1.

王通
1 parent ccb15e34
Showing 2 changed files with 102 additions and 74 deletions
src/main/java/com/bsth/entity/PasswordUser.java
src/main/java/com/bsth/server_rs/AuthorizeInterceptor_IN.java
-package com.bsth.entity;
-
-import javax.persistence.*;
-import java.util.Date;
-
-/**
- * 接口 密码 访问用户
- * Created by panzhao on 2017/3/26.
- */
-@Entity
-@Table(name = "interface_user")
-public class PasswordUser {
-
-    @Id
-    @GeneratedValue
-    private Integer id;
-
-    /** 访问密码 */
-    private String pwd;
-
-    /** 调用方名称 */
-    private String callName;
-
-    /** 创建日期 */
-    @Column(updatable = false, name = "create_date", columnDefinition = "TIMESTAMP DEFAULT CURRENT_TIMESTAMP")
-    private Date createDate;
-
-    /** 备注 */
-    private String remark;
-
-    public Integer getId() {
-        return id;
-    }
-
-    public void setId(Integer id) {
-        this.id = id;
-    }
-
-    public String getPwd() {
-        return pwd;
-    }
-
-    public void setPwd(String pwd) {
-        this.pwd = pwd;
-    }
-
-    public String getCallName() {
-        return callName;
-    }
-
-    public void setCallName(String callName) {
-        this.callName = callName;
-    }
-
-    public String getRemark() {
-        return remark;
-    }
-
-    public void setRemark(String remark) {
-        this.remark = remark;
-    }
-
-    public Date getCreateDate() {
-        return createDate;
-    }
-
-    public void setCreateDate(Date createDate) {
-        this.createDate = createDate;
-    }
-}
+package com.bsth.entity;
+
+import javax.persistence.*;
+import java.util.Date;
+import java.util.List;
+
+/**
+ * 接口 密码 访问用户
+ * Created by panzhao on 2017/3/26.
+ */
+@Entity
+@Table(name = "interface_user")
+public class PasswordUser {
+
+    @Id
+    @GeneratedValue
+    private Integer id;
+
+    /** 访问密码 */
+    private String pwd;
+
+    /** 调用方名称 */
+    private String callName;
+
+    /** 创建日期 */
+    @Column(updatable = false, name = "create_date", columnDefinition = "TIMESTAMP DEFAULT CURRENT_TIMESTAMP")
+    private Date createDate;
+
+    /** 备注 */
+    private String remark;
+
+    @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
+    @JoinTable(name = "interface_users_resources",
+            joinColumns = @JoinColumn(name = "user_id"),
+            inverseJoinColumns = @JoinColumn(name = "resource_id"))
+    private List<Resource> resources;
+
+    public Integer getId() {
+        return id;
+    }
+
+    public void setId(Integer id) {
+        this.id = id;
+    }
+
+    public String getPwd() {
+        return pwd;
+    }
+
+    public void setPwd(String pwd) {
+        this.pwd = pwd;
+    }
+
+    public String getCallName() {
+        return callName;
+    }
+
+    public void setCallName(String callName) {
+        this.callName = callName;
+    }
+
+    public String getRemark() {
+        return remark;
+    }
+
+    public void setRemark(String remark) {
+        this.remark = remark;
+    }
+
+    public Date getCreateDate() {
+        return createDate;
+    }
+
+    public void setCreateDate(Date createDate) {
+        this.createDate = createDate;
+    }
+
+    public List<Resource> getResources() {
+        return resources;
+    }
+
+    public void setResources(List<Resource> resources) {
+        this.resources = resources;
+    }
+}
 package com.bsth.server_rs;
 import com.bsth.common.SystemParamKeys;
+import com.bsth.entity.PasswordUser;
+import com.bsth.entity.Resource;
 import com.bsth.server_rs.exception.AesException;
 import com.bsth.service.SystemParamService;
 import com.bsth.service.UserService;
@@ -18,6 +20,8 @@ import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
 import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.util.PathMatcher;
 import java.security.MessageDigest;
 import java.util.Arrays;
@@ -45,6 +49,8 @@ public class AuthorizeInterceptor_IN extends AbstractPhaseInterceptor&lt;Message&gt; i
     static Logger logger = LoggerFactory.getLogger(AuthorizeInterceptor_IN.class);
+    private static PathMatcher matcher = new AntPathMatcher();
+
     public AuthorizeInterceptor_IN() {
         super(Phase.RECEIVE);
     }
@@ -121,10 +127,17 @@ public class AuthorizeInterceptor_IN extends AbstractPhaseInterceptor&lt;Message&gt; i
     }
     private static void validate(Map<String, String> map, Message message) {
-        String limitPasswords = systemParamService.getValue(SystemParamKeys.LIMIT_PASSWORDS);
-        String limitUris = systemParamService.getValue(SystemParamKeys.LIMIT_URIS);
-        if (limitPasswords != null && limitPasswords.indexOf(String.format("%s,", map.get(PASSWORD))) > -1) {
-            if (limitUris != null && limitUris.indexOf(String.format("%s,", message.get(Message.REQUEST_URI))) == -1) {
+        PasswordUser user = userService.get(map.get(PASSWORD));
+        if (user.getResources().size() > 0) {
+            boolean isMatch = false;
+            String uri = (String) message.get(Message.REQUEST_URI);
+            for (Resource resource : user.getResources()) {
+                if (matcher.match(resource.getUrl(), uri)) {
+                    isMatch = true;
+                    break;
+                }
+            }
+            if (!isMatch) {
                 throw new AesException(AesException.INVALID_URI);
             }
         }