|
@@ -23,26 +23,26 @@ import java.util.Collection;
|
|
|
public class UrlAccessDecisionManager implements AccessDecisionManager {
|
|
|
@Override
|
|
|
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
|
|
|
- HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
|
|
|
- String url, method;
|
|
|
- if (matchPermitAllUrl(request)) {
|
|
|
- return;
|
|
|
- }
|
|
|
- if ("anonymousUser".equals(authentication.getPrincipal())) {
|
|
|
- throw new AccessDeniedException("no right");
|
|
|
- } else {
|
|
|
- for (GrantedAuthority ga : authentication.getAuthorities()) {
|
|
|
- String[] authority = ga.getAuthority().split(";");
|
|
|
- url = authority[0];
|
|
|
- method = authority[1];
|
|
|
- if (matchers(url, request)) {
|
|
|
- if (method.equals(request.getMethod()) || "ALL".equals(method)) {
|
|
|
- return;
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- throw new AccessDeniedException("no right");
|
|
|
+// HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
|
|
|
+// String url, method;
|
|
|
+// if (matchPermitAllUrl(request)) {
|
|
|
+// return;
|
|
|
+// }
|
|
|
+// if ("anonymousUser".equals(authentication.getPrincipal())) {
|
|
|
+// throw new AccessDeniedException("no right");
|
|
|
+// } else {
|
|
|
+// for (GrantedAuthority ga : authentication.getAuthorities()) {
|
|
|
+// String[] authority = ga.getAuthority().split(";");
|
|
|
+// url = authority[0];
|
|
|
+// method = authority[1];
|
|
|
+// if (matchers(url, request)) {
|
|
|
+// if (method.equals(request.getMethod()) || "ALL".equals(method)) {
|
|
|
+// return;
|
|
|
+// }
|
|
|
+// }
|
|
|
+// }
|
|
|
+// }
|
|
|
+// throw new AccessDeniedException("no right");
|
|
|
}
|
|
|
|
|
|
|