Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
caosy
/
fun-admin
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Snippets
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
1b6dbb31
authored
Sep 27, 2018
by
chongli
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
实现了角色和资源从数据库中加载
parent
2803e38f
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
115 additions
and
32 deletions
src/main/java/com/ctrip/fun/admin/service/system/AdminResourcesService.java
src/main/java/com/ctrip/fun/admin/service/system/MyInvocationSecurityMetadataSource.java
src/main/java/com/ctrip/fun/admin/service/system/UserDetailsService.java
src/main/resources/config/spring-security.xml
src/main/resources/config/spring-service.xml
src/main/resources/properties/service.properties
src/main/java/com/ctrip/fun/admin/service/system/AdminResourcesService.java
0 → 100644
View file @
1b6dbb31
/**
* Copyright 2014 CTRIP Co.,Ltd. All rights reserved.
* DTM PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*/
package
com
.
ctrip
.
fun
.
admin
.
service
.
system
;
import
java.util.HashMap
;
import
java.util.Map
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.core.ParameterizedTypeReference
;
import
org.springframework.http.HttpEntity
;
import
org.springframework.http.HttpMethod
;
import
com.ctrip.fun.admin.service.BaseService
;
import
com.ctrip.fun.common.vo.PagedResponseBean
;
import
com.ctrip.fun.common.vo.Request
;
import
com.ctrip.fun.common.vo.Response
;
import
com.ctrip.fun.common.vo.ResponseStatusEnum
;
import
com.ctrip.fun.common.vo.adminUser.AdminResourcesBean
;
import
com.ctrip.fun.common.vo.adminUser.AdminResourcesQuery
;
/**
* @author gswang
* @version 2014年8月25日
*/
public
class
AdminResourcesService
extends
BaseService
{
private
final
static
Logger
logger
=
LoggerFactory
.
getLogger
(
AdminResourcesService
.
class
);
/*
* 资源查询
*/
public
PagedResponseBean
<
AdminResourcesBean
>
list
(
String
userId
,
AdminResourcesQuery
query
)
{
String
uri
=
super
.
getServiceUri
(
"uri.adminResources.list"
);
PagedResponseBean
<
AdminResourcesBean
>
pageResponseBean
=
null
;
Request
<
AdminResourcesQuery
>
request
=
new
Request
<
AdminResourcesQuery
>();
request
.
setUserId
(
userId
);
request
.
setBody
(
query
);
HttpEntity
<
Request
<
AdminResourcesQuery
>>
httpEntity
=
new
HttpEntity
<
Request
<
AdminResourcesQuery
>>(
request
);
Response
<
PagedResponseBean
<
AdminResourcesBean
>>
response
=
super
.
exchange
(
uri
,
HttpMethod
.
POST
,
httpEntity
,
new
ParameterizedTypeReference
<
Response
<
PagedResponseBean
<
AdminResourcesBean
>>>()
{
}).
getBody
();
if
(
response
.
getStatus
()
==
ResponseStatusEnum
.
SUCCESS
.
getValue
())
{
pageResponseBean
=
response
.
getBody
();
}
else
{
Map
<
String
,
String
>
tags
=
new
HashMap
<
String
,
String
>();
tags
.
put
(
"userId"
,
userId
);
tags
.
put
(
"query"
,
query
.
toString
());
logger
.
error
(
"用户list异常"
,
String
.
format
(
"status: %d, msg: %s"
,
response
.
getStatus
(),
response
.
getMessage
()),
tags
);
}
return
pageResponseBean
;
}
}
src/main/java/com/ctrip/fun/admin/service/system/MyInvocationSecurityMetadataSource.java
View file @
1b6dbb31
...
...
@@ -3,41 +3,49 @@ import java.util.ArrayList;
import
java.util.Collection
;
import
java.util.HashMap
;
import
java.util.Iterator
;
import
java.util.List
;
import
java.util.Map
;
import
org.springframework.security.access.ConfigAttribute
;
import
org.springframework.security.access.SecurityConfig
;
import
org.springframework.security.web.FilterInvocation
;
import
org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource
;
import
com.ctrip.fun.admin.service.system.AntUrlPathMatcher
;
import
com.ctrip.fun.admin.service.system.UrlMatcher
;
import
com.ctrip.fun.common.vo.adminUser.AdminResourcesBean
;
import
com.ctrip.fun.common.vo.adminUser.AdminResourcesQuery
;
public
class
MyInvocationSecurityMetadataSource
implements
FilterInvocationSecurityMetadataSource
{
private
UrlMatcher
urlMatcher
=
new
AntUrlPathMatcher
();
private
static
Map
<
String
,
Collection
<
ConfigAttribute
>>
resourceMap
=
null
;
private
AdminResourcesService
adminResourcesService
;
//tomcat启动时实例化一次
public
MyInvocationSecurityMetadataSource
()
{
loadResourceDefine
();
}
}
//tomcat开启时加载一次,加载所有url和权限(或角色)的对应关系
private
void
loadResourceDefine
()
{
resourceMap
=
new
HashMap
<
String
,
Collection
<
ConfigAttribute
>>();
Collection
<
ConfigAttribute
>
atts
=
new
ArrayList
<
ConfigAttribute
>();
ConfigAttribute
ca
=
new
SecurityConfig
(
"ROLE_USER"
);
atts
.
