diff --git a/fjrcloud-framework/fjrcloud-spring-boot-starter-biz-tenant/src/main/java/com/fjrcloud/community/framework/tenant/core/security/TenantSecurityWebFilter.java b/fjrcloud-framework/fjrcloud-spring-boot-starter-biz-tenant/src/main/java/com/fjrcloud/community/framework/tenant/core/security/TenantSecurityWebFilter.java index e972987..66c077e 100644 --- a/fjrcloud-framework/fjrcloud-spring-boot-starter-biz-tenant/src/main/java/com/fjrcloud/community/framework/tenant/core/security/TenantSecurityWebFilter.java +++ b/fjrcloud-framework/fjrcloud-spring-boot-starter-biz-tenant/src/main/java/com/fjrcloud/community/framework/tenant/core/security/TenantSecurityWebFilter.java @@ -20,7 +20,6 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; -import java.util.Objects; import java.util.Set; /** @@ -78,14 +77,15 @@ public class TenantSecurityWebFilter extends ApiRequestFilter { tenantId = user.getTenantId(); TenantContextHolder.setTenantId(tenantId); // 如果传递了租户编号,则进行比对租户编号,避免越权问题 - } else if (!Objects.equals(user.getTenantId(), TenantContextHolder.getTenantId())) { - log.error("[doFilterInternal][租户({}) User({}/{}) 越权访问租户({}) URL({}/{})]", - user.getTenantId(), user.getId(), user.getUserType(), - TenantContextHolder.getTenantId(), request.getRequestURI(), request.getMethod()); - ServletUtils.writeJSON(response, CommonResult.error(GlobalErrorCodeConstants.FORBIDDEN.getCode(), - "您无权访问该租户的数据")); - return; } +// else if (!Objects.equals(user.getTenantId(), TenantContextHolder.getTenantId())) { +// log.error("[doFilterInternal][租户({}) User({}/{}) 越权访问租户({}) URL({}/{})]", +// user.getTenantId(), user.getId(), user.getUserType(), +// TenantContextHolder.getTenantId(), request.getRequestURI(), request.getMethod()); +// ServletUtils.writeJSON(response, CommonResult.error(GlobalErrorCodeConstants.FORBIDDEN.getCode(), +// "您无权访问该租户的数据")); +// return; +// } } // 2. 超级管理员(系统租户)默认忽略租户隔离,可查询所有数据