123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185 |
- package com.diagbot.config.security;
- import com.diagbot.facade.TokenFacade;
- import com.diagbot.util.HttpUtils;
- import com.diagbot.util.StringUtil;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.security.access.AccessDecisionManager;
- import org.springframework.security.access.AccessDeniedException;
- import org.springframework.security.access.ConfigAttribute;
- import org.springframework.security.authentication.AccountExpiredException;
- import org.springframework.security.authentication.InsufficientAuthenticationException;
- import org.springframework.security.core.Authentication;
- import org.springframework.security.core.GrantedAuthority;
- import org.springframework.security.web.FilterInvocation;
- import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
- import org.springframework.stereotype.Service;
- import javax.servlet.http.HttpServletRequest;
- import java.util.Collection;
- /**
- * @Description: 自定义权限拦截
- * @author: gaodm
- * @time: 2018/8/23 13:46
- */
- @Service
- public class UrlAccessDecisionManager implements AccessDecisionManager {
- @Autowired
- private TokenFacade tokenFacade;
- @Override
- public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
- HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
- String url, method;
- if (matchPermitAllUrl(request)) {
- return;
- }
- if ("anonymousUser".equals(authentication.getPrincipal())) {
- throw new AccessDeniedException("no right");
- } else {
- String tokenStr = HttpUtils.getHeaders(request).get("Authorization");
- if (StringUtil.isNotEmpty(tokenStr)) {
- tokenStr = tokenStr.replaceFirst("Bearer ", "");
- Boolean res = tokenFacade.verifyToken(tokenStr, 1);
- if (!res) {
- throw new AccountExpiredException("token expire");
- }
- }
- for (GrantedAuthority ga : authentication.getAuthorities()) {
- String[] authority = ga.getAuthority().split(";");
- url = authority[0];
- method = authority[1];
- if (matchers(url, request)) {
- if (method.equals(request.getMethod()) || "ALL".equals(method)) {
- return;
- }
- }
- }
- }
- throw new AccessDeniedException("no right");
- }
- @Override
- public boolean supports(ConfigAttribute attribute) {
- return true;
- }
- @Override
- public boolean supports(Class<?> clazz) {
- return true;
- }
- private Boolean matchPermitAllUrl(HttpServletRequest request) {
- if (matchers("/swagger/**", request)
- || matchers("/v2/**", request)
- || matchers("/swagger-ui.html/**", request)
- || matchers("/swagger-resources/**", request)
- || matchers("/webjars/**", request)
- || matchers("/druid/**", request)
- || matchers("/actuator/**", request)
- || matchers("/hystrix/**", request)
- || matchers("/sys/user/getJwt", request)
- || matchers("/sys/user/refreshJwt", request)
- || matchers("/sys/user/checkToken", request)
- //|| matchers("/sys/user/getUserOrgMenu", request)
- || matchers("/oauth/token", request)
- || matchers("/oauth/check_token", request)
- || matchers("/tran/mappingConfig/exportExcelModule", request)
- || matchers("/tran/mappingConfig/dataVerify", request)
- || matchers("/tran/mappingConfig/precDataMatch", request)
- || matchers("/tran/mappingConfig/precDataMatch_remote", request)
- || matchers("/tran/mappingConfig/importExcel", request)
- || matchers("/tran/mappingConfig/exportExcel", request)
- || matchers("/tran/mappingConfig/exportExcel_remote", request)
- || matchers("/tran/mappingConfig/getPage", request)
- || matchers("/tran/mappingConfig/getRecord", request)
- || matchers("/tran/mappingConfig/getRelatedMapping", request)
- || matchers("/tran/mappingConfig/isExistRecord", request)
- || matchers("/tran/mappingConfig/saveOrUpdateRecord", request)
- || matchers("/tran/mappingConfig/deleteRecord", request)
- || matchers("/tran/mappingConfig/deleteRecords", request)
- //|| matchers("/tran/hospitalInfo/saveRecord", request)
- || matchers("/tran/hospitalInfo/getHospitalInfo", request)
