修改,无视很多条件

.gitignore

@@ -0,0 +1 @@
+.vscode

java代码/ruoyi-admin/src/main/java/com/ruoyi/web/controller/JccAcademicCommitteeController.java

@@ -36,7 +36,7 @@ public class JccAcademicCommitteeController extends BaseController
     /**
      * 查询学术委员会列表
      */
-    @PreAuthorize("@ss.hasPermi('system:committee:list')")
+    // @PreAuthorize("@ss.hasPermi('system:committee:list')")
     @GetMapping("/list")
     public TableDataInfo list(JccAcademicCommittee jccAcademicCommittee)
     {

java代码/ruoyi-admin/src/main/java/com/ruoyi/web/controller/JccChiefAssistantController.java

@@ -36,7 +36,7 @@ public class JccChiefAssistantController extends BaseController
     /**
      * 查询主任及科研助理列表
      */
-    @PreAuthorize("@ss.hasPermi('system:assistant:list')")
+    // @PreAuthorize("@ss.hasPermi('system:assistant:list')")
     @GetMapping("/list")
     public TableDataInfo list(JccChiefAssistant jccChiefAssistant)
     {

java代码/ruoyi-admin/src/main/java/com/ruoyi/web/controller/JccEquipmentConditionController.java

@@ -104,7 +104,7 @@ public class JccEquipmentConditionController extends BaseController
     /**
      * 查询设备情况列表
      */
-    @PreAuthorize("@ss.hasPermi('system:condition:count')")
+    // @PreAuthorize("@ss.hasPermi('system:condition:count')")
     @GetMapping("/count")
     public TableDataInfo selectCount()
     {

java代码/ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java

@@ -24,123 +24,119 @@ import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl;
  * @author ruoyi
  */
 @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
-public class SecurityConfig extends WebSecurityConfigurerAdapter
-{
-    /**
-     * 自定义用户认证逻辑
-     */
-    @Autowired
-    private UserDetailsService userDetailsService;
-    
-    /**
-     * 认证失败处理类
-     */
-    @Autowired
-    private AuthenticationEntryPointImpl unauthorizedHandler;
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+  /**
+   * 自定义用户认证逻辑
+   */
+  @Autowired
+  private UserDetailsService userDetailsService;
 
-    /**
-     * 退出处理类
-     */
-    @Autowired
-    private LogoutSuccessHandlerImpl logoutSuccessHandler;
+  /**
+   * 认证失败处理类
+   */
+  @Autowired
+  private AuthenticationEntryPointImpl unauthorizedHandler;
 
-    /**
-     * token认证过滤器
-     */
-    @Autowired
-    private JwtAuthenticationTokenFilter authenticationTokenFilter;
+  /**
+   * 退出处理类
+   */
+  @Autowired
+  private LogoutSuccessHandlerImpl logoutSuccessHandler;
 
-    /**
-     * 跨域过滤器
-     */
-    @Autowired
-    private CorsFilter corsFilter;
-    
-    /**
-     * 解决 无法直接注入 AuthenticationManager
-     *
-     * @return
-     * @throws Exception
-     */
-    @Bean
-    @Override
-    public AuthenticationManager authenticationManagerBean() throws Exception
-    {
-        return super.authenticationManagerBean();
-    }
+  /**
+   * token认证过滤器
+   */
+  @Autowired
+  private JwtAuthenticationTokenFilter authenticationTokenFilter;
 
-    /**
-     * anyRequest          |   匹配所有请求路径
-     * access              |   SpringEl表达式结果为true时可以访问
-     * anonymous           |   匿名可以访问
-     * denyAll             |   用户不能访问
-     * fullyAuthenticated  |   用户完全认证可以访问（非remember-me下自动登录）
-     * hasAnyAuthority     |   如果有参数，参数表示权限，则其中任何一个权限可以访问
-     * hasAnyRole          |   如果有参数，参数表示角色，则其中任何一个角色可以访问
-     * hasAuthority        |   如果有参数，参数表示权限，则其权限可以访问
-     * hasIpAddress        |   如果有参数，参数表示IP地址，如果用户IP和参数匹配，则可以访问
-     * hasRole             |   如果有参数，参数表示角色，则其角色可以访问
-     * permitAll           |   用户可以任意访问
-     * rememberMe          |   允许通过remember-me登录的用户访问
-     * authenticated       |   用户登录后可访问
-     */
-    @Override
-    protected void configure(HttpSecurity httpSecurity) throws Exception
-    {
-        httpSecurity
-                // CSRF禁用，因为不使用session
-                .csrf().disable()
-                // 认证失败处理类
-                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
-                // 基于token，所以不需要session
-                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
-                // 过滤请求
-                .authorizeRequests()
-                // 对于登录login 验证码captchaImage 允许匿名访问
-                .antMatchers("/login", "/captchaImage").anonymous()
-                .antMatchers(
-                        HttpMethod.GET,
-                        "/*.html",
-                        "/**/*.html",
-                        "/**/*.css",
-                        "/**/*.js"
-                ).permitAll()
-                .antMatchers("/profile/**").anonymous()
-                .antMatchers("/common/download**").anonymous()
-                .antMatchers("/common/download/resource**").anonymous()
-                .antMatchers("/swagger-ui.html").anonymous()
-                .antMatchers("/swagger-resources/**").anonymous()
-                .antMatchers("/webjars/**").anonymous()
-                .antMatchers("/*/api-docs").anonymous()
-                .antMatchers("/druid/**").anonymous()
-                // 除上面外的所有请求全部需要鉴权认证
-                .anyRequest().authenticated()
-                .and()
-                .headers().frameOptions().disable();
-        httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
-        // 添加JWT filter
-        httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
-        // 添加CORS filter
-        httpSecurity.addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class);
-        httpSecurity.addFilterBefore(corsFilter, LogoutFilter.class);
-    }
+  /**
+   * 跨域过滤器
+   */
+  @Autowired
+  private CorsFilter corsFilter;
 
-    
-    /**
-     * 强散列哈希加密实现
-     */
-    @Bean
-    public BCryptPasswordEncoder bCryptPasswordEncoder()
-    {
-        return new BCryptPasswordEncoder();
-    }
+  /**
+   * 解决 无法直接注入 AuthenticationManager
+   *
+   * @return
+   * @throws Exception
+   */
+  @Bean
+  @Override
+  public AuthenticationManager authenticationManagerBean() throws Exception {
+    return super.authenticationManagerBean();
+  }
 
-    /**
-     * 身份认证接口
-     */
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception
-    {
-        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
-    }
+  /**
+   * anyRequest | 匹配所有请求路径
+   * access | SpringEl表达式结果为true时可以访问
+   * anonymous | 匿名可以访问
+   * denyAll | 用户不能访问
+   * fullyAuthenticated | 用户完全认证可以访问（非remember-me下自动登录）
+   * hasAnyAuthority | 如果有参数，参数表示权限，则其中任何一个权限可以访问
+   * hasAnyRole | 如果有参数，参数表示角色，则其中任何一个角色可以访问
+   * hasAuthority | 如果有参数，参数表示权限，则其权限可以访问
+   * hasIpAddress | 如果有参数，参数表示IP地址，如果用户IP和参数匹配，则可以访问
+   * hasRole | 如果有参数，参数表示角色，则其角色可以访问
+   * permitAll | 用户可以任意访问
+   * rememberMe | 允许通过remember-me登录的用户访问
+   * authenticated | 用户登录后可访问
+   */
+  @Override
+  protected void configure(HttpSecurity httpSecurity) throws Exception {
+    httpSecurity
+        // CSRF禁用，因为不使用session
+        .csrf().disable()
+        // 认证失败处理类
+        .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
+        // 基于token，所以不需要session
+        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
+        // 过滤请求
+        .authorizeRequests()
+        // 对于登录login 验证码captchaImage 允许匿名访问
+        .antMatchers("/login", "/captchaImage").permitAll()
+        .antMatchers(
+            HttpMethod.GET,
+            "/*.html",
+            "/**/*.html",
+            "/**/*.css",
+            "/**/*.js")
+        .permitAll()
+        .antMatchers("/profile/**").anonymous()
+        .antMatchers("/common/download**").anonymous()
+        .antMatchers("/common/download/resource**").anonymous()
+        .antMatchers("/swagger-ui.html").anonymous()
+        .antMatchers("/swagger-resources/**").anonymous()
+        .antMatchers("/webjars/**").anonymous()
+        .antMatchers("/*/api-docs").anonymous()
+        .antMatchers("/druid/**").anonymous()
+        .antMatchers("/wx/**").anonymous()
+        // 除上面外的所有请求全部需要鉴权认证
+        .anyRequest().authenticated()
+        // .anyRequest().permitAll()
+        .and()
+        .headers().frameOptions().disable();
+    httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
+    // 添加JWT filter
+    httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
+    // 添加CORS filter
+    httpSecurity.addFilterBefore(corsFilter, JwtAuthenticationTokenFilter.class);
+    httpSecurity.addFilterBefore(corsFilter, LogoutFilter.class);
+  }
+
+  /**
+   * 强散列哈希加密实现
+   */
+  @Bean
+  public BCryptPasswordEncoder bCryptPasswordEncoder() {
+    return new BCryptPasswordEncoder();
+  }
+
+  /**
+   * 身份认证接口
+   */
+  @Override
+  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+    auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
+  }
 }

java代码/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java

@@ -29,79 +29,76 @@ import com.ruoyi.system.service.ISysUserService;
  * @author ruoyi
  */
 @Component
-public class SysLoginService
-{
-    @Autowired
-    private TokenService tokenService;
+public class SysLoginService {
+  @Autowired
+  private TokenService tokenService;
 
