11 years ago · f0c4dbde30
--- a/src/main/java/com/uas/platform/b2b/support/CustomAccessDeniedHandler.java
+++ b/src/main/java/com/uas/platform/b2b/support/CustomAccessDeniedHandler.java
@@ -0,0 +1,32 @@
 
				+package com.uas.platform.b2b.support;

			
 
				+

			
 
				+import java.io.IOException;

			
 
				+import java.io.PrintWriter;

			
 
				+

			
 
				+import javax.servlet.ServletException;

			
 
				+import javax.servlet.http.HttpServletRequest;

			
 
				+import javax.servlet.http.HttpServletResponse;

			
 
				+

			
 
				+import org.springframework.security.access.AccessDeniedException;

			
 
				+import org.springframework.security.web.access.AccessDeniedHandler;

			
 
				+

			
 
				+/**

			
 
				+ * 权限验证未通过，禁止访问时的处理

			
 
				+ * 

			
 
				+ * @author yingp

			
 
				+ *

			
 
				+ */

			
 
				+public class CustomAccessDeniedHandler implements AccessDeniedHandler {

			
 
				+

			
 
				+	@Override

			
 
				+	public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException exception) throws IOException,

			
 
				+			ServletException {

			
 
				+		response.setHeader("Content-Type", "application/text;charset=UTF-8");

			
 
				+		response.setStatus(HttpServletResponse.SC_FORBIDDEN);

			
 
				+		PrintWriter printWriter = response.getWriter();

			
 
				+		printWriter.append(exception.getMessage());

			
 
				+		printWriter.flush();

			
 
				+		printWriter.close();

			
 
				+	}

			
 
				+

			
 
				+}

			
--- a/src/main/java/com/uas/platform/b2b/support/CustomSecurityMetadataSource.java
+++ b/src/main/java/com/uas/platform/b2b/support/CustomSecurityMetadataSource.java
@@ -3,6 +3,7 @@ package com.uas.platform.b2b.support;
 
				 import java.util.ArrayList;

			
 
				 import java.util.Collection;

			
 
				 import java.util.HashMap;

			
 
				+import java.util.Iterator;

			
 
				 import java.util.List;

			
 
				 

			
 
				 import javax.servlet.http.HttpServletRequest;

			
@@ -13,6 +14,7 @@ import org.springframework.security.access.ConfigAttribute;
 
				 import org.springframework.security.access.SecurityConfig;

			
 
				 import org.springframework.security.web.FilterInvocation;

			
 
				 import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;

			
 
				+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

			
 
				 

			
 
				 import com.uas.platform.b2b.dao.ResourceDao;

			
 
				 import com.uas.platform.b2b.model.Resource;

			
@@ -69,11 +71,20 @@ public class CustomSecurityMetadataSource implements FilterInvocationSecurityMet
 
				 		if (resourceMap == null)

			
 
				 			loadResourceDefine();

			
 
				 		HttpServletRequest request = ((FilterInvocation) object).getRequest();

			
 
				-		String requestUrl = getRequestPath(request);

			
 
				-		return resourceMap.get(request.getMethod() + ":" + requestUrl);

			
 
				+		for (Iterator<String> iter = resourceMap.keySet().iterator(); iter.hasNext();) {

			
 
				+			String resourceKey = iter.next();

			
 
				+			String[] resourceParam = resourceKey.split(":");

			
 
				+			String resourceMethod = resourceParam[0];

			
 
				+			String resourceUrl = resourceParam[1];

			
 
				+			AntPathRequestMatcher matcher = new AntPathRequestMatcher(resourceUrl);

			
 
				+			if (null != resourceUrl && request.getMethod().equals(resourceMethod) && matcher.matches(request)) {

			
 
				+				return resourceMap.get(resourceKey);

			
 
				+			}

			
 
				+		}

			
 
				+		return null;

			
 
				 	}

			
 
				 

			
 
				-	private String getRequestPath(HttpServletRequest request) {

			
 
				+	public String getRequestPath(HttpServletRequest request) {

			
 
				 		String url = request.getServletPath();

			
 
				 		if (request.getPathInfo() != null)

			
 
				 			url = url + request.getPathInfo();

			
--- a/src/main/resources/spring/security.xml
+++ b/src/main/resources/spring/security.xml
@@ -33,6 +33,8 @@
 
				 

			
 
				 		<!-- 自定义过滤器， 实现用户管理 -->

			
 
				 		<custom-filter ref="iFilter" before="FILTER_SECURITY_INTERCEPTOR" />

			
 
				+		<!-- 禁止访问的处理 -->

			
 
				+		<access-denied-handler ref="customAccessDeniedHandler"/>

			
 
				 	</http>

			
 
				 

			
 
				 	<b:bean id="customSuccessHandler"

			
@@ -43,6 +45,9 @@
 
				 

			
 
				 	<b:bean id="customLogoutSuccessHandler"

			
 
				 		class="com.uas.platform.b2b.support.CustomLogoutSuccessHandler" />

			
 
				+	

			
 
				+	<b:bean id="customAccessDeniedHandler"

			
 
				+		class="com.uas.platform.b2b.support.CustomAccessDeniedHandler" />

			
 
				 	<!-- 自定义过滤器 -->

			
 
				 	<b:bean id="iFilter" class="com.uas.platform.b2b.filter.SecurityInterceptor">

			
 
				 		<b:property name="securityMetadataSource" ref="securityMetadataSource" /><!-- 

			
--- a/src/main/webapp/resources/js/index/app.js
+++ b/src/main/webapp/resources/js/index/app.js
@@ -456,6 +456,8 @@ define([ 'toaster', 'charts', 'ngTable', 'common/services', 'service/Purc', 'ui.
 
				 			if(!item.replies) {

			
 
				 				PurcOrderItem.getReply({orderItemId: item.id}, function(replies){

			
 
				 					item.replies = replies;

			
 
				+				}, function(response){

			
 
				+					toaster.pop('error', '无法查看回复记录', response.data);

			
 
				 				});

			
 
				 			}

			
 
				 		};