Java Code Examples for org.springframework.security.access.ConfigAttribute#getAttribute()

The following examples show how to use org.springframework.security.access.ConfigAttribute#getAttribute() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SecurityAccessDecisionManager.java    From cola-cloud with MIT License 6 votes vote down vote up
@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
    if(null== configAttributes || configAttributes.size() <=0) {
        return;
    }
    ConfigAttribute c;
    String needRole;
    for (ConfigAttribute configAttribute : configAttributes) {
        c = configAttribute;
        needRole = c.getAttribute();
        //authentication 为在注释1 中循环添加到 GrantedAuthority 对象中的权限信息集合
        for (GrantedAuthority ga : authentication.getAuthorities()) {
            if (needRole.trim().equals(ga.getAuthority())) {
                return;
            }
        }
    }
    throw new AccessDeniedException("访问被拒绝,权限不足");
}
 
Example 2
Source File: DynamicAccessDecisionManager.java    From mall with Apache License 2.0 6 votes vote down vote up
@Override
public void decide(Authentication authentication, Object object,
                   Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
    // 当接口未被配置资源时直接放行
    if (CollUtil.isEmpty(configAttributes)) {
        return;
    }
    Iterator<ConfigAttribute> iterator = configAttributes.iterator();
    while (iterator.hasNext()) {
        ConfigAttribute configAttribute = iterator.next();
        //将访问所需资源或用户拥有资源进行比对
        String needAuthority = configAttribute.getAttribute();
        for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) {
            if (needAuthority.trim().equals(grantedAuthority.getAuthority())) {
                return;
            }
        }
    }
    throw new AccessDeniedException("抱歉,您没有访问权限");
}
 
Example 3
Source File: SecurityAccessDecisionManager.java    From Auth-service with MIT License 6 votes vote down vote up
/**
 * @param authentication 用户权限
 * @param o              url
 * @param collection     所需要的权限
 * @throws AccessDeniedException
 * @throws InsufficientAuthenticationException
 */
@Override
public void decide(Authentication authentication, Object o, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException {
    logger.info("decide url and permission");
    if (collection == null) {
        return;
    }

    Iterator<ConfigAttribute> ite = collection.iterator();
    //判断用户所拥有的权限,是否符合对应的Url权限,如果实现了UserDetailsService,则用户权限是loadUserByUsername返回用户所对应的权限
    while (ite.hasNext()) {
        ConfigAttribute ca = ite.next();
        String needRole = ca.getAttribute();
        for (GrantedAuthority ga : authentication.getAuthorities()) {
            logger.info("GrantedAuthority: {}", ga);
            if (needRole.equals(ga.getAuthority())) {
                return;
            }
        }
    }
    logger.error("AccessDecisionManager: no right!");
    throw new AccessDeniedException("no right!");
}
 
Example 4
Source File: MyAccessDecisionManager.java    From itweet-boot with Apache License 2.0 6 votes vote down vote up
@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {

    if(null== configAttributes || configAttributes.size() <=0) {
        return;
    }
    ConfigAttribute c;
    String needRole;
    for(Iterator<ConfigAttribute> iter = configAttributes.iterator(); iter.hasNext(); ) {
        c = iter.next();
        needRole = c.getAttribute();
        for(GrantedAuthority ga : authentication.getAuthorities()) {
            if(needRole.trim().equals(ga.getAuthority())) {
                return;
            }
        }
    }
    throw new AccessDeniedException("no right");
}
 
Example 5
Source File: SecurityAccessDecisionManager.java    From microservice-integration with MIT License 6 votes vote down vote up
/**
 * @param authentication 用户权限
 * @param o              url
 * @param collection     所需要的权限
 * @throws AccessDeniedException
 * @throws InsufficientAuthenticationException
 */
@Override
public void decide(Authentication authentication, Object o, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException {
    logger.info("decide url and permission");
    if (collection == null) {
        return;
    }

    Iterator<ConfigAttribute> ite = collection.iterator();
    //判断用户所拥有的权限,是否符合对应的Url权限,如果实现了UserDetailsService,则用户权限是loadUserByUsername返回用户所对应的权限
    while (ite.hasNext()) {
        ConfigAttribute ca = ite.next();
        String needRole = ca.getAttribute();
        for (GrantedAuthority ga : authentication.getAuthorities()) {
            logger.info("GrantedAuthority: {}", ga);
            if (needRole.equals(ga.getAuthority())) {
                return;
            }
        }
    }
    logger.error("AccessDecisionManager: no right!");
    throw new AccessDeniedException("no right!");
}
 
Example 6
Source File: DynamicAccessDecisionManager.java    From mall-swarm with Apache License 2.0 6 votes vote down vote up
@Override
public void decide(Authentication authentication, Object object,
                   Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
    // 当接口未被配置资源时直接放行
    if (CollUtil.isEmpty(configAttributes)) {
        return;
    }
    Iterator<ConfigAttribute> iterator = configAttributes.iterator();
    while (iterator.hasNext()) {
        ConfigAttribute configAttribute = iterator.next();
        //将访问所需资源或用户拥有资源进行比对
        String needAuthority = configAttribute.getAttribute();
        for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) {
            if (needAuthority.trim().equals(grantedAuthority.getAuthority())) {
                return;
            }
        }
    }
    throw new AccessDeniedException("抱歉,您没有访问权限");
}
 
