實作從url獲取路徑變數的投票者-有解無憂

我正在嘗試實作這一點：https : //docs.spring.io/spring-security/site/docs/4.2.x/reference/html/el-access.html#el-access-web-path-variables但老師明確告訴我們使用 spring-security 4.0.4（因為與 spring 框架 4.2.5 的傳遞依賴沖突），我已經廣泛搜索了如何創建可以獲取路徑變數的 AccessDecisionVoter 但到目前為止這是我唯一想到的是 spring 安全訪問決策投票者的投票方法中物件引數的實際型別是什么，我不知道這是否確實是最好的方法，因為這個答案是針對 Spring Security 3.1 的。

uj5u.com熱心網友回復：

通過編碼我自己的 AccessDecisionVoter 解決了這個問題：

public class CourseVoter implements AccessDecisionVoter<FilterInvocation> {

    @Autowired
    private CourseService courseService;

    @Autowired
    private AuthFacade authFacade;

    @Autowired
    private FileService fileService;

    static final Pattern GET_FILE_PATTERN = Pattern.compile("/files/(\\d )");
    static final Pattern UPLOAD_FILE_PATTERN = Pattern.compile("/course/(\\d )/files");
    static final Pattern UPLOAD_ANNOUNCEMENT_PATTERN = Pattern.compile("/course/(\\d )/announcements");
    static final Pattern GET_COURSE_PATTERN = Pattern.compile("/course/(\\d )");

    @Override
    public boolean supports(ConfigAttribute attribute) {
        return false;
    }

    @Override
    public boolean supports(Class<?> clazz) {
        return clazz.isAssignableFrom(FilterInvocation.class);
    }

    @Override
    public int vote(Authentication authentication, FilterInvocation fi, Collection<ConfigAttribute> attributes) {
        final String url = fi.getRequestUrl();
        final String method = fi.getHttpRequest().getMethod();
        Matcher getCourseMatcher = GET_COURSE_PATTERN.matcher(url);
        Matcher getFileMatcher = GET_FILE_PATTERN.matcher(url);
        Matcher uploadFileMatcher = UPLOAD_FILE_PATTERN.matcher(url);
        Matcher uploadAnnouncementMatcher = UPLOAD_ANNOUNCEMENT_PATTERN.matcher(url);
        if(getFileMatcher.find()) return voteFileAccess(authentication, getMappingValue(getFileMatcher));
        if(method.equals("POST") && uploadAnnouncementMatcher.find()) return voteCoursePrivileges(authentication, getMappingValue(uploadAnnouncementMatcher));
        if(method.equals("POST") && uploadFileMatcher.find()) return voteCoursePrivileges(authentication, getMappingValue(uploadFileMatcher));
        if(getCourseMatcher.find()) return voteCourseAccess(authentication, getMappingValue(getCourseMatcher));
        return ACCESS_ABSTAIN;
    }

    private Long getMappingValue(Matcher m) {
        return Long.valueOf(m.group(1));
    }

    private boolean isAdminOrAnonymous(Authentication authentication) {
        if(authentication instanceof AnonymousAuthenticationToken) return true;
        User user = authFacade.getCurrentUser();
        return user.isAdmin();
    }

    private int voteFileAccess(Authentication authentication, Long fileId) {
        if(isAdminOrAnonymous(authentication)) return ACCESS_DENIED;
        return fileService.hasAccess(fileId, authFacade.getCurrentUserId()) ? ACCESS_GRANTED : ACCESS_DENIED;
    }

    private int voteCourseAccess(Authentication authentication, Long courseId) {
        if(isAdminOrAnonymous(authentication)) return ACCESS_DENIED;
        return courseService.belongs(authFacade.getCurrentUserId(), courseId) ? ACCESS_GRANTED : ACCESS_DENIED;
    }

    private int voteCoursePrivileges(Authentication authentication, Long courseId) {
        if(isAdminOrAnonymous(authentication)) return ACCESS_DENIED;
        return courseService.isPrivileged(authFacade.getCurrentUserId(), courseId) ? ACCESS_GRANTED : ACCESS_DENIED;
    }
}

轉載請註明出處，本文鏈接：https://www.uj5u.com/qiye/333744.html

標籤：春天弹簧 mvc 弹簧安全

上一篇：當試圖在pageload的5秒后顯示tippy.js時，instance.show不是一個函式錯誤。

下一篇：Javascript如何隨機選擇特定數量的物體？