Spring Security 自定义权限验证方法没有被调用

我自己定义的AccessDecisionManager 和FilterInvocationSecurityMetadataSource 都没有被调用。代码如下:
package org.bzxly.yx.security.filter;
import org.bzxly.yx.security.entity.Authority;
import org.bzxly.yx.security.service.PermissionService;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.AntPathRequestMatcher;
import org.springframework.stereotype.Component;
import com.alibaba.druid.support.logging.Log;
import com.alibaba.druid.support.logging.LogFactory;
import com.alibaba.fastjson.JSON;
@Component
public class CustomFilterInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource{
private static final Log LOG = LogFactory.getLog(FilterInvocationSecurityMetadataSource.class);
@Autowired
private PermissionService permissionService;
/**
* 权限容器
* key:URL
* value:角色
/
private static final Map> AUTHORITY = new HashMap>();//存储所有角色的权限
/
*这个方法在访问受限资源的时候没有被调用*/
@Override
public Collection getAttributes(Object object) throws IllegalArgumentException {
String accessURL = ((FilterInvocation)object).getRequestUrl();
LOG.debug("访问地址:"+accessURL);
FilterInvocation fi = (FilterInvocation)object;
HttpServletRequest request = fi.getRequest();
Collection config = null;
for(Entry> entry:AUTHORITY.entrySet()){
String key = entry.getKey();
AntPathRequestMatcher matcher =new AntPathRequestMatcher(key);
boolean b = matcher.matches(request);
if(b){
config = new ArrayList();
Collection value = entry.getValue();
for (ConfigAttribute configAttribute : value) {
config.add(configAttribute);
}
}
}
return config;
}
//这个初始化已经在启动的时候初始化成功
@Override
public Collection getAllConfigAttributes() {
LOG.debug("正在初始化资源中");
List authorities = permissionService.loadResource();
for(int i=0;i final Authority authority=authorities.get(i);
String serverURL = authority.getServerURL();
LOG.info("初始化角色:"+authority.getRoleKey()+",资源:"+serverURL);
if(AUTHORITY.containsKey(serverURL)){
AUTHORITY.get(serverURL).add(new SecurityConfig(authority.getRoleKey()));
}else{
AUTHORITY.put(authority.getServerURL(),new ArrayList(){
{
add(new SecurityConfig(authority.getRoleKey()));
}
});
}
}
LOG.info("ALL LIMIT IS "+JSON.toJSONString(AUTHORITY));
LOG.debug("初始化资源完成");
return null;
}

@Override
public boolean supports(Class<?> clazz) {
    return true;
}

}
package org.bzxly.yx.security.filter;
import java.util.Collection;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Component;
@Component
public class CustomAccessDecisionManager implements AccessDecisionManager{
/**这个方法在访问受限资源的时候没有被调用*/
@Override
public void decide(Authentication authentication, Object object,
Collection configAttributes)
throws AccessDeniedException, InsufficientAuthenticationException {
if(authentication ==null){
throw new InsufficientAuthenticationException("用户信息不足、、、");
}
Collection<? extends GrantedAuthority> ownedRoles = authentication.getAuthorities();
System.out.println("in method decide ....."+object.getClass());

    for (GrantedAuthority ownedGa : ownedRoles) {
        String strOwnedRole = ownedGa.getAuthority();
        for(ConfigAttribute requiredCa :configAttributes){
            String strRequiedRole = requiredCa.getAttribute();
            if(strOwnedRole.equals(strRequiedRole)){
                return;
            }
        }
    }
    throw new AccessDeniedException("您没有操作权限!!!");
}

@Override
public boolean supports(ConfigAttribute attribute) {
    return true;
}

@Override
public boolean supports(Class<?> clazz) {
    return true;
}

}
<?xml version="1.0" encoding="UTF-8"?>










/security:http






































































/security:password-encoder
/security:authentication-provider

/security:authentication-manager

以上是关键代码

查看全部
aa32744125
aa32744125
2017/04/16 04:03
  • spring
  • 点赞
  • 收藏
  • 回答
    私信

1个回复