package com.onionbbs.security;
import java.util.Collection;
import java.util.Iterator;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
public class GamersAccessDecisionManager implements AccessDecisionManager {
public void decide(Authentication authentication, Object object,
Collection<ConfigAttribute> configAttributes)
throws AccessDeniedException, InsufficientAuthenticationException {
if(configAttributes == null){
return ;
}
System.out.println("Object:"+object.toString());
Iterator<ConfigAttribute> ite=configAttributes.iterator();
while(ite.hasNext()){
ConfigAttribute ca=ite.next();
//怎么这里输出这个是ROLE_ANONYMOUS
System.out.println(authentication.getAuthorities());
String needRole=((SecurityConfig)ca).getAttribute();
for(GrantedAuthority ga:authentication.getAuthorities()){
if(needRole.equals(ga.getAuthority())){
return;
}
}
}
throw new AccessDeniedException("no right");
}
public boolean supports(ConfigAttribute attribute){
return true;
}
public boolean supports(Class<?> clazz) {
return true;
}
}
自定义的一个拦截器
package com.onionbbs.security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.AntUrlPathMatcher;
import org.springframework.security.web.util.UrlMatcher;
import com.OnionEntertainment.Security.Service.SecurityResourceServiceImp;
import com.onionbbs.model.Resources;
import com.onionbbs.model.Role;
public class InvocationSecurityMetadataSource
implements FilterInvocationSecurityMetadataSource {
private UrlMatcher urlMatcher = new AntUrlPathMatcher();;
private static Map<String, Collection<ConfigAttribute>> resourceMap = null;
private SecurityResourceServiceImp securityResourceService;
public void setSecurityResourceService(
SecurityResourceServiceImp securityResourceService) {
this.securityResourceService = securityResourceService;
}
public void loadResourceDefine() {
resourceMap = new HashMap<String, Collection<ConfigAttribute>>();
for(Resources item:securityResourceService.getAllResources()){
resourceMap.put(item.getUrl(), listRoleToCollection(item.getRole()));
}
}
public Collection<ConfigAttribute> listRoleToCollection(Set<Role> set){
List<ConfigAttribute> list=new ArrayList<ConfigAttribute>();
for(Role role:set){
System.out.println("=================================="+role.getName()+"==============");
list.add(new SecurityConfig(role.getName()));
}
return list;
}
public Collection<ConfigAttribute> getAttributes(Object object)
throws IllegalArgumentException {
String url = ((FilterInvocation)object).getRequestUrl();
Iterator<String> ite = resourceMap.keySet().iterator();
while (ite.hasNext()) {
String resURL = ite.next();
if (urlMatcher.pathMatchesUrl(url, resURL)) {
return resourceMap.get(resURL);
}
}
return null;
}
public boolean supports(Class<?> clazz) {
return true;
}
public Collection<ConfigAttribute> getAllConfigAttributes() {
return null;
}
}
获得用户和权限
package com.onionbbs.security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import com.OnionEntertainment.Security.Service.SecurityUserServiceImp;
import com.onionbbs.model.Role;
import com.onionbbs.model.UserTable;
public class UserDetailService implements UserDetailsService{
private SecurityUserServiceImp securityUserService;
public void setSecurityUserService(SecurityUserServiceImp securityUserService) {
this.securityUserService = securityUserService;
}
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
List<UserTable> usertable=securityUserService.getuser(username);
UserTable usertab=new UserTable();
usertab.setId(usertable.get(0).getId());
usertab.setNickname(usertable.get(0).getNickname());
usertab.setUsername(username);
usertab.setEnabled(usertable.get(0).getEnabled());
usertab.setRoles(usertable.get(0).getRoles());
User user = new User(username,
"robin", true, true, true, true, listRoleToCollection(usertable.get(0).getRoles()));
return user;
}
public Collection<GrantedAuthority> listRoleToCollection(Set<Role> set){
List<GrantedAuthority> list=new ArrayList<GrantedAuthority>();
for(Role role:set){
System.out.println(role.getName());
list.add(new GrantedAuthorityImpl(role.getName()));
}
return list;
}
}
把资源查询出来
package com.onionbbs.security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.AntUrlPathMatcher;
import org.springframework.security.web.util.UrlMatcher;
import com.OnionEntertainment.Security.Service.SecurityResourceServiceImp;
import com.onionbbs.model.Resources;
import com.onionbbs.model.Role;
public class InvocationSecurityMetadataSource
implements FilterInvocationSecurityMetadataSource {
private UrlMatcher urlMatcher = new AntUrlPathMatcher();;
private static Map<String, Collection<ConfigAttribute>> resourceMap = null;
private SecurityResourceServiceImp securityResourceService;
public void setSecurityResourceService(
SecurityResourceServiceImp securityResourceService) {
this.securityResourceService = securityResourceService;
}
public void loadResourceDefine() {
resourceMap = new HashMap<String, Collection<ConfigAttribute>>();
for(Resources item:securityResourceService.getAllResources()){
resourceMap.put(item.getUrl(), listRoleToCollection(item.getRole()));
}
}
public Collection<ConfigAttribute> listRoleToCollection(Set<Role> set){
List<ConfigAttribute> list=new ArrayList<ConfigAttribute>();
for(Role role:set){
System.out.println("=================================="+role.getName()+"==============");
list.add(new SecurityConfig(role.getName()));
}
return list;
}
public Collection<ConfigAttribute> getAttributes(Object object)
throws IllegalArgumentException {
String url = ((FilterInvocation)object).getRequestUrl();
Iterator<String> ite = resourceMap.keySet().iterator();
while (ite.hasNext()) {
String resURL = ite.next();
if (urlMatcher.pathMatchesUrl(url, resURL)) {
return resourceMap.get(resURL);
}
}
return null;
}
public boolean supports(Class<?> clazz) {
return true;
}
public Collection<ConfigAttribute> getAllConfigAttributes() {
return null;
}
}
