📄 authorizeactiontag.java
字号:
package sample.auth;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.Tag;
import javax.servlet.jsp.tagext.TagSupport;
import org.acegisecurity.Authentication;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.context.SecurityContextHolder;
import org.springframework.util.StringUtils;
import org.springframework.web.util.ExpressionEvaluationUtils;
import sample.web.action.AppContext;
/**
*
* @author limq
*
*/
public class AuthorizeActionTag extends TagSupport{
private String ifAllGranted = "";
private String ifAnyGranted = "";
private String ifNotGranted = "";
public void setIfAllGranted(String ifAllGranted) throws JspException {
this.ifAllGranted = ifAllGranted;
}
public String getIfAllGranted() {
return ifAllGranted;
}
public void setIfAnyGranted(String ifAnyGranted) throws JspException {
this.ifAnyGranted = ifAnyGranted;
}
public String getIfAnyGranted() {
return ifAnyGranted;
}
public void setIfNotGranted(String ifNotGranted) throws JspException {
this.ifNotGranted = ifNotGranted;
}
public String getIfNotGranted() {
return ifNotGranted;
}
public int doStartTag() throws JspException {
if (((null == ifAllGranted) || "".equals(ifAllGranted))
&& ((null == ifAnyGranted) || "".equals(ifAnyGranted))
&& ((null == ifNotGranted) || "".equals(ifNotGranted))) {
return Tag.SKIP_BODY;
}
final Collection granted = getPrincipalFunctionByAuthorities();
final String evaledIfNotGranted = ExpressionEvaluationUtils
.evaluateString("ifNotGranted", ifNotGranted, pageContext);
if ((null != evaledIfNotGranted) && !"".equals(evaledIfNotGranted)) {
Set grantedCopy = retainAll(granted,
parseSecurityString(evaledIfNotGranted));
if (!grantedCopy.isEmpty()) {
return Tag.SKIP_BODY;
}
}
final String evaledIfAllGranted = ExpressionEvaluationUtils
.evaluateString("ifAllGranted", ifAllGranted, pageContext);
if ((null != evaledIfAllGranted) && !"".equals(evaledIfAllGranted)) {
if (!granted.containsAll(parseSecurityString(evaledIfAllGranted))) {
return Tag.SKIP_BODY;
}
}
final String evaledIfAnyGranted = ExpressionEvaluationUtils
.evaluateString("ifAnyGranted", ifAnyGranted, pageContext);
if ((null != evaledIfAnyGranted) && !"".equals(evaledIfAnyGranted)) {
Set grantedCopy = retainAll(granted,
parseSecurityString(evaledIfAnyGranted));
if (grantedCopy.isEmpty()) {
return Tag.SKIP_BODY;
}
}
return Tag.EVAL_BODY_INCLUDE;
}
/**
* 得到用的的Authentication,并且从Authentication中获得 Authorities,进而得到 授予用户的 Function
* @return
*/
private Collection getPrincipalFunctionByAuthorities() {
Authentication currentUser = SecurityContextHolder.getContext()
.getAuthentication();
if (null == currentUser) {
return Collections.EMPTY_LIST;
}
if ((null == currentUser.getAuthorities())
|| (currentUser.getAuthorities().length < 1)) {
return Collections.EMPTY_LIST;
}
// currentUser.getAuthorities() 返回的是 GrantedAuthority[]
List granted = Arrays.asList(currentUser.getAuthorities());
AuthDao authDao =(AuthDao) AppContext.getInstance().getAppContext().getBean("authDao");
Collection grantedFunctions = authDao.getFunctionsByRoles(granted);
return grantedFunctions;
}
/**
* 得到用户功能(Function)的集合,并且验证是否合法,而且可以过滤重复项
* @param c Collection 类型
* @return Set类型
*/
private Set SecurityObjectToFunctions(Collection c) {
Set target = new HashSet();
for (Iterator iterator = c.iterator(); iterator.hasNext();) {
GrantedFunction function = (GrantedFunction) iterator.next();
if (null == function.getFunction()) {
throw new IllegalArgumentException(
"Cannot process GrantedFunction objects which return null from getFunction() - attempting to process "
+ function.toString());
}
target.add(function.getFunction());
}
return target;
}
/**
* 处理页面标志属性 ,用' ,'区分,返回Set型数据过滤重复项
*/
private Set parseSecurityString(String functionsString) {
final Set requiredFunctions = new HashSet();
final String[] functions = StringUtils
.commaDelimitedListToStringArray(functionsString);
for (int i = 0; i < functions.length; i++) {
String authority = functions[i];
// Remove the role's whitespace characters without depending on JDK 1.4+
// Includes space, tab, new line, carriage return and form feed.
String function = StringUtils.replace(authority, " ", "");
function = StringUtils.replace(function, "\t", "");
function = StringUtils.replace(function, "\r", "");
function = StringUtils.replace(function, "\n", "");
function = StringUtils.replace(function, "\f", "");
requiredFunctions.add(new GrantedFunctionImpl(function));
}
return requiredFunctions;
}
/**
* 获得用户所拥有的Function 和 要求的 Function 的交集
* @param granted 用户已经获得的Function
* @param required 所需要的Function
* @return
*/
private Set retainAll(final Collection granted, final Set required) {
Set grantedFunction = SecurityObjectToFunctions(granted);
Set requiredFunction = SecurityObjectToFunctions(required);
// retailAll() 获得 grantedFunction 和 requiredFunction 的交集
// 即删除 grantedFunction 中 除了 requiredFunction 的项
grantedFunction.retainAll(requiredFunction);
return rolesToAuthorities(grantedFunction, granted);
}
/**
*
* @param grantedFunctions 已经被过滤过的Function
* @param granted 未被过滤过的,即用户所拥有的Function
* @return
*/
private Set rolesToAuthorities(Set grantedFunctions, Collection granted) {
Set target = new HashSet();
for (Iterator iterator = grantedFunctions.iterator(); iterator.hasNext();) {
String function = (String) iterator.next();
for (Iterator grantedIterator = granted.iterator();
grantedIterator.hasNext();) {
GrantedFunction grantedFunction = (GrantedFunction) grantedIterator
.next();
if (grantedFunction.getFunction().equals(function)) {
target.add(grantedFunction);
break;
}
}
}
return target;
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -