// 判断JWT中携带的用户角色是否有权限访问
Mono<AuthorizationDecision> authorizationDecisionMono = mono
.filter(Authentication::isAuthenticated)
.flatMapIterable(Authentication::getAuthorities)
.map(GrantedAuthority::getAuthority)
.any(**authority **-> {
String roleCode = authority.substring(AuthConstant.AUTHORITY_PREFIX.length()); // 用户的角色
if (AuthConstant.ROOT_ROLE_CODE.equals(roleCode)) {
return true; // 如果是超级管理员则放行
}
boolean hasAuthorized = CollectionUtil.isNotEmpty(authorizedRoles) && authorizedRoles.contains(roleCode);
return hasAuthorized;
})
.map(AuthorizationDecision::new)
.defaultIfEmpty(new AuthorizationDecision(false));
代码如上authority 是个角色,是从哪里获取的呢?从token 里面获取吗?