c83b5b39
 Liu Haoyu
项目创建, 集成spring-se...
|
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
import com.objecteye.pojo.SpecialAuthenticationUrlConfig;
import com.objecteye.pojo.UserDetailsMsg;
import com.objecteye.pojo.UserGroup;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.mongodb.core.MongoTemplate;
import org.springframework.data.mongodb.core.query.Criteria;
import org.springframework.data.mongodb.core.query.Query;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@Component("accessConfirmService")
public class AccessConfirmServiceImpl {
@Autowired
private MongoTemplate mongoTemplate;
private AntPathMatcher antPathMatcher = new AntPathMatcher();
public boolean hasPermission(HttpServletRequest request, Authentication auth) {
|
|
c83b5b39
Liu Haoyu
项目创建, 集成spring-se...
|
41
42
43
44
45
46
47
48
|
// 匿名token不允许访问所有的接口
if (auth instanceof AnonymousAuthenticationToken) {
return false;
}
UserDetails user = (UserDetails) auth.getPrincipal();
Map<String, Boolean> specialUrlAccessMap = queryUrlByUserName(user.getUsername());
for (Map.Entry<String, Boolean> entry : specialUrlAccessMap.entrySet()) {
|
|
c83b5b39
Liu Haoyu
项目创建, 集成spring-se...
|
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
return entry.getValue();
}
}
return true;
}
/**
* 查询用户权限
*
* @param userName 用户名
* @return key: 需要权限的url; value: 是否可以访问
*/
private Map<String, Boolean> queryUrlByUserName(String userName) {
List<UserDetailsMsg> userDetailsMsgList = mongoTemplate.find(Query.query(Criteria.where("userName").is(userName)), UserDetailsMsg.class);
Map<String, Boolean> specialUrlLevelMap = new HashMap<>();
if (userDetailsMsgList.size() > 0) {
List<String> levelList = new ArrayList<>();
UserDetailsMsg userDetailsMsg = userDetailsMsgList.get(0);
levelList.add(userDetailsMsg.getUserRole());
List<UserGroup> userGroups = mongoTemplate.find(Query.query(Criteria.where("grouoId").is(userDetailsMsg.getGroup())), UserGroup.class);
if (userGroups.size() > 0) {
levelList.add(userGroups.get(0).getGroupLevel());
}
// 保存的是所有的需要特殊权限才能访问的
List<SpecialAuthenticationUrlConfig> specialUrlList = mongoTemplate.find(new Query(), SpecialAuthenticationUrlConfig.class);
if (specialUrlList.size() > 0) {
for (SpecialAuthenticationUrlConfig specialUrlConfig : specialUrlList) {
String url = specialUrlConfig.getUrl();
Integer level = specialUrlConfig.getLevel();
if (specialUrlLevelMap.containsKey(url)) {
// 历史数据不允许访问, 当前数据允许访问则刷新是否可以访问的状态
if (!specialUrlLevelMap.get(url) && levelList.contains(level)) {
specialUrlLevelMap.put(url, true);
}
} else {
specialUrlLevelMap.put(url, levelList.contains(level));
}
}
}
}
return specialUrlLevelMap;
}
}
|
