部署boot源码，新建租户，租户admin访问系统自带“流程管理”，提示认证异常

Blade 已结

关注举报

 2  70

石老记剑圣 2025-03-26 16:52

一、该问题的重现步骤是什么？

1. 部署boot以及saber3，根据快速启动配置了前后端的key、token.... yaml文件里在bladex下的配置

2. 创建新的租户

3. 使用新租户的tenant_id与admin登录

4. 点击系统自带的"流程管理“下的任何模块，都提示token过期

5. 查过数据库后台，是 “管理员”角色是默认自带拥有某些系统自带的菜单的权限的。那么就不是数据错误的原因。

二、你期待的结果是什么？实际看到的又是什么？

我期望能权限能按照配置正常使用。

希望理解为什么requestAspect为什么会独独过滤掉新建的租户的用户？

三、你正在使用的是什么产品，什么版本？在什么操作系统上？

下载的2025.03.25最新的boot、saber3

4.0.0org.springbladeBladeX-Bootjar4.5.0.RELEASE

四、请提供详细的错误堆栈信息，这很重要。

================ Request Start ================

===> GET: /blade-flow/model/list Parameters: {"query":{"current":1,"size":10,"ascs":null,"descs":null},"flow":{"current":"1","size":"10"}}

===Headers=== sec-fetch-mode: cors

===Headers=== referer: http://localhost:2888/flow/model

===Headers=== sec-fetch-site: same-origin

===Headers=== blade-auth: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJibGFkZXguY24iLCJhdWQiOlsiYmxhZGV4Il0sInRva2VuX3R5cGUiOiJhY2Nlc3NfdG9rZW4iLCJjbGllbnRfaWQiOiJkcGNtIiwidGVuYW50X2lkIjoiMDE3MTY0IiwidXNlcl9pZCI6IjE5MDQ4MTE4MDQxMjYzNTEzNjEiLCJkZXB0X2lkIjoiMTkwNDgxMTgwMzY2NDk3NzkyMSIsInBvc3RfaWQiOiIxOTA0ODExODAzNzUzMDU4MzA2Iiwicm9sZV9pZCI6IjE5MDQ4MTE4MDI5MDU4MDg4OTciLCJhY2NvdW50IjoiYWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiIsIm5pY2tfbmFtZSI6ImFkbWluIiwicmVhbF9uYW1lIjoiYWRtaW4iLCJyb2xlX25hbWUiOiJhZG1pbiIsImRldGFpbCI6eyJ0eXBlIjoid2ViIn0sImV4cCI6MTc0Mjk4MjM3MywibmJmIjoxNzQyOTc4NzczfQ.hty9LFeaHpE5u_3xQ3SaC0aw4fqFkCGWww7Chyc6m7k

===Headers=== cookie: saber3-access-token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJibGFkZXguY24iLCJhdWQiOlsiYmxhZGV4Il0sInRva2VuX3R5cGUiOiJhY2Nlc3NfdG9rZW4iLCJjbGllbnRfaWQiOiJkcGNtIiwidGVuYW50X2lkIjoiMDE3MTY0IiwidXNlcl9pZCI6IjE5MDQ4MTE4MDQxMjYzNTEzNjEiLCJkZXB0X2lkIjoiMTkwNDgxMTgwMzY2NDk3NzkyMSIsInBvc3RfaWQiOiIxOTA0ODExODAzNzUzMDU4MzA2Iiwicm9sZV9pZCI6IjE5MDQ4MTE4MDI5MDU4MDg4OTciLCJhY2NvdW50IjoiYWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiIsIm5pY2tfbmFtZSI6ImFkbWluIiwicmVhbF9uYW1lIjoiYWRtaW4iLCJyb2xlX25hbWUiOiJhZG1pbiIsImRldGFpbCI6eyJ0eXBlIjoid2ViIn0sImV4cCI6MTc0Mjk4MjM3MywibmJmIjoxNzQyOTc4NzczfQ.hty9LFeaHpE5u_3xQ3SaC0aw4fqFkCGWww7Chyc6m7k; saber3-refresh-token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJibGFkZXguY24iLCJhdWQiOlsiYmxhZGV4Il0sInRva2VuX3R5cGUiOiJyZWZyZXNoX3Rva2VuIiwidXNlcl9pZCI6IjE5MDQ4MTE4MDQxMjYzNTEzNjEiLCJkZXB0X2lkIjoiMTkwNDgxMTgwMzY2NDk3NzkyMSIsInJvbGVfaWQiOiIxOTA0ODExODAyOTA1ODA4ODk3IiwiZXhwIjoxNzQzNTgzNTczLCJuYmYiOjE3NDI5Nzg3NzN9.-uGjH21Kk-x5kOKUNuQX88v2Xbdk_CxjwghYimSLHxw

