes.REFERENCE_REQUEST);
// apikey 退出
if (ApiKeyHandler.isApiKeyCall(WebUtils.toHttp(request)) && SecurityUtils.getSubject().isAuthenticated()) {
SecurityUtils.getSubject().logout();
}
}
}
}

View File

@ -6,7 +6,7 @@
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.2.4</version>
<version>3.2.6</version>
<relativePath/>
</parent>
@ -23,7 +23,7 @@
<spring-cloud.version>2023.0.0</spring-cloud.version>
<dubbo.version>2.7.22</dubbo.version>
<platform-plugin-sdk.version>1.6.0</platform-plugin-sdk.version>
<shiro.version>1.13.0</shiro.version>
<shiro.version>2.0.1</shiro.version>
<java-websocket.version>1.5.3</java-websocket.version>
<easyexcel.version>3.1.1</easyexcel.version>
<dom4j.version>2.1.4</dom4j.version>