接口权限设置,对租户不为000000的角色添加接口访问提示未授权

Blade 已结 2 856
xchangtu
xchangtu 2022-03-31 16:57

一、该问题的重现步骤是什么?

1. 添加接口权限

2. 为租户为000000的用户设置接口权限,验证生效

3.为租户不为000000的用户设置接口权限,访问接口提示未授权

image.png

二、你期待的结果是什么?实际看到的又是什么?

 为租户为000000的用户设置接口权限,验证生效

为租户不为000000的用户设置接口权限,访问接口提示未授权

三、你正在使用的是什么产品,什么版本?在什么操作系统上?

商业版本。2.5.0,linux

四、请提供详细的错误堆栈信息,这很重要。


五、若有更多详细信息,请在下面提供。

2条回答
  •  xchangtu
    xchangtu (楼主)
    2022-03-31 17:33

    一、该问题的重现步骤是什么?

    代码添加注解

    image.png

    页面添加接口

    image.png

    添加新租户

    image.png

    为租户为000000的角色设置接口权限

    image.png

    添加超级管理员blade-auth ,访问接口提示成功。

    Blade-Au

    image.png


    去掉接口权限,再次访问接口,提示未授权(正常)

    image.png

    image.png

    为租户不为000000的角色设置接口权限,更换账号访问接口。提示未授权

    image.png

    image.png

    ================  Request Start  ================

    ===> GET: /camera_info/list Parameters: {"query":{"current":null,"size":null,"ascs":null,"descs":null},"cameraInfo":{"id":null,"county":null,"town":null,"towerName":null,"towerCode":null,"towerType":null,"longitude":null,"latitude":null,"towerAltitude":null,"machineRoomType":null,"propertyRight":null,"tenant":null,"drawingHeight":null,"direction":null,"review":null,"hasTestErport":null,"hasExplorationPhotos":null,"remark":null,"createDate":null,"cameraIndexCode":null,"ip":null,"token":null,"speed":null,"standingTime":null,"sequences":null,"isVisibleLight":null,"nickName":null,"isOnline":null,"isBayonet":null}}

    ===Headers===  content-length: 18

    ===Headers===  X-Forwarded-Prefix: /xc-resource-monitor

    ===Headers===  Accept: */*

    ===Headers===  User-Agent: PostmanRuntime/7.29.0

    ===Headers===  X-Forwarded-Proto: http

    ===Headers===  X-Forwarded-Host: 192.168.1.235

    ===Headers===  Accept-Encoding: gzip, deflate, br

    ===Headers===  X-Forwarded-Port: 80

    ===Headers===  Forwarded: proto=http;host=192.168.1.235;for="0:0:0:0:0:0:0:1%0:44158"

    ===Headers===  host: 192.168.1.235:19002

    ===Headers===  X-Forwarded-For: 192.168.1.81,0:0:0:0:0:0:0:1%0

    ===Headers===  Postman-Token: 5be375d1-e839-4e2e-8d15-068dae099c5d

    ===Headers===  X-Real-IP: 192.168.1.81

    ===Headers===  Blade-Auth: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnRfaWQiOiIzODI2ODkiLCJ1c2VyX25hbWUiOiJhZG1pbiIsInJlYWxfbmFtZSI6IueuoeeQhuWRmCIsImF2YXRhciI6IiIsImF1dGhvcml0aWVzIjpbImFkbWluIl0sImNsaWVudF9pZCI6InNhYmVyIiwicm9sZV9uYW1lIjoiYWRtaW4iLCJsaWNlbnNlIjoicG93ZXJlZCBieSBibGFkZXgiLCJwb3N0X2lkIjoiMTM5Mjc1MDkwMTM1Mjk5Mjc2OSIsInVzZXJfaWQiOiIxMzkyNzUwOTA0MDI0NzY0NDE4Iiwicm9sZV9pZCI6IjEzOTI3NTA4Nzg5NzYzODA5MjkiLCJzY29wZSI6WyJhbGwiXSwibmlja19uYW1lIjoi566h55CG5ZGYIiwib2F1dGhfaWQiOiIiLCJkZXRhaWwiOnsidHlwZSI6IndlYiJ9LCJleHAiOjE2NDg3MjE3NDcsImRlcHRfaWQiOiIxMzkyNzUwOTAxMjc3NDk1Mjk3IiwianRpIjoiMTQyOTRiNDktODYyMi00YjJjLTkxZmMtOGNlMzE4MzUxMDYxIiwiYWNjb3VudCI6ImFkbWluIn0.BH7fohcICf3CFrJjal-SyEQc1yL04cdHUQuPagUHtMI

