SecurityMetadataSourceService.java
2.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
package com.bsth.security;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;
import com.bsth.entity.sys.Resource;
import com.bsth.entity.sys.Role;
import com.bsth.service.sys.ResourceService;
import com.bsth.service.sys.RoleService;
import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.Multimap;
@Component
public class SecurityMetadataSourceService implements
FilterInvocationSecurityMetadataSource {
@Autowired
RoleService roleService;
@Autowired
ResourceService resourceService;
private PathMatcher matcher = new AntPathMatcher();
private Multimap<String, ConfigAttribute> multimap;
public void loadResourceDefine() throws Exception {
multimap = ArrayListMultimap.create();
//获取所有资源
List<Resource> resList = (List<Resource>) resourceService.findAll();
Set<Role> roles;
String url;
for(Resource res : resList){
url = res.getMethod() + "#" + replacePlaceholders(res.getUrl());
roles = res.getRoles();
if(null == roles || roles.size() == 0)
multimap.put(url, null);
else{
for(Role role : roles)
multimap.put(url , new SecurityConfig(role.getCodeName()));
}
}
System.out.println(multimap);
}
public Collection<ConfigAttribute> getAttributes(Object object)
throws IllegalArgumentException {
FilterInvocation invocation = ((FilterInvocation) object);
String method = invocation.getRequest().getMethod();
String url = method.toLowerCase() + "#" + invocation.getRequestUrl();
int symIndex = url.indexOf("?");
if(symIndex != -1){
url = url.substring(0, symIndex);
}
Iterator<String> iter = multimap.keySet().iterator();
while(iter.hasNext()){
String temp = iter.next();
if(matcher.match(temp, url)){
return multimap.get(url);
}
}
return null;
}
/**
*
* @Title: replacePlaceholders
* @Description: TODO(把/{xx}占位符替换成*)
* @param @param url
* @throws
*/
public String replacePlaceholders(String url){
int s = url.indexOf("/{");
int e = url.indexOf("}");
if(s != -1 && e != -1){
String newUrl = url.substring(0, s) + "/*" + url.substring(e + 1, url.length());
return replacePlaceholders(newUrl);
}
else
return url;
}
public boolean supports(Class<?> clazz) {
return true;
}
public Collection<ConfigAttribute> getAllConfigAttributes() {
return null;
}
}