From 2210e42e4892a62f5e457636a1f2e6a0c210d15c Mon Sep 17 00:00:00 2001
From: bruce lee <ltz121320@163.com>
Date: Mon, 29 May 2023 16:34:00 +0800
Subject: [PATCH] [ISSUE #157] ordinary user has no permission to access after
 setting server.servlet.context-path attribute in application.yml

---
 .../rocketmq/dashboard/permisssion/PermissionAspect.java   | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/main/java/org/apache/rocketmq/dashboard/permisssion/PermissionAspect.java b/src/main/java/org/apache/rocketmq/dashboard/permisssion/PermissionAspect.java
index fcbfea2..d33876c 100644
--- a/src/main/java/org/apache/rocketmq/dashboard/permisssion/PermissionAspect.java
+++ b/src/main/java/org/apache/rocketmq/dashboard/permisssion/PermissionAspect.java
@@ -18,6 +18,8 @@ package org.apache.rocketmq.dashboard.permisssion;
 
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.lang3.StringUtils;
 import org.apache.rocketmq.dashboard.config.RMQConfigure;
 import org.apache.rocketmq.dashboard.exception.ServiceException;
 import org.apache.rocketmq.dashboard.model.UserInfo;
@@ -27,6 +29,7 @@ import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.Around;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Pointcut;
+import org.springframework.boot.autoconfigure.web.ServerProperties;
 import org.springframework.stereotype.Component;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
@@ -38,6 +41,9 @@ public class PermissionAspect {
     @Resource
     private RMQConfigure configure;
 
+    @Resource
+    private ServerProperties serverProperties;
+
     @Resource
     private PermissionService permissionService;
 
@@ -55,6 +61,7 @@ public class PermissionAspect {
         if (configure.isLoginRequired()) {
             HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
             String url = request.getRequestURI();
+            url = StringUtils.removeStart(url, serverProperties.getServlet().getContextPath());
             UserInfo userInfo = (UserInfo) request.getSession().getAttribute(WebUtil.USER_INFO);
             if (userInfo == null || userInfo.getUser() == null) {
                 throw new ServiceException(-1, "user not login");