add
(
ca
);
ConfigAttribute
ca1
=
new
SecurityConfig
(
"ROLE_AAAA"
);
atts
.
add
(
ca1
);
ConfigAttribute
ca2
=
new
SecurityConfig
(
"ROLE_BBBB"
);
atts
.
add
(
ca2
);
resourceMap
.
put
(
"/index.jsp"
,
atts
);
Collection
<
ConfigAttribute
>
attsno
=
new
ArrayList
<
ConfigAttribute
>();
ConfigAttribute
cano
=
new
SecurityConfig
(
"ROLE_NO"
);
attsno
.
add
(
cano
);
resourceMap
.
put
(
"/order/**"
,
attsno
);
}
if
(
resourceMap
==
null
)
{
resourceMap
=
new
HashMap
<
String
,
Collection
<
ConfigAttribute
>>();
List
<
AdminResourcesBean
>
resources
=
new
ArrayList
<
AdminResourcesBean
>();
AdminResourcesQuery
query
=
new
AdminResourcesQuery
();
query
.
setPagerOffset
(
0
);
query
.
setPagerPerPage
(
Integer
.
MAX_VALUE
);
query
.
setSortField
(
"id"
);
resources
=
(
List
<
AdminResourcesBean
>)
adminResourcesService
.
list
(
""
,
query
).
getResult
();
for
(
AdminResourcesBean
resource
:
resources
)
{
Collection
<
ConfigAttribute
>
configAttributes
=
new
ArrayList
<
ConfigAttribute
>();
ConfigAttribute
configAttribute
=
new
SecurityConfig
(
"ROLE_"
+
resource
.
getResKey
());
configAttributes
.
add
(
configAttribute
);
resourceMap
.
put
(
resource
.
getResUrl
(),
configAttributes
);
}
}
}
//参数是要访问的url,返回这个url对于的所有权限(或角色)
public
Collection
<
ConfigAttribute
>
getAttributes
(
Object
object
)
throws
IllegalArgumentException
{
this
.
loadResourceDefine
();
// 将参数转为url
String
url
=
((
FilterInvocation
)
object
).
getRequestUrl
();
Iterator
<
String
>
ite
=
resourceMap
.
keySet
().
iterator
();
...
...
@@ -55,4 +63,13 @@ public class MyInvocationSecurityMetadataSource implements FilterInvocationSecur
public
Collection
<
ConfigAttribute
>
getAllConfigAttributes
()
{
return
null
;
}
public
AdminResourcesService
getAdminResourcesService
()
{
return
adminResourcesService
;
}
public
void
setAdminResourcesService
(
AdminResourcesService
adminResourcesService
)
{
this
.
adminResourcesService
=
adminResourcesService
;
}
}
src/main/java/com/ctrip/fun/admin/service/system/UserDetailsService.java
View file @
1b6dbb31
...
...
@@ -65,7 +65,7 @@ public final class UserDetailsService extends BaseService implements org.springf
if
(
adminUserBean
.
getAuthoritys
()
!=
null
)
{
Set
<
GrantedAuthority
>
dbAuthsSet
=
new
HashSet
<
GrantedAuthority
>();
for
(
String
authority
:
adminUserBean
.
getAuthoritys
())
{
SimpleGrantedAuthority
simpleGrantedAuthority
=
new
SimpleGrantedAuthority
(
authority
);
SimpleGrantedAuthority
simpleGrantedAuthority
=
new
SimpleGrantedAuthority
(
"ROLE_"
+
authority
);
dbAuthsSet
.
add
(
simpleGrantedAuthority
);
}
dbAuths
=
new
ArrayList
<
GrantedAuthority
>(
dbAuthsSet
);
...
