|
@@ -0,0 +1,71 @@
|
|
|
+package com.diagbot.config.security;
|
|
|
+
|
|
|
+import org.springframework.security.access.AccessDecisionManager;
|
|
|
+import org.springframework.security.access.AccessDeniedException;
|
|
|
+import org.springframework.security.access.ConfigAttribute;
|
|
|
+import org.springframework.security.authentication.InsufficientAuthenticationException;
|
|
|
+import org.springframework.security.core.Authentication;
|
|
|
+import org.springframework.security.core.GrantedAuthority;
|
|
|
+import org.springframework.security.web.FilterInvocation;
|
|
|
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
|
|
+import org.springframework.stereotype.Service;
|
|
|
+
|
|
|
+import javax.servlet.http.HttpServletRequest;
|
|
|
+import java.util.Collection;
|
|
|
+
|
|
|
+
|
|
|
+/**
|
|
|
+ * @Description: 自定义权限拦截
|
|
|
+ * @author: gaodm
|
|
|
+ * @time: 2018/8/23 13:46
|
|
|
+ */
|
|
|
+@Service
|
|
|
+public class UrlAccessDecisionManager implements AccessDecisionManager {
|
|
|
+ @Override
|
|
|
+ public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
|
|
|
+ HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
|
|
|
+ String url, method;
|
|
|
+ if ("anonymousUser".equals(authentication.getPrincipal())
|
|
|
+ && (matchers("/swagger/**", request)
|
|
|
+ || matchers("/v2/**", request)
|
|
|
+ || matchers("/webjars/**", request)
|
|
|
+ || matchers("/druid/**", request)
|
|
|
+ || matchers("/actuator/**", request)
|
|
|
+ || matchers("/hystrix/**", request)
|
|
|
+ || matchers("/", request))) {
|
|
|
+ return;
|
|
|
+ } else {
|
|
|
+ for (GrantedAuthority ga : authentication.getAuthorities()) {
|
|
|
+ String[] authority = ga.getAuthority().split(";");
|
|
|
+ url = authority[0];
|
|
|
+ method = authority[1];
|
|
|
+ if (matchers(url, request)) {
|
|
|
+ if (method.equals(request.getMethod()) || "ALL".equals(method)) {
|
|
|
+ return;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ throw new AccessDeniedException("no right");
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ @Override
|
|
|
+ public boolean supports(ConfigAttribute attribute) {
|
|
|
+ return true;
|
|
|
+ }
|
|
|
+
|
|
|
+ @Override
|
|
|
+ public boolean supports(Class<?> clazz) {
|
|
|
+ return true;
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ private boolean matchers(String url, HttpServletRequest request) {
|
|
|
+ AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
|
|
|
+ if (matcher.matches(request)) {
|
|
|
+ return true;
|
|
|
+ }
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+}
|