git-svn-id: svn+ssh://10.10.101.21/source/platform/platform-b2b@634 f3bf4e98-0cf0-11e4-a00c-a99a8b9d557d

src/main/java/com/uas/platform/b2b/filter/SecurityInterceptor.java

@@ -1,7 +1,9 @@
 package com.uas.platform.b2b.filter;
 
 import java.io.IOException;
-import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
@@ -10,6 +12,7 @@ import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
@@ -26,11 +29,17 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.FilterInvocation;
 import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
+import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
+import com.uas.platform.b2b.model.Authority;
+import com.uas.platform.b2b.model.Resource;
+import com.uas.platform.b2b.model.Role;
 import com.uas.platform.b2b.model.User;
 import com.uas.platform.b2b.service.UserService;
+import com.uas.platform.b2b.support.SecurityConstant;
 import com.uas.platform.b2b.support.SystemSession;
+import com.uas.platform.core.model.Constant;
 import com.uas.platform.core.util.encry.Md5Utils;
 
 /**
@@ -58,18 +67,28 @@ public class SecurityInterceptor extends AbstractSecurityInterceptor implements
 	 * @throws ServletException
 	 */
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
-		autoLogin((HttpServletRequest) request);
-		logSession((HttpServletRequest) request);
+		HttpServletRequest httpRequest = (HttpServletRequest) request;
+		HttpServletResponse httpResponse = (HttpServletResponse) response;
+		autoLogin(httpRequest);
+		logSession(httpRequest);
+		User user = SystemSession.getUser();
+		if (user == null) {// 未登录则要求登录
+			httpResponse.sendRedirect(httpRequest.getContextPath() + SecurityConstant.LOGIN_URL);
+			return;
+		}
+		if (user.isSys()) {// 超级用户无需验证权限
+			chain.doFilter(request, response);
+			return;
+		}
 		invoke(new FilterInvocation(request, response, chain));
 		logoutSession();
 	}
 
-	public void invoke(FilterInvocation fi) {
-		InterceptorStatusToken token = super.beforeInvocation(fi);
-
+	public void invoke(FilterInvocation filter) throws IOException, ServletException {
+		InterceptorStatusToken token = super.beforeInvocation(filter);
 		try {
-			fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
-		} catch (Exception e) {
+			filter.getChain().doFilter(filter.getRequest(), filter.getResponse());
+		} finally {
 			super.afterInvocation(token, null);
 		}
 	}
@@ -123,7 +142,7 @@ public class SecurityInterceptor extends AbstractSecurityInterceptor implements
 			}
 		}
 	}
-	
+
 	/**
 	 * 线程池策略下，不会频繁删除线程，置于线程内的对象须手动删除
 	 */
@@ -153,8 +172,7 @@ public class SecurityInterceptor extends AbstractSecurityInterceptor implements
 				user = userService.findUserByUserUU(Long.parseLong(username));
 			}
 			if (user != null && user.getUserPwd().equals(Md5Utils.encode(password, user.getUserUU()))) {
-				ArrayList<GrantedAuthority> array = new ArrayList<GrantedAuthority>();
-				array.add(new SimpleGrantedAuthority(ROLE_USER));
+				Collection<GrantedAuthority> array = getGrantedAuthorities(user);
 				UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.getUserUU(), password, array);
 				Authentication authenticatedUser = authenticationManager.authenticate(token);
 				SecurityContextHolder.getContext().setAuthentication(authenticatedUser);
@@ -167,4 +185,29 @@ public class SecurityInterceptor extends AbstractSecurityInterceptor implements
 		}
 	}
 
+	private Set<GrantedAuthority> getGrantedAuthorities(User user) {
+		Set<GrantedAuthority> authSet = new HashSet<GrantedAuthority>();
+		Set<Role> roles = user.getRoles();
+		if (!CollectionUtils.isEmpty(roles)) {
+			for (Role role : roles) {
+				if (role.isSys()) {// 超级账号
+					user.setIssys(Constant.YES);
+					break;
+				}
+				Set<Authority> authorities = role.getAuthorities();
+				if (!CollectionUtils.isEmpty(authorities)) {
+					for (Authority authority : authorities) {
+						Set<Resource> resources = authority.getResources();
+						if (!CollectionUtils.isEmpty(resources)) {
+							for (Resource res : resources) {
+								authSet.add(new SimpleGrantedAuthority(res.getName()));
+							}
+						}
+					}
+				}
+			}
+		}
+		return authSet;
+	}
+
 }

src/main/java/com/uas/platform/b2b/model/User.java

@@ -223,17 +223,22 @@ public class User implements Serializable {
 	public void setRoles(Set<Role> roles) {
 		this.roles = roles;
 	}
-	
-	public void addEnterprise(Enterprise enterprise){
-		if(!this.enterprises.contains(enterprise)) {
+
+	public void addEnterprise(Enterprise enterprise) {
+		if (!this.enterprises.contains(enterprise)) {
 			this.enterprises.add(enterprise);
 		}
 	}
-	
+
 	public void removeEnterprise(Enterprise enterprise) {
-		if(this.enterprises.contains(enterprise)) {
+		if (this.enterprises.contains(enterprise)) {
 			this.enterprises.remove(enterprise);
 		}
 	}
 