Example 7
Source File: AccessDecisionManager.java    From hermes with Apache License 2.0 6 votes vote down vote up
@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
	// 判断目标是否在权限控制内
	if (configAttributes == null) return;
	
	// 遍历权限
	for (ConfigAttribute configAttribute: configAttributes) {
		// 将权限与用户角色进行匹配
		String role = configAttribute.getAttribute();
		for (GrantedAuthority grantedAuthority: authentication.getAuthorities()) {
			Logger.debug("match between %s and %s.", role, grantedAuthority.getAuthority());
			if (Strings.equals(role, grantedAuthority.getAuthority())) {
				Logger.debug("matched! access allow.");
				return;
			}
		}
	}
	
	// 无法匹配权限抛出异常
	Logger.info("denied!");
	throw new AccessDeniedException("no authority.");
}
 
Example 8
Source File: ResourceAccessDecisionManager.java    From zxl with Apache License 2.0 6 votes vote down vote up
@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
	if (configAttributes == null) {
		return;
	}
	Iterator<ConfigAttribute> iterator = configAttributes.iterator();
	while (iterator.hasNext()) {
		ConfigAttribute configAttribute = iterator.next();
		String needPermission = configAttribute.getAttribute();
		for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) {
			if (needPermission.equals(grantedAuthority.getAuthority())) {
				return;
			}
		}
	}
	throw new AccessDeniedException("权限不足!");
}
 
Example 9
Source File: MyAccessDecisionManager.java    From maintain with MIT License 6 votes vote down vote up
@Override
public void decide(Authentication authentication, Object obj, Collection<ConfigAttribute> configAttributes)
		throws AccessDeniedException, InsufficientAuthenticationException {
	if (null == configAttributes || configAttributes.size() <= 0) {
		logger.info("decide == return");
		return;
	}
	ConfigAttribute c;
	String needRole;
	for (Iterator<ConfigAttribute> iter = configAttributes.iterator(); iter.hasNext();) {
		c = iter.next();
		needRole = c.getAttribute();
		logger.info("need======" + needRole.trim() + "  size=" + authentication.getAuthorities());
		for (GrantedAuthority ga : authentication.getAuthorities()) {
			logger.info("needRole==" + needRole.trim() + " [] = authority=" + ga.getAuthority());
			// authentication 为在注释1 中循环添加到 GrantedAuthority 对象中的权限信息集合
			if (needRole.trim().equals(ga.getAuthority())) {
				return;
			}
		}
	}
	throw new AccessDeniedException("no right");
}
 
Example 10
Source File: UsernameAccessDecisionVoter.java    From tutorials with MIT License 5 votes vote down vote up
@Override
public boolean supports(ConfigAttribute attribute) {
    if ((attribute.getAttribute() != null)
            && !attribute.getAttribute().startsWith(rolePrefix)) {
        return true;
    }else {
        return false;
    }
}
 
Example 11
Source File: AbstractPrefixedAccessDecisionVoter.java    From dhis2-core with BSD 3-Clause "New" or "Revised" License 5 votes vote down vote up
@Override
public boolean supports( ConfigAttribute configAttribute )
{
    boolean result = configAttribute.getAttribute() != null
        && configAttribute.getAttribute().startsWith( attributePrefix );

    log.debug( "Supports configAttribute: " + configAttribute + ", " + result + " (" + getClass().getSimpleName()
        + ")" );

    return result;
}
 
Example 12
Source File: UrlRoleVoter.java    From bdf3 with Apache License 2.0 5 votes vote down vote up
public boolean supports(ConfigAttribute attribute) {
	if ((attribute.getAttribute() != null)
			&& attribute.getAttribute().startsWith(getRolePrefix())) {
		return true;
	}
	else {
		return false;
	}
}
 
Example 13
Source File: ComponentRoleVoter.java    From bdf3 with Apache License 2.0 5 votes vote down vote up
public boolean supports(ConfigAttribute attribute) {
	if ((attribute.getAttribute() != null)
			&& attribute.getAttribute().startsWith(getRolePrefix())) {
		return true;
	}
	else {
		return false;
	}
}
 
Example 14
Source File: SimpleAccessVoter.java    From dhis2-core with BSD 3-Clause "New" or "Revised" License 4 votes vote down vote up
@Override
public boolean supports( ConfigAttribute configAttribute )
{
    return configAttribute != null && configAttribute.getAttribute() != null
        && configAttribute.getAttribute().equals( requiredAuthority );
}
 
Example 15
Source File: PermissionVoter.java    From lemon with Apache License 2.0 4 votes vote down vote up
public boolean supports(ConfigAttribute attribute) {
    return attribute.getAttribute() != null;
}
 
Example 16
Source File: PermissionVoter.java    From lemon with Apache License 2.0 4 votes vote down vote up
private String getPermission(ConfigAttribute configAttribute) {
    return configAttribute.getAttribute();
}
 
Example 17
Source File: AuthenticatedVoter.java    From lemon with Apache License 2.0 4 votes vote down vote up
public boolean supports(ConfigAttribute attribute) {
    return (attribute.getAttribute() != null)
            && ALLOWED_ATTRIBUTES.contains(attribute.getAttribute());
}