- || matchers("/tran/hospitalInfo/getAllHospitalInfo", request)
- || matchers("/tran/hospitalInfo/getAllEnableHospitalInfo", request)
- || matchers("/tran/hospitalInfo/getHospitalInfoById", request)
- || matchers("/sys/versionInfo/getVersionInfoAlls", request)
- || matchers("/sys/disclaimerInfo/getDisclaimerInfo", request)
- || matchers("/sys/mr/createMr", request)
- || matchers("/sys/mr/getMr", request)
- || matchers("/sys/mr/getTcmMr", request)
- || matchers("/sys/mr/getIndicationMr", request)
- || matchers("/sys/plan/getSysPlanInfoDatas", request)
- || matchers("/sys/mrqc/analyze_run", request)
- || matchers("/sys/tokenPermission/delPermission", request)
- || matchers("/sys/tokenPermission/getPermission", request)
- || matchers("/sys/push/push", request)
- || matchers("/sys/push/pushApi", request)
- || matchers("/sys/push/indicationPush", request)
- || matchers("/sys/push/indicationExtPush", request)
- || matchers("/sys/push/pushPlan", request)
- || matchers("/demo/templateInfo/updateByIdUsNames", request)
- || matchers("/demo/templateInfo/saveTemplateInfo", request)
- || matchers("/demo/templateInfo/cancelTemplateInfos", request)
- || matchers("/demo/templateInfo/getTemplatePageAlls", request)
- || matchers("/demo/templateInfo/getTemplatebyId", request)
- || matchers("/sys/plan/getPlanInfoPages", request)
- /*|| matchers("/sys/plan/savePlanInfoDatas", request)
- || matchers("/sys/plan/getSysPlanInfoDatas", request)
- || matchers("/sys/plan/cancelPlanDatas", request)*/
- //|| matchers("/sys/plan/revStopPlans", request)
- || matchers("/sys/tokenHospital/getTokenHospital", request)
- || matchers("/demo/retrieval/index", request)
- || matchers("/kl/conceptInfo/staticKnowledgeIndex", request)
- || matchers("/kl/conceptInfo/staticKnowledgeIndexWithoutInfo", request)
- || matchers("/kl/conceptInfo/getStaticKnowledge", request)
- || matchers("/kl/conceptInfo/getStaticKnowledgeForHIS", request)
- || matchers("/kl/conceptInfo/getPage", request)
- || matchers("/kl/conceptInfo/staticIndexPage", request)
- //|| matchers("/kl/conceptInfo/saveOrUpdateRecord", request)
- //|| matchers("/kl/conceptInfo/changeStatus", request)
- || matchers("/kl/conceptInfo/isExist", request)
- || matchers("/kl/conceptInfo/getRecordById", request)
- || matchers("/kl/conceptInfo/updateHasInfoStatusBatch", request)
- || matchers("/sys/planDetail/getPlanDetailDatas", request)
- /*|| matchers("/sys/planDetail/savePlanDetails", request)
- || matchers("/sys/planDetail/cancelPlanDetails", request)
- || matchers("/sys/planDetail/revStopPlanDetails", request)
- || matchers("/sys/plan/getDefaultPlans", request)*/
- || matchers("/sys/dictionaryInfo/getList", request)
- || matchers("/sys/dictionaryInfo/getListBack", request)
- || matchers("/sys/plan/getPlanInfoIds", request)
- || matchers("/sys/file/uploadImage", request)
- || matchers("/sys/file/deleteRemoteFile", request)
- || matchers("/sys/mrqc/caseWritingPrompt", request)
- || matchers("/demo/testcaseInfo/testcaseProcess", request)
- || matchers("/demo/mrtestInfo/importExcel", request)
- || matchers("/demo/mrtestInfo/exportExcel", request)
- || matchers("/demo/mrtestInfo/mrTestProcess", request)
- || matchers("/kl/dictionary/getDictionarys", request)
- || matchers("/klRulePlan/getMenu", request)
- || matchers("/klRule/getKlRuleInfoPage", request)
- || matchers("/klRule/getByIdRuleInfo", request)
- || matchers("/klRule/saveRuleInfo", request)
- || matchers("/klRule/clearRuleInfo", request)
- || matchers("/klRule/disableRuleInfo", request)
- || matchers("/klRule/startRuleInfo", request)
- || matchers("/klDisease/searchConcept", request)
- || matchers("/cache/clearRuleAll", request)
- || matchers("/term/termMatching", request)
- || matchers("/", request)) {
- return true;
- }
- return false;
- }
- private boolean matchers(String url, HttpServletRequest request) {
- AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
- if (matcher.matches(request)) {
- return true;
- }
- return false;
- }
- }
|