com.soento.security.support.PermissionSecurityMetadataSource Maven / Gradle / Ivy
The newest version!
package com.soento.security.support;
import com.soento.core.base.util.CollectionUtil;
import com.soento.core.base.lang.ApiInfo;
import com.soento.web.support.InterfaceDataLoader;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.stereotype.Component;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import java.util.*;
/**
* @author soento
*/
@Component
public class PermissionSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
private Map> map = null;
@Resource
private InterfaceDataLoader interfaceDataHandler;
/**
* 加载资源,初始化资源变量
*/
public void loadResourceDefine() {
map = new HashMap<>();
List permissions = interfaceDataHandler.getDataList();
if (CollectionUtil.isEmpty(permissions)) {
return;
}
Collection array;
ConfigAttribute cfg;
for (ApiInfo permission : permissions) {
array = new ArrayList<>();
cfg = new SecurityConfig(permission.getName());
array.add(cfg);
map.put(permission.getUri(), array);
}
}
@Override
public Collection getAttributes(Object object) throws IllegalArgumentException {
if (map == null) {
loadResourceDefine();
}
HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
AntPathRequestMatcher matcher;
String resUrl;
for (Iterator iter = map.keySet().iterator(); iter.hasNext(); ) {
resUrl = iter.next();
matcher = new AntPathRequestMatcher(resUrl);
if (matcher.matches(request) || resUrl.equals(request.getRequestURI())) {
return map.get(resUrl);
}
}
return null;
}
@Override
public Collection getAllConfigAttributes() {
return null;
}
@Override
public boolean supports(Class clazz) {
return true;
}
}