...
src/main/resources/config/spring-security.xml
View file @
1b6dbb31
...
...
@@ -36,28 +36,31 @@
</b:bean>
<!--验证配置,认证管理器,实现用户认证的入口,主要实现UserDetailsService接口即可 -->
<authentication-manager
alias=
"authenticationManager"
>
<authentication-provider
user-service-ref=
"myUserDetailService"
>
<!--如果用户的密码采用加密的话 <password-encoder hash="md5" /> -->
</authentication-provider>
<authentication-provider
ref=
"authenticationProvider"
/>
</authentication-manager>
<b:bean
id=
"authenticationProvider"
class=
"org.springframework.security.authentication.dao.DaoAuthenticationProvider"
>
<b:property
name=
"passwordEncoder"
ref=
"passwordEncoder"
/>
<b:property
name=
"userDetailsService"
ref=
"myUserDetailService"
></b:property>
</b:bean>
<b:bean
id=
"passwordEncoder"
class=
"org.springframework.security.authentication.encoding.Md5PasswordEncoder"
/>
<!--在这个类中,你就可以从数据库中读入用户的密码,角色信息,是否锁定,账号是否过期等 -->
<b:bean
id=
"myUserDetailService"
class=
"com.ctrip.fun.admin.service.system.MyUserDetailService"
/>
<!-- 通过rest访问远程服务得到用户信息 -->
<b:bean
id=
"myUserDetailService"
class=
"com.ctrip.fun.admin.service.system.UserDetailsService"
parent=
"baseService"
>
<b:property
name=
"sipPhoneService"
ref=
"sipPhoneService"
></b:property>
</b:bean>
<b:bean
id=
"sipPhoneService"
class=
"com.ctrip.fun.admin.service.callcenter.SipPhoneService"
/>
<!--访问决策器,决定某个用户具有的角色,是否有足够的权限去访问某个资源 -->
<b:bean
id=
"myAccessDecisionManagerBean"
class=
"com.ctrip.fun.admin.service.system.MyAccessDecisionManager"
>
</b:bean>
<!--资源源数据定义,将所有的资源和权限对应关系建立起来,即定义某一资源可以被哪些角色访问 -->
<b:bean
id=
"securityMetadataSource"
class=
"com.ctrip.fun.admin.service.system.MyInvocationSecurityMetadataSource"
/>
<b:bean
id=
"sipPhoneService"
class=
"com.ctrip.fun.admin.service.callcenter.SipPhoneService"
/>
<!-- 通过rest访问远程服务得到用户信息 -->
<b:bean
id=
"userDetailsService"
class=
"com.ctrip.fun.admin.service.system.UserDetailsService"
parent=
"baseService"
>
<b:property
name=
"sipPhoneService"
ref=
"sipPhoneService"
></b:property>
<b:bean
id=
"securityMetadataSource"
class=
"com.ctrip.fun.admin.service.system.MyInvocationSecurityMetadataSource"
>
<b:property
name=
"adminResourcesService"
ref=
"adminResourcesService"
></b:property>
</b:bean>
</b:beans>
...
...
src/main/resources/config/spring-service.xml
View file @
1b6dbb31
...
...
@@ -88,6 +88,8 @@
class=
"com.ctrip.fun.admin.service.basic.RecommendCodeService"
parent=
"baseService"
/>
<bean
name=
"userService"
class=
"com.ctrip.fun.admin.service.system.UserService"
parent=
"baseService"
/>
<bean
name=
"adminResourcesService"
class=
"com.ctrip.fun.admin.service.system.AdminResourcesService"
parent=
"baseService"
/>
<bean
name=
"adService"
class=
"com.ctrip.fun.admin.service.golf.AdvertisementService"
parent=
"baseService"
/>
<bean
name=
"friendService"
class=
"com.ctrip.fun.admin.service.friend.FriendService"
...
...
src/main/resources/properties/service.properties
View file @
1b6dbb31
...
...
@@ -27,6 +27,7 @@ uri.voucher.exportVoucherExcel=/fun-golf-service/Voucher/exportVoucherExcel
uri.adminUser.userDetail
=
/fun-golf-service/adminUser/userDetail
uri.adminUser.updatePassword
=
/fun-golf-service/adminUser/update
uri.adminUser.communeAdmUserList
=
/fun-golf-service/adminUser/communeAdmUserList
uri.adminResources.list
=
/fun-golf-service/adminResources/list
# order
uri.order.placeOrder
=
/fun-golf-service/{orderType}/placeOrder
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment