梳理基本的权限控制代码
diff --git a/samples/client/src/main/java/com/supwisdom/leaveschool/client/security/web/access/intercept/MyFilterInvocationSecurityMetadataSource.java b/samples/client/src/main/java/com/supwisdom/leaveschool/client/security/web/access/intercept/MyFilterInvocationSecurityMetadataSource.java
index 5b21eec..c06a5a8 100644
--- a/samples/client/src/main/java/com/supwisdom/leaveschool/client/security/web/access/intercept/MyFilterInvocationSecurityMetadataSource.java
+++ b/samples/client/src/main/java/com/supwisdom/leaveschool/client/security/web/access/intercept/MyFilterInvocationSecurityMetadataSource.java
@@ -2,15 +2,45 @@
import java.util.ArrayList;
import java.util.Collection;
+import java.util.Iterator;
+import java.util.LinkedHashMap;
+import java.util.Map;
import javax.servlet.http.HttpServletRequest;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+
+import com.supwisdom.leaveschool.client.service.SampleUser1SecurityUserRemoteService;
public class MyFilterInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
+
+ @Autowired
+ SampleUser1SecurityUserRemoteService sampleUser1SecurityUserRemoteService;
+
+ private Map<RequestMatcher, Collection<ConfigAttribute>> requestMap = null;
+ //private Map<String, Collection<ConfigAttribute>> permissionRoles;
+
+ private void loadRequestMap() {
+ if (requestMap == null) {
+ requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
+
+ //sampleUser1SecurityUserRemoteService.loadPermissionsByAppcode()
+
+
+ AntPathRequestMatcher requestMatcher = new AntPathRequestMatcher("/web/**");
+
+ Collection<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(); // FIXME: 返回当前请求的url 对应的 角色代码
+ attributes.add(new SecurityConfig("user"));
+
+ requestMap.put(requestMatcher, attributes);
+ }
+ }
/**
* 获取当前请求关联的所有角色code {@link SecurityConfig}
@@ -18,13 +48,28 @@
*/
@Override
public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
+
+ if (requestMap == null) {
+ loadRequestMap();
+ }
HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
+
+ RequestMatcher requestMatcher;
+ for(Iterator<RequestMatcher> iter = requestMap.keySet().iterator(); iter.hasNext(); ) {
+ requestMatcher = iter.next();
+
+ if(requestMatcher.matches(request)) {
+ return requestMap.get(requestMatcher);
+ }
+ }
+
+ return null;
- Collection<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(); // FIXME: 返回当前请求的url 对应的 角色代码
- attributes.add(new SecurityConfig("administrator"));
-
- return attributes;
+// Collection<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(); // FIXME: 返回当前请求的url 对应的 角色代码
+// attributes.add(new SecurityConfig("administrator"));
+//
+// return attributes;
}
@Override
diff --git a/samples/client/src/main/java/com/supwisdom/leaveschool/client/security/web/access/intercept/MyFilterSecurityInterceptor.java b/samples/client/src/main/java/com/supwisdom/leaveschool/client/security/web/access/intercept/MyFilterSecurityInterceptor.java
index ceca250..32e0232 100644
--- a/samples/client/src/main/java/com/supwisdom/leaveschool/client/security/web/access/intercept/MyFilterSecurityInterceptor.java
+++ b/samples/client/src/main/java/com/supwisdom/leaveschool/client/security/web/access/intercept/MyFilterSecurityInterceptor.java
@@ -40,12 +40,10 @@
@Override
public void invoke(FilterInvocation fi) throws IOException, ServletException {
- Set<String> noneSecurityUrl = new HashSet<String>();
- noneSecurityUrl.add("/");
- noneSecurityUrl.add("/index");
- noneSecurityUrl.add("/web/index");
+ Set<String> noneSecurityUrl = new HashSet<String>(); // FIXME: 对无须访问控制的url,支持可配置
noneSecurityUrl.add("/web/login");
noneSecurityUrl.add("/web/logout");
+ noneSecurityUrl.add("/web/index");
if (fi.getRequest() != null) {
String requestUrl = fi.getRequestUrl(); logger.debug("MyFilterSecurityInterceptor invoke requestUrl: {}", requestUrl);