fix 修复 sa-token.check-same-token 开关对网关鉴权无效问题

2025-09-06 04:18:07 +00:00 · 2023-05-11 10:23:37 +08:00
parent 74d247ace8
commit fd012e423f
2 changed files with 11 additions and 1 deletions
--- a/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfiguration.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfiguration.java
@@ -1,5 +1,6 @@
 package org.dromara.common.security.config;

+import cn.dev33.satoken.SaManager;
 import cn.dev33.satoken.filter.SaServletFilter;
 import cn.dev33.satoken.interceptor.SaInterceptor;
 import cn.dev33.satoken.same.SaSameUtil;
@@ -35,7 +36,11 @@ public class SecurityConfiguration implements WebMvcConfigurer {
        return new SaServletFilter()
            .addInclude("/**")
            .addExclude("/actuator/**")
-            .setAuth(obj -> SaSameUtil.checkCurrentRequestToken())
+            .setAuth(obj -> {
+                if (SaManager.getConfig().getCheckSameToken()) {
+                    SaSameUtil.checkCurrentRequestToken();
+                }
+            })
            .setError(e -> SaResult.error("认证失败，无法访问系统资源").setCode(HttpStatus.UNAUTHORIZED));
    }