UrlAccessDecisionManager.java 9.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185
  1. package com.diagbot.config.security;
  2. import com.diagbot.facade.TokenFacade;
  3. import com.diagbot.util.HttpUtils;
  4. import com.diagbot.util.StringUtil;
  5. import org.springframework.beans.factory.annotation.Autowired;
  6. import org.springframework.security.access.AccessDecisionManager;
  7. import org.springframework.security.access.AccessDeniedException;
  8. import org.springframework.security.access.ConfigAttribute;
  9. import org.springframework.security.authentication.AccountExpiredException;
  10. import org.springframework.security.authentication.InsufficientAuthenticationException;
  11. import org.springframework.security.core.Authentication;
  12. import org.springframework.security.core.GrantedAuthority;
  13. import org.springframework.security.web.FilterInvocation;
  14. import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
  15. import org.springframework.stereotype.Service;
  16. import javax.servlet.http.HttpServletRequest;
  17. import java.util.Collection;
  18. /**
  19. * @Description: 自定义权限拦截
  20. * @author: gaodm
  21. * @time: 2018/8/23 13:46
  22. */
  23. @Service
  24. public class UrlAccessDecisionManager implements AccessDecisionManager {
  25. @Autowired
  26. private TokenFacade tokenFacade;
  27. @Override
  28. public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
  29. HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
  30. String url, method;
  31. if (matchPermitAllUrl(request)) {
  32. return;
  33. }
  34. if ("anonymousUser".equals(authentication.getPrincipal())) {
  35. throw new AccessDeniedException("no right");
  36. } else {
  37. String tokenStr = HttpUtils.getHeaders(request).get("Authorization");
  38. if (StringUtil.isNotEmpty(tokenStr)) {
  39. tokenStr = tokenStr.replaceFirst("Bearer ", "");
  40. Boolean res = tokenFacade.verifyToken(tokenStr, 1);
  41. if (!res) {
  42. throw new AccountExpiredException("token expire");
  43. }
  44. }
  45. for (GrantedAuthority ga : authentication.getAuthorities()) {
  46. String[] authority = ga.getAuthority().split(";");
  47. url = authority[0];
  48. method = authority[1];
  49. if (matchers(url, request)) {
  50. if (method.equals(request.getMethod()) || "ALL".equals(method)) {
  51. return;
  52. }
  53. }
  54. }
  55. }
  56. throw new AccessDeniedException("no right");
  57. }
  58. @Override
  59. public boolean supports(ConfigAttribute attribute) {
  60. return true;
  61. }
  62. @Override
  63. public boolean supports(Class<?> clazz) {
  64. return true;
  65. }
  66. private Boolean matchPermitAllUrl(HttpServletRequest request) {
  67. if (matchers("/swagger/**", request)
  68. || matchers("/v2/**", request)
  69. || matchers("/swagger-ui.html/**", request)
  70. || matchers("/swagger-resources/**", request)
  71. || matchers("/webjars/**", request)
  72. || matchers("/druid/**", request)
  73. || matchers("/actuator/**", request)
  74. || matchers("/hystrix/**", request)
  75. || matchers("/sys/user/getJwt", request)
  76. || matchers("/sys/user/refreshJwt", request)
  77. || matchers("/sys/user/checkToken", request)
  78. //|| matchers("/sys/user/getUserOrgMenu", request)
  79. || matchers("/oauth/token", request)
  80. || matchers("/oauth/check_token", request)
  81. || matchers("/tran/mappingConfig/exportExcelModule", request)
  82. || matchers("/tran/mappingConfig/dataVerify", request)
  83. || matchers("/tran/mappingConfig/precDataMatch", request)
  84. || matchers("/tran/mappingConfig/precDataMatch_remote", request)
  85. || matchers("/tran/mappingConfig/importExcel", request)
  86. || matchers("/tran/mappingConfig/exportExcel", request)
  87. || matchers("/tran/mappingConfig/exportExcel_remote", request)
  88. || matchers("/tran/mappingConfig/getPage", request)
  89. || matchers("/tran/mappingConfig/getRecord", request)
  90. || matchers("/tran/mappingConfig/getRelatedMapping", request)
  91. || matchers("/tran/mappingConfig/isExistRecord", request)
  92. || matchers("/tran/mappingConfig/saveOrUpdateRecord", request)
  93. || matchers("/tran/mappingConfig/deleteRecord", request)
  94. || matchers("/tran/mappingConfig/deleteRecords", request)
  95. //|| matchers("/tran/hospitalInfo/saveRecord", request)
  96. || matchers("/tran/hospitalInfo/getHospitalInfo", request)