    ===Headers===  Content-Type: application/json

    ================   Request End   ================


    2022-03-31 09:16:37.264 DEBUG 1 --- [XNIO-1 task-337] io.lettuce.core.RedisChannelHandler      : dispatching command AsyncCommand [type=GET, output=ValueOutput [output=null, error='null'], commandType=io.lettuce.core.protocol.Command]

    2022-03-31 09:16:37.265 DEBUG 1 --- [XNIO-1 task-337] i.lettuce.core.protocol.DefaultEndpoint  : [channel=0x56898bb2, /192.168.1.235:47414 -> /192.168.1.235:6379, epid=0x2] write() writeAndFlush command AsyncCommand [type=GET, output=ValueOutput [output=null, error='null'], commandType=io.lettuce.core.protocol.Command]

    2022-03-31 09:16:37.266 DEBUG 1 --- [XNIO-1 task-337] i.lettuce.core.protocol.DefaultEndpoint  : [channel=0x56898bb2, /192.168.1.235:47414 -> /192.168.1.235:6379, epid=0x2] write() done

    2022-03-31 09:16:37.266 DEBUG 1 --- [ioEventLoop-4-2] io.lettuce.core.protocol.CommandHandler  : [channel=0x56898bb2, /192.168.1.235:47414 -> /192.168.1.235:6379, chid=0x2] write(ctx, AsyncCommand [type=GET, output=ValueOutput [output=null, error='null'], commandType=io.lettuce.core.protocol.Command], promise)

    2022-03-31 09:16:37.267 DEBUG 1 --- [ioEventLoop-4-2] io.lettuce.core.protocol.CommandEncoder  : [channel=0x56898bb2, /192.168.1.235:47414 -> /192.168.1.235:6379] writing command AsyncCommand [type=GET, output=ValueOutput [output=null, error='null'], commandType=io.lettuce.core.protocol.Command]

    2022-03-31 09:16:37.267 DEBUG 1 --- [ioEventLoop-4-2] io.lettuce.core.protocol.CommandHandler  : [channel=0x56898bb2, /192.168.1.235:47414 -> /192.168.1.235:6379, chid=0x2] Received: 21 bytes, 1 commands in the stack

    2022-03-31 09:16:37.268 DEBUG 1 --- [ioEventLoop-4-2] io.lettuce.core.protocol.CommandHandler  : [channel=0x56898bb2, /192.168.1.235:47414 -> /192.168.1.235:6379, chid=0x2] Stack contains: 1 commands

    2022-03-31 09:16:37.268 DEBUG 1 --- [ioEventLoop-4-2] i.l.core.protocol.RedisStateMachine      : Decode LatencyMeteredCommand [type=GET, output=ValueOutput [output=null, error='null'], commandType=io.lettuce.core.protocol.AsyncCommand]

    2022-03-31 09:16:37.268 DEBUG 1 --- [ioEventLoop-4-2] i.l.core.protocol.RedisStateMachine      : Decoded LatencyMeteredCommand [type=GET, output=ValueOutput [output=[B@e3bc059, error='null'], commandType=io.lettuce.core.protocol.AsyncCommand], empty stack: true

    2022-03-31 09:16:37.268  INFO 1 --- [XNIO-1 task-337] o.s.core.log.aspect.RequestLogAspect     : 


    ================  Response Start  ================

    <=== GET: /camera_info/list (9 ms)

    ================   Response End   ================


    2022-03-31 09:16:37.269 ERROR 1 --- [XNIO-1 task-337] o.s.c.l.e.BladeRestExceptionTranslator   : 认证异常


    org.springblade.core.secure.exception.SecureException: 请求未授权

    1. 添加接口权限

    2. 为租户为000000的用户设置接口权限,验证生效

    3.为租户不为000000的用户设置接口权限,访问接口提示未授权

    二、你期待的结果是什么?实际看到的又是什么?

    希望看到

     为租户为000000的用户设置接口权限,验证生效

    为租户不为000000的用户设置接口权限,验证生效

    实际看到

     为租户为000000的用户设置接口权限,验证生效

    为租户不为000000的用户设置接口权限,访问接口提示未授权


    作者追问:2022-03-31 17:33

    请把工程打包,以及数据库完整sql脚本发一份到bladejava@qq.com,我本地测试了下无法重现。

    当然其他的业务模块代码可以全部删掉,只需要保证发过来的最简版工程可以让我们重现便可。

提交回复