add 增加 dubbo 内网鉴权放行 InnerExclude 注解 用于放行 dubbo 服务之间的内网调用

ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/annotation/InnerExclude.java

@@ -0,0 +1,15 @@
+package com.ruoyi.common.core.annotation;
+
+import java.lang.annotation.*;
+
+/**
+ * dubbo 内网鉴权放行
+ *
+ * @author Lion Li
+ */
+@Inherited
+@Target({ElementType.METHOD, ElementType.TYPE})
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+public @interface InnerExclude {
+}

ruoyi-common/ruoyi-common-dubbo/src/main/java/cn/dev33/satoken/context/dubbo/filter/SaTokenDubboConsumerFilter.java

@@ -6,11 +6,16 @@ import cn.dev33.satoken.id.SaIdUtil;
 import cn.dev33.satoken.spring.SaBeanInject;
 import cn.dev33.satoken.stp.StpUtil;
 import cn.dev33.satoken.util.SaTokenConsts;
+import cn.hutool.core.annotation.AnnotationUtil;
+import com.ruoyi.common.core.annotation.InnerExclude;
 import com.ruoyi.common.core.utils.SpringUtils;
+import lombok.SneakyThrows;
 import org.apache.dubbo.common.constants.CommonConstants;
 import org.apache.dubbo.common.extension.Activate;
 import org.apache.dubbo.rpc.*;
 
+import java.lang.reflect.Method;
+
 /**
  *
  * Sa-Token 整合 Dubbo Consumer端过滤器
@@ -23,6 +28,7 @@ import org.apache.dubbo.rpc.*;
 @Activate(group = {CommonConstants.CONSUMER}, order = Integer.MIN_VALUE)
 public class SaTokenDubboConsumerFilter implements Filter {
 
+    @SneakyThrows(NoSuchMethodException.class)
 	@Override
 	public Result invoke(Invoker<?> invoker, Invocation invocation) throws RpcException {
         // 强制初始化 Sa-Token 相关配置 解决内网鉴权元数据加载报错问题
@@ -30,7 +36,16 @@ public class SaTokenDubboConsumerFilter implements Filter {
 
         // 追加 Id-Token 参数
 		if(SaManager.getConfig().getCheckIdToken()) {
-			RpcContext.getServiceContext().setAttachment(SaIdUtil.ID_TOKEN, SaIdUtil.getToken());
+            Class<?> clazz = invoker.getInterface();
+            Method method = clazz.getMethod(invocation.getMethodName(), invocation.getParameterTypes());
+            // 检查是否有内网鉴权排除注解
+            if (AnnotationUtil.hasAnnotation(clazz, InnerExclude.class)
+                || AnnotationUtil.hasAnnotation(method, InnerExclude.class)) {
+                // 不传递 Id-Token
+            } else {
+                RpcContext.getServiceContext().setAttachment(SaIdUtil.ID_TOKEN, SaIdUtil.getToken());
+            }
+
 		}
 
 		// 1. 调用前，向下传递会话Token

ruoyi-common/ruoyi-common-dubbo/src/main/java/cn/dev33/satoken/context/dubbo/filter/SaTokenDubboProviderFilter.java

@@ -3,11 +3,16 @@ package cn.dev33.satoken.context.dubbo.filter;
 import cn.dev33.satoken.SaManager;
 import cn.dev33.satoken.id.SaIdUtil;
 import cn.dev33.satoken.spring.SaBeanInject;
+import cn.hutool.core.annotation.AnnotationUtil;
+import com.ruoyi.common.core.annotation.InnerExclude;
 import com.ruoyi.common.core.utils.SpringUtils;
+import lombok.SneakyThrows;
 import org.apache.dubbo.common.constants.CommonConstants;
 import org.apache.dubbo.common.extension.Activate;
 import org.apache.dubbo.rpc.*;
 
+import java.lang.reflect.Method;
+
 /**
  *
  * Sa-Token 整合 Dubbo Provider端过滤器
@@ -20,6 +25,7 @@ import org.apache.dubbo.rpc.*;
 @Activate(group = {CommonConstants.PROVIDER}, order = Integer.MIN_VALUE)
 public class SaTokenDubboProviderFilter implements Filter {
 
+    @SneakyThrows(NoSuchMethodException.class)
 	@Override
 	public Result invoke(Invoker<?> invoker, Invocation invocation) throws RpcException {
         // 强制初始化 Sa-Token 相关配置 解决内网鉴权元数据加载报错问题
@@ -27,6 +33,15 @@ public class SaTokenDubboProviderFilter implements Filter {
 
         // RPC 调用鉴权
 		if(SaManager.getConfig().getCheckIdToken()) {
+
+            Class<?> clazz = invoker.getInterface();
+            Method method = clazz.getMethod(invocation.getMethodName(), invocation.getParameterTypes());
+            // 检查是否有内网鉴权排除注解
+            if (AnnotationUtil.hasAnnotation(clazz, InnerExclude.class)
+                || AnnotationUtil.hasAnnotation(method, InnerExclude.class)) {
+                return invoker.invoke(invocation);
+            }
+
 			String idToken = invocation.getAttachment(SaIdUtil.ID_TOKEN);
             SaIdUtil.checkToken(idToken);
 		}