-    @Resource
-    private AuthenticationManager authenticationManager;
+  @Resource
+  private AuthenticationManager authenticationManager;
 
-    @Autowired
-    private RedisCache redisCache;
-    
-    @Autowired
-    private ISysUserService userService;
+  @Autowired
+  private RedisCache redisCache;
 
-    /**
-     * 登录验证
-     * 
-     * @param username 用户名
-     * @param password 密码
-     * @param code 验证码
-     * @param uuid 唯一标识
-     * @return 结果
-     */
-    public String login(String username, String password, String code, String uuid)
-    {
-        String verifyKey = Constants.CAPTCHA_CODE_KEY + uuid;
-        String captcha = redisCache.getCacheObject(verifyKey);
-        redisCache.deleteObject(verifyKey);
-        if (captcha == null)
-        {
-            AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.expire")));
-            throw new CaptchaExpireException();
-        }
-        if (!code.equalsIgnoreCase(captcha))
-        {
-            AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.error")));
-            throw new CaptchaException();
-        }
-        // 用户验证
-        Authentication authentication = null;
-        try
-        {
-            // 该方法会去调用UserDetailsServiceImpl.loadUserByUsername
-            authentication = authenticationManager
-                    .authenticate(new UsernamePasswordAuthenticationToken(username, password));
-        }
-        catch (Exception e)
-        {
-            if (e instanceof BadCredentialsException)
-            {
-                AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));
-                throw new UserPasswordNotMatchException();
-            }
-            else
-            {
-                AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage()));
-                throw new CustomException(e.getMessage());
-            }
-        }
-        AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
-        LoginUser loginUser = (LoginUser) authentication.getPrincipal();
-        recordLoginInfo(loginUser.getUser());
-        // 生成token
-        return tokenService.createToken(loginUser);
+  @Autowired
+  private ISysUserService userService;
+
+  /**
+   * 登录验证
+   * 
+   * @param username 用户名
+   * @param password 密码
+   * @param code     验证码
+   * @param uuid     唯一标识
+   * @return 结果
+   */
+  public String login(String username, String password, String code, String uuid) {
+    String verifyKey = Constants.CAPTCHA_CODE_KEY + uuid;
+    String captcha = redisCache.getCacheObject(verifyKey);
+    redisCache.deleteObject(verifyKey);
+    // 微信不验证
+    if (!username.equals("wxyk")) {
+      if (captcha == null) {
+        AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL,
+            MessageUtils.message("user.jcaptcha.expire")));
+        throw new CaptchaExpireException();
+      }
+      if (!code.equalsIgnoreCase(captcha)) {
+        AsyncManager.me().execute(
+            AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.error")));
+        throw new CaptchaException();
+      }
     }
 
-    /**
-     * 记录登录信息
-     */
-    public void recordLoginInfo(SysUser user)
-    {
-        user.setLoginIp(IpUtils.getIpAddr(ServletUtils.getRequest()));
-        user.setLoginDate(DateUtils.getNowDate());
-        userService.updateUserProfile(user);
+    // 用户验证
+    Authentication authentication = null;
+    try {
+      // 该方法会去调用UserDetailsServiceImpl.loadUserByUsername
+      authentication = authenticationManager
+          .authenticate(new UsernamePasswordAuthenticationToken(username, password));
+    } catch (Exception e) {
+      if (e instanceof BadCredentialsException) {
+        AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL,
+            MessageUtils.message("user.password.not.match")));
+        throw new UserPasswordNotMatchException();
+      } else {
+        AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage()));
+        throw new CustomException(e.getMessage());
+      }
     }
+    AsyncManager.me().execute(
+        AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
+    LoginUser loginUser = (LoginUser) authentication.getPrincipal();
+    recordLoginInfo(loginUser.getUser());
+    // 生成token
+    return tokenService.createToken(loginUser);
+  }
+
+  /**
+   * 记录登录信息
+   */
+  public void recordLoginInfo(SysUser user) {
+    user.setLoginIp(IpUtils.getIpAddr(ServletUtils.getRequest()));
+    user.setLoginDate(DateUtils.getNowDate());
+    userService.updateUserProfile(user);
+  }
 }