  97. || matchers("/tran/hospitalInfo/getAllHospitalInfo", request)
  98. || matchers("/tran/hospitalInfo/getAllEnableHospitalInfo", request)
  99. || matchers("/tran/hospitalInfo/getHospitalInfoById", request)
  100. || matchers("/sys/versionInfo/getVersionInfoAlls", request)
  101. || matchers("/sys/disclaimerInfo/getDisclaimerInfo", request)
  102. || matchers("/sys/mr/createMr", request)
  103. || matchers("/sys/mr/getMr", request)
  104. || matchers("/sys/mr/getTcmMr", request)
  105. || matchers("/sys/mr/getIndicationMr", request)
  106. || matchers("/sys/plan/getSysPlanInfoDatas", request)
  107. || matchers("/sys/mrqc/analyze_run", request)
  108. || matchers("/sys/tokenPermission/delPermission", request)
  109. || matchers("/sys/tokenPermission/getPermission", request)
  110. || matchers("/sys/push/push", request)
  111. || matchers("/sys/push/pushApi", request)
  112. || matchers("/sys/push/indicationPush", request)
  113. || matchers("/sys/push/indicationExtPush", request)
  114. || matchers("/sys/push/pushPlan", request)
  115. || matchers("/demo/templateInfo/updateByIdUsNames", request)
  116. || matchers("/demo/templateInfo/saveTemplateInfo", request)
  117. || matchers("/demo/templateInfo/cancelTemplateInfos", request)
  118. || matchers("/demo/templateInfo/getTemplatePageAlls", request)
  119. || matchers("/demo/templateInfo/getTemplatebyId", request)
  120. || matchers("/sys/plan/getPlanInfoPages", request)
  121. /*|| matchers("/sys/plan/savePlanInfoDatas", request)
  122. || matchers("/sys/plan/getSysPlanInfoDatas", request)
  123. || matchers("/sys/plan/cancelPlanDatas", request)*/
  124. //|| matchers("/sys/plan/revStopPlans", request)
  125. || matchers("/sys/tokenHospital/getTokenHospital", request)
  126. || matchers("/demo/retrieval/index", request)
  127. || matchers("/kl/conceptInfo/staticKnowledgeIndex", request)
  128. || matchers("/kl/conceptInfo/staticKnowledgeIndexWithoutInfo", request)
  129. || matchers("/kl/conceptInfo/getStaticKnowledge", request)
  130. || matchers("/kl/conceptInfo/getStaticKnowledgeForHIS", request)
  131. || matchers("/kl/conceptInfo/getPage", request)
  132. || matchers("/kl/conceptInfo/staticIndexPage", request)
  133. //|| matchers("/kl/conceptInfo/saveOrUpdateRecord", request)
  134. //|| matchers("/kl/conceptInfo/changeStatus", request)
  135. || matchers("/kl/conceptInfo/isExist", request)
  136. || matchers("/kl/conceptInfo/getRecordById", request)
  137. || matchers("/kl/conceptInfo/updateHasInfoStatusBatch", request)
  138. || matchers("/sys/planDetail/getPlanDetailDatas", request)
  139. /*|| matchers("/sys/planDetail/savePlanDetails", request)
  140. || matchers("/sys/planDetail/cancelPlanDetails", request)
  141. || matchers("/sys/planDetail/revStopPlanDetails", request)
  142. || matchers("/sys/plan/getDefaultPlans", request)*/
  143. || matchers("/sys/dictionaryInfo/getList", request)
  144. || matchers("/sys/dictionaryInfo/getListBack", request)
  145. || matchers("/sys/plan/getPlanInfoIds", request)
  146. || matchers("/sys/file/uploadImage", request)
  147. || matchers("/sys/file/deleteRemoteFile", request)
  148. || matchers("/sys/mrqc/caseWritingPrompt", request)
  149. || matchers("/demo/testcaseInfo/testcaseProcess", request)
  150. || matchers("/demo/mrtestInfo/importExcel", request)
  151. || matchers("/demo/mrtestInfo/exportExcel", request)
  152. || matchers("/demo/mrtestInfo/mrTestProcess", request)
  153. || matchers("/kl/dictionary/getDictionarys", request)
  154. || matchers("/klRulePlan/getMenu", request)
  155. || matchers("/klRule/getKlRuleInfoPage", request)
  156. || matchers("/klRule/getByIdRuleInfo", request)
  157. || matchers("/klRule/saveRuleInfo", request)
  158. || matchers("/klRule/clearRuleInfo", request)
  159. || matchers("/klRule/disableRuleInfo", request)
  160. || matchers("/klRule/startRuleInfo", request)
  161. || matchers("/klDisease/searchConcept", request)
  162. || matchers("/cache/clearRuleAll", request)
  163. || matchers("/term/termMatching", request)
  164. || matchers("/", request)) {
  165. return true;
  166. }
  167. return false;
  168. }
  169. private boolean matchers(String url, HttpServletRequest request) {
  170. AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
  171. if (matcher.matches(request)) {
  172. return true;
  173. }
  174. return false;
  175. }
  176. }