`

spring2.5 的 security 权限验证

springsecurity 
阅读更多

 

package com.hd.security.service;
002  
003 import java.io.File;
004 import java.util.HashMap;
005 import java.util.Iterator;
006 import java.util.List;
007 import java.util.Map;
008 import java.util.Set;
009  
010 import javax.annotation.Resource;
011  
012 import org.dom4j.Document;
013 import org.dom4j.DocumentException;
014 import org.dom4j.Element;
015 import org.dom4j.io.SAXReader;
016 import org.hibernate.SessionFactory;
017 import org.springframework.dao.DataAccessException;
018 import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
019 import org.springframework.security.userdetails.UserDetails;
020 import org.springframework.security.userdetails.UserDetailsService;
021 import org.springframework.security.userdetails.UsernameNotFoundException;
022 import org.springframework.stereotype.Repository;
023  
024 import com.hd.comm.constants.Authtype;
025 import com.hd.comm.constants.EncodeType;
026 import com.hd.comm.constants.XmlAssistType;
027 import com.hd.department.model.Authorities;
028 import com.hd.department.model.Role;
029 import com.hd.department.model.User;
030 import com.hd.security.core.SecurityManager;
031 import com.hd.util.SecurityAssist;
032 import com.hd.util.SystemAssist;
033 import com.hd.util.XmlAssist;
034  
035 @Repository("securityManager")
036 public class SecurityManagerImpl extends HibernateDaoSupport implements UserDetailsService ,SecurityManager{
037  
038     @Resource(name="sf")
039     public void setSuperSessionFactory(SessionFactory sessionFactory) {
040         super.setSessionFactory(sessionFactory);
041     }
042     /**
043      * 得到用户通过用户的CODE
044      */
045     @SuppressWarnings("unchecked")
046     @Override
047     public UserDetails loadUserByUsername(String username)throws UsernameNotFoundException, DataAccessException {
048          
049         List<User> users = getHibernateTemplate().find("FROM syuser WHERE username = ? AND disabled = "+false, username);
050         if(users.isEmpty()) {  
051             System.out.println("User is not exist");
052             throw new UsernameNotFoundException("User " + username + " 没有相应的权限");  
053         }
054         User user = users.get(0);
055         user.getAuthorities();
056         Set<Role> roles = user.getRoles();
057         for(Role role : roles){
058             System.out.println("装在用户["+user.getChineseName()+"]角色 ["+role.getRoleName()+"]权限集合"+role.getAuthorities());
059         }
060         //创建用户菜单
061         createUserMenu(user);
062         return user ;
063     }
064     /**
065      * 得到是有URL资源
066      */
067     @Override
068     public Map<String, String> loadUrlAuthorities() {
069         Map<String, String> urlAuthorities = new HashMap<String, String>();  
070         @SuppressWarnings("unchecked")
071         List<Authorities> urlResources = getHibernateTemplate().find("FROM Authorities WHERE authtype = ?", Authtype.URL);  
072         for(Authorities resource : urlResources) {  
073             urlAuthorities.put(resource.getAuthCode(), resource.getAuthValue());  
074         }  
075         return urlAuthorities;  
076     }
077     @SuppressWarnings("rawtypes")
078     @Override
079     public void createUserMenu(User user) {
080         try {
081             //装在MENU总文件准备筛选
082             SAXReader reader = new SAXReader();
083             Document allMenuDoc = reader.read(new File(SystemAssist.getSysRootPath()+XmlAssistType.SYSALLMENU.showInfo));
084             String path = SystemAssist.getSysRootPath()+XmlAssistType.USERMENU.showInfo+user.getUsername()+"-menu.xml";
085             if(!"admin".equals(user.getUsername())){
086                 Authtype[] authtypes = new Authtype[1];
087                 authtypes[0] = Authtype.MENU;
088                 Set<Authorities> authorities = SecurityAssist.getCurrentUserAuth(authtypes,user);
089                 List list = allMenuDoc.selectNodes("//*[@id]");
090                 Iterator it = list.iterator();  
091                 while (it.hasNext()) {  
092                     Element elt = (Element)it.next();
093                     boolean boo = false;
094                     for(Authorities auth : authorities){
095                         if(elt.attribute("id").getValue().equals(auth.getAuthValue())){
096                             boo = true;
097                         }
098                     }
099                     if(!boo){
100                         elt.detach();  
101                     }
102                 }
103                 XmlAssist.createXML(allMenuDoc, EncodeType.UTF8.showInfo, path);
104             }else{
105                 XmlAssist.createXML(allMenuDoc, EncodeType.UTF8.showInfo, path);
106             }
107         } catch (DocumentException e) {
108             System.out.println(e);
109         }       
110     }
111
分享到:
| Oracle递归树select...start with... con ...
评论
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

Magicbox
Global site tag (gtag.js) - Google Analytics