From 0a00bd8a7c3c1bb5080985cfdaa828c36ec06014 Mon Sep 17 00:00:00 2001
From: zhangdaiscott <zhangdaiscott@163.com>
Date: Thu, 9 Mar 2023 12:06:30 +0800
Subject: [PATCH] =?UTF-8?q?=E8=A7=A3=E5=86=B3bug=EF=BC=8C=E7=A7=9F?=
 =?UTF-8?q?=E6=88=B7=E6=98=AF=E5=90=A6=E6=9C=89=E6=95=88=E5=88=A4=E6=96=AD?=
 =?UTF-8?q?=E6=9C=89=E8=AF=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../org/jeecg/config/shiro/ShiroRealm.java    | 27 ++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroRealm.java b/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroRealm.java
index 8489b506..ee937fb6 100644
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroRealm.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroRealm.java
@@ -11,6 +11,7 @@ import org.apache.shiro.realm.AuthorizingRealm;
 import org.apache.shiro.subject.PrincipalCollection;
 import org.jeecg.common.api.CommonAPI;
 import org.jeecg.common.config.TenantContext;
+import org.jeecg.common.constant.CacheConstant;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.system.util.JwtUtil;
 import org.jeecg.common.system.vo.LoginUser;
@@ -148,9 +149,29 @@ public class ShiroRealm extends AuthorizingRealm {
                 //update-begin-author:taoyan date:20211227 for: /issues/I4O14W 用户租户信息变更判断漏洞
                 String[] arr = userTenantIds.split(",");
                 if(!oConvertUtils.isIn(contextTenantId, arr)){
-                    log.info("租户异常——登录租户：" + contextTenantId);
-                    log.info("租户异常——用户拥有租户组：" + userTenantIds);
-                    throw new AuthenticationException("登录租户授权变更，请重新登陆!");
+                    boolean isAuthorization = false;
+                    //========================================================================
+                    // 查询用户信息（如果租户不匹配从数据库中重新查询一次用户信息）
+                    LoginUser loginUserFromDb = commonApi.getUserByName(username);
+                    if (oConvertUtils.isNotEmpty(loginUserFromDb.getRelTenantIds())) {
+                        String[] newArray = loginUserFromDb.getRelTenantIds().split(",");
+                        if (oConvertUtils.isIn(contextTenantId, newArray)) { 
+                            isAuthorization = true;
+
+                            //清空redis缓存
+                            String loginUserKey = CacheConstant.SYS_USERS_CACHE + "::" + username;
+                            redisUtil.del(loginUserKey);
+                        }
+                    }
+                    //========================================================================
+
+                    //*********************************************
+                    if(!isAuthorization){
+                        log.info("租户异常——登录租户：" + contextTenantId);
+                        log.info("租户异常——用户拥有租户组：" + userTenantIds);
+                        throw new AuthenticationException("登录租户授权变更，请重新登陆!");
+                    }
+                    //*********************************************
                 }
                 //update-end-author:taoyan date:20211227 for: /issues/I4O14W 用户租户信息变更判断漏洞
             }