===Headers=== accept-language: en

===Headers=== accept: application/json, text/plain, */*

===Headers=== authorization: Basic ZHBjbTpkcGNtX3NlY3JldA==

===Headers=== sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"

===Headers=== sec-ch-ua-mobile: ?0

===Headers=== sec-ch-ua-platform: "macOS"

===Headers=== host: localhost:24384

===Headers=== connection: close

===Headers=== accept-encoding: gzip, deflate, br, zstd

===Headers=== blade-requested-with: BladeHttpRequest

===Headers=== user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36

===Headers=== sec-fetch-dest: empty

================ Request End ================

2025-03-26 16:46:13.356 WARN 2789 --- [ XNIO-1 task-4] o.s.c.secure.aspect.AdministratorAspect :

============ IsAdministrator Start ============

PreAuth : IsAdministrator

ClientId : dpcm

BladeAuth : bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJibGFkZXguY24iLCJhdWQiOlsiYmxhZGV4Il0sInRva2VuX3R5cGUiOiJhY2Nlc3NfdG9rZW4iLCJjbGllbnRfaWQiOiJkcGNtIiwidGVuYW50X2lkIjoiMDE3MTY0IiwidXNlcl9pZCI6IjE5MDQ4MTE4MDQxMjYzNTEzNjEiLCJkZXB0X2lkIjoiMTkwNDgxMTgwMzY2NDk3NzkyMSIsInBvc3RfaWQiOiIxOTA0ODExODAzNzUzMDU4MzA2Iiwicm9sZV9pZCI6IjE5MDQ4MTE4MDI5MDU4MDg4OTciLCJhY2NvdW50IjoiYWRtaW4iLCJ1c2VyX25hbWUiOiJhZG1pbiIsIm5pY2tfbmFtZSI6ImFkbWluIiwicmVhbF9uYW1lIjoiYWRtaW4iLCJyb2xlX25hbWUiOiJhZG1pbiIsImRldGFpbCI6eyJ0eXBlIjoid2ViIn0sImV4cCI6MTc0Mjk4MjM3MywibmJmIjoxNzQyOTc4NzczfQ.hty9LFeaHpE5u_3xQ3SaC0aw4fqFkCGWww7Chyc6m7k

BladeUser : BladeUser(clientId=dpcm, userId=1904811804126351361, account=admin, userName=admin, nickName=admin, tenantId=017164, oauthId=, deptId=1904811803664977921, postId=1904811803753058306, roleId=1904811802905808897, roleName=admin, detail={type=web})

RequestURI : /blade-flow/model/list

RequestIP: 0:0:0:0:0:0:0:1

RequestParam: current=1&size=10

============ IsAdministrator End ============

2025-03-26 16:46:13.357 INFO 2789 --- [ XNIO-1 task-4] o.s.core.log.aspect.RequestLogAspect :

=============== Response Start ================

<=== GET: /blade-flow/model/list (1 ms)

=============== Response End ================

2025-03-26 16:46:13.357 ERROR 2789 --- [ XNIO-1 task-4] o.s.c.l.e.BladeRestExceptionTranslator : 认证异常

org.springblade.core.secure.exception.SecureException: 请求未授权

2025-03-26 16:46:13.557 INFO 2789 --- [ XNIO-1 task-4] o.s.core.log.aspect.RequestLogAspect :

五、若有更多详细信息，请在下面提供。

这是因为流程管理界面现在设置为超级管理员才可以访问了，可以到流程管理对应的controller看下代码，有一个@PreAuth注解，指定了超管权限。

如果你需要普通用户也可以访问，那把这个注解注释掉重启就可以了。