Merge remote-tracking branch 'origin/master' into spring-boot3

# Conflicts: # hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/redis/RedisUserTokenManager.java
2026-05-31 18:03:52 +08:00 · 2025-04-10 14:41:28 +08:00
parent 171fa7ecb3 c3f59abe7a
commit e1fffbd590
5 changed files with 168 additions and 148 deletions
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java
@@ -70,7 +70,10 @@ public class AopAuthorizingController extends StaticMethodMatcherPointcutAdvisor
            .invokeReactive(
                Authentication
                    .currentReactive()
-                    .switchIfEmpty(Mono.error(UnAuthorizedException.NoStackTrace::new))
+                    .switchIfEmpty(
+                        context.getDefinition().allowAnonymous()
+                            ? Mono.empty()
+                            : Mono.error(UnAuthorizedException.NoStackTrace::new))
                    .flatMap(auth -> {
                        context.setAuthentication(auth);
                        //响应式不再支持数据权限控制
@@ -124,7 +127,7 @@ public class AopAuthorizingController extends StaticMethodMatcherPointcutAdvisor
            Class<?> returnType = methodInvocation.getMethod().getReturnType();
            //handle reactive method
            if (Publisher.class.isAssignableFrom(returnType)) {
-               return handleReactive0(definition, holder, context, () -> invokeReactive(methodInvocation));
+                return handleReactive0(definition, holder, context, () -> invokeReactive(methodInvocation));
            }

            Authentication authentication = Authentication
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/define/DefaultBasicAuthorizeDefinition.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/define/DefaultBasicAuthorizeDefinition.java
@@ -43,18 +43,20 @@ public class DefaultBasicAuthorizeDefinition implements AopAuthorizeDefinition {

    private Phased phased = Phased.before;

+    private boolean allowAnonymous = false;
+
    @Override
    public boolean isEmpty() {
        return false;
    }

    private static final Set<Class<? extends Annotation>> types = new HashSet<>(Arrays.asList(
-            Authorize.class,
-            DataAccess.class,
-            Dimension.class,
-            Resource.class,
-            ResourceAction.class,
-            DataAccessType.class
+        Authorize.class,
+        DataAccess.class,
+        Dimension.class,
+        Resource.class,
+        ResourceAction.class,
+        DataAccessType.class
    ));

    public static AopAuthorizeDefinition from(Class<?> targetClass, Method method) {
@@ -76,6 +78,9 @@ public class DefaultBasicAuthorizeDefinition implements AopAuthorizeDefinition {
        for (Dimension dimension : ann.dimension()) {
            putAnnotation(dimension);
        }
+        if (ann.anonymous()) {
+            allowAnonymous = true;
+        }
    }

    public void putAnnotation(Dimension ann) {