package security.internal;
|
|
import java.util.Iterator;
|
import java.util.List;
|
import java.util.Map;
|
|
import org.slf4j.Logger;
|
import org.slf4j.LoggerFactory;
|
import org.springframework.security.AccessDecisionManager;
|
|
import kernel.util.StringUtils;
|
import security.Constants;
|
import security.util.AuthenticationUtil;
|
|
public class SecurityResourceProcessorImpl implements SecurityResourceProcessor {
|
|
private static final Logger logger=LoggerFactory.getLogger(SecurityResourceProcessorImpl.class);
|
|
private SecurityAuthoritiesHolder securityAuthoritiesHolder;
|
|
private AccessDecisionManager accessDecisionManager;
|
|
public boolean isResourceAccessible(String resource, List<String> roles) {
|
return isResourceAccessible(resource, Constants.RESTYPE_OPERATION, roles);
|
}
|
|
public boolean isResourceAccessible(String resource, String type, List<String> roles) {
|
if (StringUtils.isNullOrEmpty(resource)) {
|
return true;
|
}
|
logger.debug("resource[" + resource + "]");
|
// URL资源串,逗号相隔的角色串
|
Map<String, String> operationAuthorities = securityAuthoritiesHolder.loadAuthorities(type);
|
// 角色串
|
String authorities = null;
|
for (Iterator<Map.Entry<String, String>> iter = operationAuthorities.entrySet().iterator(); iter.hasNext();) {
|
Map.Entry<String, String> entry = iter.next();
|
String operation = entry.getKey();
|
if (resource.equals(operation)) {
|
authorities = entry.getValue();
|
break;
|
}
|
|
}
|
|
return isRoleExist(authorities, roles);
|
|
//
|
// ConfigAttributeDefinition attr = AuthenticationUtil.getCadByAuthorities(authorities);
|
// if (attr != null) {
|
// Authentication authenticated = SecurityAppUserHolder.getAuthentication();
|
// try {
|
// accessDecisionManager.decide(authenticated, null, attr);
|
// return true;
|
// } catch (AccessDeniedException accessDeniedException) {
|
// return false;
|
// }
|
// }
|
// return true;
|
|
}
|
|
|
|
@Override
|
public boolean isUrlAccessible(String servletPath, List<String> roles) {
|
if (StringUtils.isNullOrEmpty(servletPath)) {
|
return true;
|
}
|
|
Map<String, String> urlAuthorities = this.securityAuthoritiesHolder.loadAuthorities(Constants.RESTYPE_URL);
|
// 得到该URL允许的角色串
|
String authorities = AuthenticationUtil.resourceMatches(urlAuthorities, servletPath);
|
|
// 如果为空,该资源没有被定义
|
if (StringUtils.isNullOrEmpty(authorities) ) {
|
// 是否保护所有资源
|
if (AuthenticationUtil.IS_PROTECT_ALL_RESOURCE) {
|
return false;
|
}
|
else {
|
// 返回null,资源不被保护
|
|
return true;
|
}
|
}
|
|
return isRoleExist(authorities, roles);
|
}
|
|
@Override
|
public boolean isRolesAccessible(String verifyroles, List<String> roles) {
|
return isRoleExist(verifyroles, roles);
|
}
|
|
public boolean isRoleExist(String authorities, List<String> roles) {
|
if (StringUtils.isNullOrEmpty(authorities)) {
|
return false;
|
}
|
String[] arrty = authorities.split(",");
|
for (int i = 0; i < arrty.length; i++) {
|
for (int j = 0; j < roles.size(); j++) {
|
if (arrty[i].equals(roles.get(j))) {
|
return true;
|
}
|
}
|
|
}
|
return false;
|
}
|
|
|
|
public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) {
|
this.accessDecisionManager = accessDecisionManager;
|
}
|
|
public void setSecurityAuthoritiesHolder(SecurityAuthoritiesHolder securityAuthoritiesHolder) {
|
this.securityAuthoritiesHolder = securityAuthoritiesHolder;
|
}
|
|
|
}
|
