Supwisdom Source - institute/sw-backend.git/blob

   1 package com.supwisdom.institute.backend.admin.bff.security.web.access.intercept;
   2
   3 import java.util.ArrayList;
   4 import java.util.Collection;
   5 import java.util.Iterator;
   6 import java.util.LinkedHashMap;
   7 import java.util.Map;
   8
   9 import javax.servlet.http.HttpServletRequest;
  10
  11 import org.springframework.security.access.ConfigAttribute;
  12 import org.springframework.security.access.SecurityConfig;
  13 import org.springframework.security.web.FilterInvocation;
  14 import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
  15 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
  16 import org.springframework.security.web.util.matcher.RequestMatcher;
  17
  18 public class InMemeryFilterInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
  19
  20   private Map<RequestMatcher, Collection<ConfigAttribute>> requestMap = null;
  21
  22   private void loadRequestMap() {
  23     if (requestMap == null) {
  24       requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
  25
  26       AntPathRequestMatcher requestMatcher0 = new AntPathRequestMatcher("/api/**");
  27       Collection<ConfigAttribute> attributes0 = new ArrayList<ConfigAttribute>();  // FIXME: 返回当前请求的url 对应的 角色代码
  28       attributes0.add(new SecurityConfig("user"));
  29       requestMap.put(requestMatcher0, attributes0);
  30
  31
  32       AntPathRequestMatcher requestMatcher = new AntPathRequestMatcher("/web/**");
  33       Collection<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>();  // FIXME: 返回当前请求的url 对应的 角色代码
  34       attributes.add(new SecurityConfig("user"));
  35       requestMap.put(requestMatcher, attributes);
  36     }
  37   }
  38
  39   /**
  40    * 获取当前请求关联的所有角色code {@link SecurityConfig}
  41    * 用于和用户拥有的角色code 进行比对
  42    */
  43   @Override
  44   public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
  45
  46     if (requestMap == null) {
  47       loadRequestMap();
  48     }
  49
  50     HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
  51
  52     RequestMatcher requestMatcher;
  53     for(Iterator<RequestMatcher> iter = requestMap.keySet().iterator(); iter.hasNext(); ) {
  54       requestMatcher = iter.next();
  55
  56       if(requestMatcher.matches(request)) {
  57         return requestMap.get(requestMatcher);
  58       }
  59     }
  60
  61     return null;
  62   }
  63
  64   @Override
  65   public Collection<ConfigAttribute> getAllConfigAttributes() {
  66
  67     return null;
  68   }
  69
  70   @Override
  71   public boolean supports(Class<?> clazz) {
  72
  73     return true;
  74   }
  75
  76 }