public/MaxKey
1
0
Fork 0
mirror of https://gitee.com/dromara/MaxKey.git synced 2026-05-14 20:50:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

RoleAdministrators 权限控制

Browse Source
This commit is contained in:
Crystal.Sea
2020-10-31 21:54:13 +08:00
parent 4c772d7a70
commit 83887ca2ff
5 changed files with 47 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
View File

@@ -17,6 +17,8 @@
package org.maxkey.authn;
import java.util.ArrayList;
import org.maxkey.authn.online.OnlineTicketServices;
import org.maxkey.authn.realm.AbstractAuthenticationRealm;
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
@@ -35,6 +37,8 @@ import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
/**
* login Authentication abstract class.
@@ -65,6 +69,12 @@ public abstract class AbstractAuthenticationProvider {
@Autowired
@Qualifier("onlineTicketServices")
protected OnlineTicketServices onlineTicketServices;
static ArrayList<GrantedAuthority> grantedAdministratorsAuthoritys = new ArrayList<GrantedAuthority>();
static {
grantedAdministratorsAuthoritys.add(new SimpleGrantedAuthority("ROLE_ADMINISTRATORS"));
}
protected abstract String getProviderName();

16
maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java
View File

@@ -23,7 +23,6 @@ import java.util.Collection;
import org.maxkey.authn.online.OnlineTicket;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
public class BasicAuthentication implements Authentication {
@@ -39,14 +38,12 @@ public class BasicAuthentication implements Authentication {
OnlineTicket onlineTicket;
ArrayList<GrantedAuthority> grantedAuthority;
boolean authenticated;
boolean roleAdministrators;
/**
* BasicAuthentication.
*/
public BasicAuthentication() {
grantedAuthority = new ArrayList<GrantedAuthority>();
grantedAuthority.add(new SimpleGrantedAuthority("ROLE_USER"));
grantedAuthority.add(new SimpleGrantedAuthority("ORDINARY_USER"));
}
/**
@@ -56,9 +53,6 @@ public class BasicAuthentication implements Authentication {
this.username = username;
this.password = password;
this.authType = authType;
grantedAuthority = new ArrayList<GrantedAuthority>();
grantedAuthority.add(new SimpleGrantedAuthority("ROLE_USER"));
grantedAuthority.add(new SimpleGrantedAuthority("ORDINARY_USER"));
}
@Override
public String getName() {
@@ -177,6 +171,14 @@ public class BasicAuthentication implements Authentication {
this.onlineTicket = onlineTicket;
}
public boolean isRoleAdministrators() {
return roleAdministrators;
}
public void setRoleAdministrators(boolean roleAdministrators) {
this.roleAdministrators = roleAdministrators;
}
@Override
public String toString() {
StringBuilder builder = new StringBuilder();

18
maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
View File

@@ -17,6 +17,8 @@
package org.maxkey.authn;
import java.util.ArrayList;
import org.maxkey.authn.online.OnlineTicket;
import org.maxkey.domain.UserInfo;
import org.maxkey.web.WebConstants;
@@ -26,6 +28,8 @@ import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
@@ -157,13 +161,25 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId,authentication);
this.onlineTicketServices.store(onlineTickitId, onlineTicket);
authentication.setOnlineTicket(onlineTicket);
ArrayList<GrantedAuthority> grantedAuthoritys = authenticationRealm.grantAuthority(userInfo);
//set default roles
grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_USER"));
grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_ORDINARY_USER"));
authentication.setAuthenticated(true);
for(GrantedAuthority grantedAuthority : grantedAuthoritys) {
if(grantedAdministratorsAuthoritys.contains(grantedAuthority)) {
authentication.setRoleAdministrators(true);
_logger.trace("ROLE ADMINISTRATORS Authentication .");
}
}
UsernamePasswordAuthenticationToken authenticationToken =
new UsernamePasswordAuthenticationToken(
authentication,
"PASSWORD",
authenticationRealm.grantAuthority(userInfo)
grantedAuthoritys
);
authenticationToken.setDetails(

32
maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java
View File

@@ -17,22 +17,19 @@
package org.maxkey.web.interceptor;
import java.util.ArrayList;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.BasicAuthentication;
import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.web.WebContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
/**
@@ -52,11 +49,6 @@ public class PermissionAdapter extends HandlerInterceptorAdapter {
static ConcurrentHashMap<String ,String >navigationsMap=null;
static ArrayList<GrantedAuthority> grantedAuthoritys = new ArrayList<GrantedAuthority>();
static {
grantedAuthoritys.add(new SimpleGrantedAuthority("ADMINISTRATORS"));
}
/*
* 请求前处理
* (non-Javadoc)
@@ -74,20 +66,14 @@ public class PermissionAdapter extends HandlerInterceptorAdapter {
dispatcher.forward(request, response);
return false;
}
boolean isGrantedAuthority = false;
for(GrantedAuthority grantedAuthority : grantedAuthoritys) {
if(WebContext.getAuthentication().getAuthorities().contains(grantedAuthority)) {
isGrantedAuthority = true;
_logger.trace("ADMINISTRATORS Authentication .");
}
}
if(!isGrantedAuthority) {
RequestDispatcher dispatcher = request.getRequestDispatcher("/logout");
dispatcher.forward(request, response);
return false;
}
//非管理员用户直接注销
if (!((BasicAuthentication) WebContext.getAuthentication().getPrincipal()).isRoleAdministrators()) {
_logger.debug("Not ADMINISTRATORS Authentication .");
RequestDispatcher dispatcher = request.getRequestDispatcher("/logout");
dispatcher.forward(request, response);
return false;
}
boolean hasAccess=true;

3
maxkey-web-maxkey/src/main/resources/templates/views/layout/top.ftl
View File

@@ -40,12 +40,13 @@
<div style="float:right;" >&nbsp;&nbsp;<@locale code="login.password.changepassword"/>&nbsp;&nbsp;</div>
</a>
</td>
<#if Session["current_authentication"].principal.roleAdministrators==true >
<td id="manage" nowrap>
<a target="_blank" href="<@base/>/authz/maxkey_mgt">
<div style="float:right;" >&nbsp;&nbsp;<@locale code="global.text.manage"/>&nbsp;&nbsp;</div>
</a>
</td>
</#if>
<td id="logout" class="ui-widget-header" >
<a href="<@base/>/logout?reLoginUrl=login">
<div style="float:right;" >&nbsp;&nbsp;<@locale code="global.text.logout"/>&nbsp;&nbsp;</div>