+	@JsonIgnore
+	public boolean isSys() {
+		return getIssys() != null && getIssys() == Constant.YES;
+	}
+
 }

src/main/java/com/uas/platform/b2b/support/CustomAccessDecisionManager.java

@@ -29,7 +29,6 @@ public class CustomAccessDecisionManager implements AccessDecisionManager {
 	 */
 	public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
 			throws AccessDeniedException, InsufficientAuthenticationException {
-		System.out.println("decide.");
 		if (null == configAttributes || configAttributes.size() == 0) {
 			return;
 		}
@@ -38,16 +37,14 @@ public class CustomAccessDecisionManager implements AccessDecisionManager {
 		while (iterator.hasNext()) {
 			ConfigAttribute configAttribute = iterator.next();
 			needPermission = configAttribute.getAttribute();
-			System.out.println("needPermission is " + needPermission);
 			for (GrantedAuthority ga : authentication.getAuthorities()) {
-				System.out.println(ga.getAuthority());
 				if (needPermission.equals(ga.getAuthority())) {
 					return;
 				}
 			}
 		}
 		if (needPermission != null)
-			throw new AccessDeniedException("结束，没有 " + needPermission + " 权限！");
+			throw new AccessDeniedException("无法访问，没有 " + needPermission + " 权限！");
 	}
 
 	/**

src/main/java/com/uas/platform/b2b/support/CustomAuthenticationSuccessHandler.java

@@ -2,6 +2,7 @@ package com.uas.platform.b2b.support;
 
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.util.Set;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -13,10 +14,13 @@ import org.springframework.security.web.authentication.SimpleUrlAuthenticationSu
 import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
 import org.springframework.security.web.savedrequest.RequestCache;
 import org.springframework.security.web.savedrequest.SavedRequest;
+import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
+import com.uas.platform.b2b.model.Role;
 import com.uas.platform.b2b.model.User;
 import com.uas.platform.b2b.service.UserService;
+import com.uas.platform.core.model.Constant;
 
 public class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
 
@@ -28,9 +32,7 @@ public class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationS
 	@Override
 	public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response,
 			final Authentication authentication) throws ServletException, IOException {
-		User user = userService.findUserByUserUU(Long.parseLong(authentication.getName()));
-		user.setCurrentEnterprise();
-		request.getSession().setAttribute("user", user);
+		logSession(request, authentication);
 
 		final SavedRequest savedRequest = requestCache.getRequest(request, response);
 
@@ -56,4 +58,25 @@ public class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationS
 		this.requestCache = requestCache;
 	}
 
+	/**
+	 * 登录认证成功后，user写到session
+	 * 
+	 * @param request
+	 * @param authentication
+	 */
+	private void logSession(HttpServletRequest request, Authentication authentication) {
+		User user = userService.findUserByUserUU(Long.parseLong(authentication.getName()));
+		user.setCurrentEnterprise();
+		Set<Role> roles = user.getRoles();
+		if (!CollectionUtils.isEmpty(roles)) {
+			for (Role role : roles) {
+				if (role.isSys()) {// 超级账号
+					user.setIssys(Constant.YES);
+					break;
+				}
+			}
+		}
+		request.getSession().setAttribute("user", user);
+	}
+
 }

src/main/java/com/uas/platform/b2b/support/CustomLogoutSuccessHandler.java

@@ -14,6 +14,7 @@ public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler im
 	@Override
 	public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
 			throws IOException, ServletException {
+		SystemSession.clear();
 		response.setHeader("Content-Type", "application/json;charset=UTF-8");
 		response.setStatus(HttpServletResponse.SC_OK);
 	}

src/main/java/com/uas/platform/b2b/support/CustomUserDetailsService.java

@@ -30,8 +30,6 @@ import com.uas.platform.core.model.Constant;
  */
 public class CustomUserDetailsService implements UserDetailsService {
 
-	public static final String ROLE_USER = "ROLE_USER";
-
 	private ThreadLocal<User> currentUser = new ThreadLocal<User>();
 
 	@Autowired
@@ -58,8 +56,7 @@ public class CustomUserDetailsService implements UserDetailsService {
 				userinfo = userService.findUserByUserUU(Long.parseLong(username));
 			}
 			Collection<GrantedAuthority> array = getGrantedAuthorities(userinfo);
-			User user = new User(String.valueOf(userinfo.getUserUU()), userinfo.getUserPwd(), true, true, true, true,
-					array);
+			User user = new User(String.valueOf(userinfo.getUserUU()), userinfo.getUserPwd(), true, true, true, true, array);
 			currentUser.set(user);
 			return user;
 		} catch (Exception e) {

src/main/java/com/uas/platform/b2b/support/SecurityConstant.java

@@ -0,0 +1,7 @@
+package com.uas.platform.b2b.support;
+
+public class SecurityConstant {
+	
+	public static final String LOGIN_URL = "/signin";
+	
+}