| Blog信息 |
|
blog名称:
日志总数:1304
评论数量:2242
留言数量:5
访问次数:7645920
建立时间:2006年5月29日 |
| |
|
 [Hibernate]Acegi+hibernate 动态实现基于角色的权限管理(3)
软件技术, 电脑与网络
lhwork 发表于 2006/6/13 11:36:06 |
| 以下是我的标志实现,大致思路是 根据 页面 的传来的 方法名(即
FunctionName)查询出对应的Functions,并且包装成grantedFunctions
,然后根据用户的角色查询出用户对应的Functions ,再取这两个集合的交集,最后再根据这个集合是否为空判断是否显示标志体的内容。
1 package sample.auth; 2 import java.util.Arrays; 3 import java.util.Collection; 4 import java.util.Collections; 5 import java.util.HashSet; 6 import java.util.Iterator; 7 import java.util.List; 8 import java.util.Set; 9 10 import javax.servlet.jsp.JspException; 11 import javax.servlet.jsp.tagext.Tag; 12 import javax.servlet.jsp.tagext.TagSupport; 13 14 import org.acegisecurity.Authentication; 15 import org.acegisecurity.GrantedAuthority; 16 import org.acegisecurity.context.SecurityContextHolder; 17 import org.springframework.util.StringUtils; 18 import org.springframework.web.util.ExpressionEvaluationUtils; 19 20 import sample.web.action.AppContext; 21 /** 22 * 23 * @author limq 24 * 25 */ 26 public class AuthorizeActionTag extends TagSupport{ 27 28 private String ifAllGranted = ""; 29 private String ifAnyGranted = ""; 30 private String ifNotGranted = ""; 31 32 public void setIfAllGranted(String ifAllGranted) throws JspException { 33 this.ifAllGranted = ifAllGranted; 34 } 35 36 public String getIfAllGranted() { 37 return ifAllGranted; 38 } 39 40 public void setIfAnyGranted(String ifAnyGranted) throws JspException { 41 this.ifAnyGranted = ifAnyGranted; 42 } 43 44 public String getIfAnyGranted() { 45 return ifAnyGranted; 46 } 47 48 public void setIfNotGranted(String ifNotGranted) throws JspException { 49 this.ifNotGranted = ifNotGranted; 50 } 51 52 public String getIfNotGranted() { 53 return ifNotGranted; 54 } 55 56 public int doStartTag() throws JspException { 57 if (((null == ifAllGranted) || "".equals(ifAllGranted)) 58 && ((null == ifAnyGranted) || "".equals(ifAnyGranted)) 59 && ((null == ifNotGranted) || "".equals(ifNotGranted))) { 60 return Tag.SKIP_BODY; 61 } 62 63 final Collection granted = getPrincipalFunctionByAuthorities(); 64 65 final String evaledIfNotGranted = ExpressionEvaluationUtils 66 .evaluateString("ifNotGranted", ifNotGranted, pageContext); 67 68 if ((null != evaledIfNotGranted) && !"".equals(evaledIfNotGranted)) { 69 Set grantedCopy = retainAll(granted, 70 parseSecurityString(evaledIfNotGranted)); 71 72 if (!grantedCopy.isEmpty()) { 73 return Tag.SKIP_BODY; 74 } 75 } 76 77 final String evaledIfAllGranted = ExpressionEvaluationUtils 78 .evaluateString("ifAllGranted", ifAllGranted, pageContext); 79 80 if ((null != evaledIfAllGranted) && !"".equals(evaledIfAllGranted)) { 81 if (!granted.containsAll(parseSecurityString(evaledIfAllGranted))) { 82 return Tag.SKIP_BODY; 83 } 84 } 85 86 final String evaledIfAnyGranted = ExpressionEvaluationUtils 87 .evaluateString("ifAnyGranted", ifAnyGranted, pageContext); 88 89 if ((null != evaledIfAnyGranted) && !"".equals(evaledIfAnyGranted)) { 90 Set grantedCopy = retainAll(granted, 91 parseSecurityString(evaledIfAnyGranted)); 92 93 if (grantedCopy.isEmpty()) { 94 return Tag.SKIP_BODY; 95 } 96 } 97 98 return Tag.EVAL_BODY_INCLUDE; 99 } 100 /** 101 * 得到用户的Authentication,并且从Authentication中获得 Authorities,进而得到 授予用户的 Function 102 * @return 103 */ 104 private Collection getPrincipalFunctionByAuthorities() { 105 106 107 Authentication currentUser = SecurityContextHolder.getContext() 108 .getAuthentication(); 109 if (null == currentUser) { 110 return Collections.EMPTY_LIST; 111 } 112 113 if ((null == currentUser.getAuthorities()) 114 || (currentUser.getAuthorities().length < 1)) { 115 return Collections.EMPTY_LIST; 116 } 117 // currentUser.getAuthorities() 返回的是 GrantedAuthority[] 118 List granted = Arrays.asList(currentUser.getAuthorities()); 119 AuthDao authDao =(AuthDao) AppContext.getInstance().getAppContext().getBean("authDao"); 120 Collection grantedFunctions = authDao.getFunctionsByRoles(granted); 121 return grantedFunctions; 122 } 123 124 /** 125 * 得到用户功能(Function)的集合,并且验证是否合法 126 * @param c Collection 类型 127 * @return Set类型 128 */ 129 private Set SecurityObjectToFunctions(Collection c) { 130 Set target = new HashSet(); 131 132 for (Iterator iterator = c.iterator(); iterator.hasNext();) { 133 GrantedFunction function = (GrantedFunction) iterator.next(); 134 135 if (null == function.getFunction()) { 136 throw new IllegalArgumentException( 137 "Cannot process GrantedFunction objects which return null from getFunction() - attempting to process " 138 + function.toString()); 139 } 140 141 target.add(function.getFunction()); 142 } 143 144 return target; 145 } 146 147 /** 148 * 处理页面标志属性 ,用' ,'区分 149 */ 150 private Set parseSecurityString(String functionsString) { 151 final Set