if( StringUtils.isEmpty(targetUrl) ){
this.safeMessage = "授权资源为空!";
return SUCCESS;
}
Permission per = permissionManager.getByUrlWithRegexp(targetUrl);
if( per == null ){
this.safeMessage = "授权资源为非保护,可直接访问!";
this.passed = true;
return SUCCESS;
}
account = getManager().get(username);
if( account == null || !account.getPassword().equals(password) ){
this.safeMessage = "错误的用户或密码!";
return SUCCESS;
}
if(!account.isEffective() || !account.isExpired() ){
this.safeMessage = "用户被禁用或已过期!";
return SUCCESS;
}
//是否有权限
if( account.hasPermission(per.getToken()) ){
this.passed = true;
try{
AuthorizedTicket ticket = authorizedTicketManager.authTicket(
targetUrl,username,per.getToken(),AuthorizedTicket.Scope.ONCE
,request.getSession().getId(),getLoginUser() );
this.ticket = ticket.getId();
}catch( Exception e ){
this.safeMessage = "授权异常:" + e.getMessage();
}