package com.gtp.security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import com.gtp.dao.AuthoryDao;
import com.gtp.domain.Authority;
public class MySecurityMetadaSource implements
FilterInvocationSecurityMetadataSource {
AuthoryDao authoryDao;
@Override
public Collection<ConfigAttribute> getAllConfigAttributes() {
List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>();
attributes.add(new SecurityConfig("authoriy"));
return null;
}
@Override
public List<ConfigAttribute> getAttributes(Object object) {
FilterInvocation fi = (FilterInvocation) object;
String url = fi.getRequestUrl();
List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>();
Authority authory = null;
if (url.contains(".xhmtl") || url.contains(".jsf"))
authory = authoryDao.findByUrl(url);
if (authory != null)
attributes.add(new SecurityConfig(authory.getName()));
else {
attributes.add(new SecurityConfig("authory_anonymous"));
}
return attributes;
}
@Override
public boolean supports(Class<?> clazz) {
return true;
}
public AuthoryDao getAuthoryDao() {
return authoryDao;
}
public void setAuthoryDao(AuthoryDao authoryDao) {
this.authoryDao = authoryDao;
}
}