requiredFunctions = new HashSet(); 152 final String[] functions = StringUtils 153 .commaDelimitedListToStringArray(functionsString); 154 155 for (int i = 0; i < functions.length; i++) { 156 String authority = functions[i]; 157 158 // Remove the role's whitespace characters without depending on JDK 1.4+ 159 // Includes space, tab, new line, carriage return and form feed. 160 String function = StringUtils.replace(authority, " ", ""); 161 function = StringUtils.replace(function, "\t", ""); 162 function = StringUtils.replace(function, "\r", ""); 163 function = StringUtils.replace(function, "\n", ""); 164 function = StringUtils.replace(function, "\f", ""); 165 166 requiredFunctions.add(new GrantedFunctionImpl(function)); 167 } 168 169 return requiredFunctions; 170 } 171 /** 172 * 获得用户所拥有的Function 和 要求的 Function 的交集 173 * @param granted 用户已经获得的Function 174 * @param required 所需要的Function 175 * @return 176 */ 177 178 private Set retainAll(final Collection granted, final Set required) { 179 Set grantedFunction = SecurityObjectToFunctions(granted); 180 Set requiredFunction = SecurityObjectToFunctions(required); 181 // retailAll() 获得 grantedFunction 和 requiredFunction 的交集 182 // 即删除 grantedFunction 中 除了 requiredFunction 的项 183 grantedFunction.retainAll(requiredFunction); 184 185 return rolesToAuthorities(grantedFunction, granted); 186 } 187 188 /** 189 * 190 * @param grantedFunctions 已经被过滤过的Function 191 * @param granted 未被过滤过的,即用户所拥有的Function 192 * @return 193 */ 194 private Set rolesToAuthorities(Set grantedFunctions, Collection granted) { 195 Set target = new HashSet(); 196 197 for (Iterator iterator = grantedFunctions.iterator(); iterator.hasNext();) { 198 String function = (String) iterator.next(); 199 200 for (Iterator grantedIterator = granted.iterator(); 201 grantedIterator.hasNext();) { 202 GrantedFunction grantedFunction = (GrantedFunction) grantedIterator 203 .next(); 204 205 if (grantedFunction.getFunction().equals(function)) { 206 target.add(grantedFunction); 207 208 break; 209 } 210 } 211 } 212 213 return target; 214 } 215 } 216 217 再说明一下吧,通过 AppContext 获得了Spring的上下文,以及AuthDao(实际意义上讲以不再是单纯的Dao,应该是Service)
500)this.width=500'>package sample.auth; 500)this.width=500'>500)this.width=500'>import java.util.Collection; 500)this.width=500'>500)this.width=500'>public interface AuthDao 500)this.width=500'>{ 500)this.width=500'>500)this.width=500'>500)this.width=500'> /** *//** 500)this.width=500'> * 根据用户的角色集合 得到 用户的 操作权限 500)this.width=500'> * @param granted 已授予用户的角色集合 500)this.width=500'> * @return 操作权限的集合 500)this.width=500'> */ 500)this.width=500'> public Collection getFunctionsByRoles(Collection granted); 500)this.width=500'>} 500)this.width=500'>以下是AuthDao 的实现
package sample.auth; import java.util.Collection; import java.util.HashSet; import java.util.Iterator; import java.util.Set; import org.acegisecurity.GrantedAuthority; import sample.auth.cache.FunctionCache; import sample.auth.cache.info.RoleByNameCache; import sample.dao.IBaseDao; import sample.mappings.function.Function; import sample.mappings.role.Role; public class AuthDaoImpl implements AuthDao { private IBaseDao baseDao; private FunctionCache cache; private RoleByNameCache roleCache; public RoleByNameCache getRoleCache() { return roleCache; } public void setRoleCache(RoleByNameCache roleCache) { this.roleCache = roleCache; } public FunctionCache getCache() { return cache; } public void setCache(FunctionCache cache) { this.cache = cache; } public IBaseDao getBaseDao() { return baseDao; } public void setBaseDao(IBaseDao baseDao) { this.baseDao = baseDao; } public Collection getFunctionsByRoles(Collection granted) { Set set = new HashSet(); if(null == granted) throw new IllegalArgumentException("Granted Roles cannot be null"); for(Iterator it = granted.iterator();it.hasNext();){ GrantedAuthority grantedAuthority = (GrantedAuthority)it.next(); Role role = roleCache.getRoleByRoleNameCache(grantedAuthority.getAuthority()); // if(role == null){ role = (Role)baseDao.loadByKey(Role.class, "name", grantedAuthority.getAuthority()); roleCache.putRoleInCache(role); } GrantedFunction[] grantedFunctions = cache.getFunctionFromCache(role.getName()); if(grantedFunctions == null){ Set functions = role.getFunctions(); for(Iterator it2 = functions.iterator();it2.hasNext();){ Function function = (Function)it2.next(); GrantedFunction grantedFunction = new GrantedFunctionImpl(function.getName()); set.add( grantedFunction ); } grantedFunctions = (GrantedFunction[]) set.toArray(new GrantedFunction[0]); cache.putFuncitonInCache(role.getName(),grantedFunctions); } for(int i = 0 ; i < grantedFunctions.length; i++){ GrantedFunction grantedFunction = grantedFunctions[i]; set.add(grantedFunction); } } return set; } } |
|
|