Package com.lanyuan.security

Source Code of com.lanyuan.security.MySecurityMetadataSource

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
package com.lanyuan.security;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import javax.annotation.PostConstruct;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.stereotype.Service;

import com.lanyuan.dao.ResourcesDao;
import com.lanyuan.entity.Resources;

/**
* 加载资源与权限的对应关系
* @author lanyuan
* 2013-11-19
* @Email: mmm333zzz520@163.com
* @version 1.0v
* */
@Service
public class MySecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
  @Autowired
  private ResourcesDao resourcesDao;
  private static Map<String, Collection<ConfigAttribute>> resourceMap = null;

  public Collection<ConfigAttribute> getAllConfigAttributes() {
    return null;
  }

  public boolean supports(Class<?> clazz) {
    return true;
  }
  /**
   * @PostConstruct是Java EE 5引入的注解,
   * Spring允许开发者在受管Bean中使用它。当DI容器实例化当前受管Bean时,
   * @PostConstruct注解的方法会被自动触发,从而完成一些初始化工作,
   *
   * //加载所有资源与权限的关系
   */
  @PostConstruct
  private void loadResourceDefine() {
//    System.err.println("-----------MySecurityMetadataSource loadResourceDefine ----------- ");
    if (resourceMap == null) {
      resourceMap = new HashMap<String, Collection<ConfigAttribute>>();
      List<Resources> resources = this.resourcesDao.findAll();
      for (Resources resource : resources) {
        Collection<ConfigAttribute> configAttributes = new ArrayList<ConfigAttribute>();
        // TODO:ZZQ 通过资源名称来表示具体的权限 注意:必须"ROLE_"开头
        // 关联代码:applicationContext-security.xml
        // 关联代码:com.huaxin.security.MyUserDetailServiceImpl#obtionGrantedAuthorities
        ConfigAttribute configAttribute = new SecurityConfig("ROLE_" + resource.getResKey());
        configAttributes.add(configAttribute);
        resourceMap.put(resource.getResUrl(), configAttributes);
      }
    }
  }
  //返回所请求资源所需要的权限
  public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
//    System.err.println("-----------MySecurityMetadataSource getAttributes ----------- ");
    String requestUrl = ((FilterInvocation) object).getRequestUrl();
  //  System.out.println("requestUrl is " + requestUrl);
    if(resourceMap == null) {
      loadResourceDefine();
    }
    //System.err.println("resourceMap.get(requestUrl); "+resourceMap.get(requestUrl));
    if(requestUrl.indexOf("?")>-1){
      requestUrl=requestUrl.substring(0,requestUrl.indexOf("?"));
    }
    Collection<ConfigAttribute> configAttributes = resourceMap.get(requestUrl);
//    if(configAttributes == null){
//      Collection<ConfigAttribute> returnCollection = new ArrayList<ConfigAttribute>();
//       returnCollection.add(new SecurityConfig("ROLE_NO_USER"));
//      return returnCollection;
//    }
    return configAttributes;
  }


}
TOP

Related Classes of com.lanyuan.security.MySecurityMetadataSource

  • org.springframework.security.access.ConfigAttribute
  • org.springframework.security.access.SecurityConfig
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.