fix: 修复jenkins执行接口场景不能正常查看结果的问题

framework/sdk-parent/sdk/pom.xml

@@ -162,10 +162,31 @@
             <version>${quartz-starter.version}</version>
         </dependency>
         <!-- shiro   -->
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-spring-boot-web-starter</artifactId>
+            <version>${shiro.version}</version>
+            <classifier>jakarta</classifier>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.apache.shiro</groupId>
+                    <artifactId>shiro-spring-boot-starter</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.shiro</groupId>
+                    <artifactId>shiro-web</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.shiro</groupId>
+                    <artifactId>shiro-spring</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
         <dependency>
             <groupId>org.apache.shiro</groupId>
             <artifactId>shiro-spring-boot-starter</artifactId>
             <version>${shiro.version}</version>
+            <classifier>jakarta</classifier>
             <exclusions>
                 <exclusion>
                     <groupId>org.apache.shiro</groupId>
@@ -182,6 +203,18 @@
             <artifactId>shiro-web</artifactId>
             <version>${shiro.version}</version>
             <classifier>jakarta</classifier>
+            <exclusions>
+                <exclusion>
+                    <artifactId>shiro-core</artifactId>
+                    <groupId>org.apache.shiro</groupId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-core</artifactId>
+            <version>${shiro.version}</version>
+            <classifier>jakarta</classifier>
         </dependency>
         <dependency>
             <groupId>org.apache.shiro</groupId>
@@ -193,6 +226,10 @@
                     <artifactId>shiro-web</artifactId>
                     <groupId>org.apache.shiro</groupId>
                 </exclusion>
+                <exclusion>
+                    <artifactId>shiro-core</artifactId>
+                    <groupId>org.apache.shiro</groupId>
+                </exclusion>
             </exclusions>
         </dependency>
 

framework/sdk-parent/sdk/src/main/java/io/metersphere/autoconfigure/ShiroConfig.java

@@ -51,14 +51,6 @@ public class ShiroConfig {
         return shiroFilterFactoryBean;
     }
 
-    @Bean(name = "shiroFilter")
-    public FilterRegistrationBean<Filter> shiroFilter(ShiroFilterFactoryBean shiroFilterFactoryBean) throws Exception {
-        FilterRegistrationBean<Filter> registration = new FilterRegistrationBean<>();
-        registration.setFilter((Filter) Objects.requireNonNull(shiroFilterFactoryBean.getObject()));
-        registration.setDispatcherTypes(EnumSet.allOf(DispatcherType.class));
-        return registration;
-    }
-
     @Bean
     public MemoryConstrainedCacheManager memoryConstrainedCacheManager() {
         return new MemoryConstrainedCacheManager();

framework/sdk-parent/sdk/src/main/java/io/metersphere/base/mapper/ext/ExtCheckOwnerMapper.java

@@ -5,5 +5,5 @@ import org.apache.ibatis.annotations.Param;
 import java.util.List;
 
 public interface ExtCheckOwnerMapper {
-    boolean checkoutOwner(@Param("table") String resourceType, @Param("projectId") String projectId, @Param("ids") List ids);
+    boolean checkoutOwner(@Param("table") String resourceType, @Param("userId") String userId, @Param("ids") List ids);
 }

framework/sdk-parent/sdk/src/main/java/io/metersphere/base/mapper/ext/ExtCheckOwnerMapper.xml

@@ -2,12 +2,15 @@
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
 <mapper namespace="io.metersphere.base.mapper.ext.ExtCheckOwnerMapper">
     <select id="checkoutOwner" resultType="boolean">
-        SELECT count(id) = ${ids.size()}
-        FROM ${table}
-        WHERE project_id = #{projectId}
-        and id in
+        SELECT count(1) > 0
+        FROM user_group
+        WHERE source_id IN (SELECT project_id
+        FROM ${table} JOIN project ON ${table}.project_id = project.id
+        WHERE ${table}.id IN
         <foreach collection="ids" item="id" separator="," open="(" close=")">
             #{id}
-        </foreach>
+        </foreach>)
+        AND user_id = #{userId}
+
     </select>
-</mapper>
+</mapper>

framework/sdk-parent/sdk/src/main/java/io/metersphere/controller/handler/RestControllerExceptionHandler.java

@@ -3,9 +3,9 @@ package io.metersphere.controller.handler;
 
 import io.metersphere.commons.exception.MSException;
 import io.metersphere.commons.utils.LogUtil;
-import org.apache.shiro.ShiroException;
 import org.apache.shiro.authz.UnauthorizedException;
 
