rightutil.java

基于java的组号查询模块

/*
 * package com.lily.dap.webapp.acegi;
 * class RightUtil
 * 
 * 创建日期 2006-3-2
 *
 * 开发者 zouxuemo
 *
 * 淄博百合电子有限公司版权所有
 */
package com.lily.dap.webapp.acegi;

import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

import org.acegisecurity.Authentication;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.userdetails.UserDetails;
import org.springframework.util.StringUtils;

import com.lily.dap.model.right.Permission;
import com.lily.dap.model.right.User;

/**
 * @author zouxuemo
 *
 */
public class RightUtil {
    private static final String rightObjectSplit = "~";

    private static final String rightOperationSplit = "#";
    
    /**
     * 判断给定的授权是否允许
     * 
     * @param ifAllGranted 如果所有的授权都包含，则允许
     * @param ifAnyGranted 如果其中满足一个授权，则允许
     * @param ifNotGranted 如果包含其中的授权，则不允许
     * @return
     */
    public static boolean rbacAuthorize(String ifNotGranted, String ifAllGranted, String ifAnyGranted) {
        if (((null == ifAllGranted) || "".equals(ifAllGranted))
                && ((null == ifAnyGranted) || "".equals(ifAnyGranted))
                && ((null == ifNotGranted) || "".equals(ifNotGranted))) {
                return false;
            }
        
        UserDetails userDetails = getUserDetails();
        if (userDetails == null)
            return false;
        
        if ((null != ifNotGranted) && !"".equals(ifNotGranted)) {
            Set grantedCopy = containPermission(userDetails, parsePermissionsString(ifNotGranted));
            if (!grantedCopy.isEmpty()) {
                return false;
            }
        }
        
        if ((null != ifAllGranted) && !"".equals(ifAllGranted)) {
            Set allPermission = parsePermissionsString(ifAllGranted);
            Set grantedPermission = containPermission(userDetails, allPermission);
            if (grantedPermission.size() < allPermission.size())
                return false;
        }

       if ((null != ifAnyGranted) && !"".equals(ifAnyGranted)) {
            Set grantedCopy = containPermission(userDetails, parsePermissionsString(ifAnyGranted));
            if (grantedCopy.isEmpty()) {
                return false;
            }
        }
        
        return true;
    }

    /**
     * 分析传入的许可字符串参数，分解成许可集合
     * 
     * @param permissionsString
     * @return
     */
    public static Set parsePermissionsString(String permissionsString) {
        final Set requiredPermission = new HashSet();
        final String[] permissions = StringUtils.commaDelimitedListToStringArray(permissionsString);

        for (int i = 0; i < permissions.length; i++) {
         // Remove the permission's whitespace characters without depending on JDK 1.4+ 
         // Includes space, tab, new line, carriage return and form feed. 
         String permission = StringUtils.replace(permissions[i], " ", ""); 
         permission = StringUtils.replace(permission, "\t", ""); 
         permission = StringUtils.replace(permission, "\r", ""); 
         permission = StringUtils.replace(permission, "\n", ""); 
         permission = StringUtils.replace(permission, "\f", ""); 

         requiredPermission.add(permission);
        }

        return requiredPermission;
    }
    
    /**
     * 检查认证用户拥有给定许可集合的那些许可
     * 
     * @param userDetails
     * @param grantedSet
     * @return
     */
    public static Set containPermission(UserDetails userDetails, Set grantedSet) {
        Set returnSet = new HashSet(); 
        Iterator it = grantedSet.iterator();
        while (it.hasNext()) {
            String permission = (String)it.next();
            if (RightUtil.isAuthenticationHavePermission(userDetails, permission))
                returnSet.add(permission);
        }
        return returnSet;
    }
    
    /**
     * 获取到认证对象的登陆信息
     * 
     * @return
     */
    public static  UserDetails getUserDetails() {
        Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
        if (null == currentUser)
            return null;
        
        UserDetails userDetails = (UserDetails)currentUser.getPrincipal();
        return userDetails;
    }
    
    public static boolean isAuthenticationHavePermission(UserDetails userDetails, String permission) {
        PermissionStruct struct = parsePermissionString(permission);
        if (struct == null)
            return false;
        
        return isHavePermission(userDetails, struct);
    }
    
    public static PermissionStruct parsePermissionString(String permission) {
        String items[] = permission.split(rightObjectSplit);
        if (items != null && items.length > 1) {
            PermissionStruct struts = new PermissionStruct();
            struts.ri_ob_code = items[0];
            
            struts.ri_op_codes = items[1].split(rightOperationSplit);
            
            return struts;
        }
        
        return null;
    }
    
    public static boolean isHavePermission(UserDetails userDetails, PermissionStruct permissionStruct) {
    	if (!(userDetails instanceof User))
    		return false;
    	
    	User user = (User)userDetails;
    	
        List permissionList = user.getPermissions(permissionStruct.ri_ob_code);
        if (permissionList.isEmpty())
            return false;
        
        for (int i = 0; i < permissionStruct.ri_op_codes.length; i++) {
            String ri_op_code = permissionStruct.ri_op_codes[i];
            
            Iterator it = permissionList.iterator();
            while (it.hasNext()) {
                Permission permission = (Permission)it.next();
                String ri_op_codes = permission.getRi_ops();
                
                if (ri_op_codes.indexOf(ri_op_code) >= 0)
                    return true;
            }
        }
        
        return false;
    }
}