+import org.apache.shiro.lang.ShiroException;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;

framework/sdk-parent/sdk/src/main/java/io/metersphere/security/CheckOwnerAspect.java

@@ -7,8 +7,13 @@ import io.metersphere.commons.exception.MSException;
 import io.metersphere.commons.utils.SessionUtils;
 import io.metersphere.i18n.Translator;
 import jakarta.annotation.Resource;
+import jakarta.servlet.http.HttpServletRequest;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.web.util.WebUtils;
 import org.aspectj.lang.JoinPoint;
+import org.aspectj.lang.annotation.After;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Before;
 import org.aspectj.lang.annotation.Pointcut;
@@ -20,9 +25,10 @@ import org.springframework.expression.ExpressionParser;
 import org.springframework.expression.spel.standard.SpelExpressionParser;
 import org.springframework.expression.spel.support.StandardEvaluationContext;
 import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.RequestAttributes;
+import org.springframework.web.context.request.RequestContextHolder;
 
 import java.lang.reflect.Method;
-import java.util.Arrays;
 import java.util.List;
 
 
@@ -43,6 +49,16 @@ public class CheckOwnerAspect {
     @Before("pointcut()")
     public void before(JoinPoint joinPoint) {
 
+        // apikey 过来的请求
+        RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
+        if (requestAttributes != null) {
+            HttpServletRequest request = (HttpServletRequest) requestAttributes.resolveReference(RequestAttributes.REFERENCE_REQUEST);
+            if (ApiKeyHandler.isApiKeyCall(request) && !SecurityUtils.getSubject().isAuthenticated()) {
+                String userId = ApiKeyHandler.getUser(WebUtils.toHttp(request));
+                SecurityUtils.getSubject().login(new UsernamePasswordToken(userId, SSOSessionHandler.random));
+            }
+        }
+
         //从切面织入点处通过反射机制获取织入点处的方法
         MethodSignature signature = (MethodSignature) joinPoint.getSignature();
         //获取切入点所在的方法
@@ -59,6 +75,7 @@ public class CheckOwnerAspect {
             return;
         }
 
+
         // 操作内容
         //获取方法参数名
         String[] params = discoverer.getParameterNames(method);
@@ -73,14 +90,27 @@ public class CheckOwnerAspect {
         Expression titleExp = parser.parseExpression(resourceId);
         Object v = titleExp.getValue(context, Object.class);
         if (v instanceof String id) {
-            if (!extCheckOwnerMapper.checkoutOwner(resourceType, SessionUtils.getCurrentProjectId(), List.of(id))) {
+            if (!extCheckOwnerMapper.checkoutOwner(resourceType, SessionUtils.getUserId(), List.of(id))) {
                 MSException.throwException(Translator.get("check_owner_case"));
             }
         }
         if (v instanceof List ids) {
-            if (!extCheckOwnerMapper.checkoutOwner(resourceType, SessionUtils.getCurrentProjectId(), ids)) {
+            if (!extCheckOwnerMapper.checkoutOwner(resourceType, SessionUtils.getUserId(), ids)) {
                 MSException.throwException(Translator.get("check_owner_case"));
             }
         }
     }
+
+    @After("pointcut()")
+    public void after() {
+        // apikey 过来的请求
+        RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
+        if (requestAttributes != null) {
+            HttpServletRequest request = (HttpServletRequest) requestAttributes.resolveReference(RequestAttributes.REFERENCE_REQUEST);
+            // apikey 退出
+            if (ApiKeyHandler.isApiKeyCall(WebUtils.toHttp(request)) && SecurityUtils.getSubject().isAuthenticated()) {
+                SecurityUtils.getSubject().logout();
+            }
+        }
+    }
 }

pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.2.4</version>
+        <version>3.2.6</version>
         <relativePath/>
     </parent>
 
@@ -23,7 +23,7 @@
         <spring-cloud.version>2023.0.0</spring-cloud.version>
         <dubbo.version>2.7.22</dubbo.version>
         <platform-plugin-sdk.version>1.6.0</platform-plugin-sdk.version>
-        <shiro.version>1.13.0</shiro.version>
+        <shiro.version>2.0.1</shiro.version>
         <java-websocket.version>1.5.3</java-websocket.version>
         <easyexcel.version>3.1.1</easyexcel.version>
         <dom4j.version>2.1.4</dom4j.version>