遂昌综合执法平台服务端
blame | 历史 | 原始文档
zhanghua
2025-04-14 1cad14bca191807e18705c3a5526eda8151be439 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

package com.ycl.component;


 


import com.ycl.config.IgnoreUrlsConfig;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.http.HttpMethod;


import org.springframework.security.access.SecurityMetadataSource;


import org.springframework.security.access.intercept.AbstractSecurityInterceptor;


import org.springframework.security.access.intercept.InterceptorStatusToken;


import org.springframework.security.web.FilterInvocation;


import org.springframework.util.AntPathMatcher;


import org.springframework.util.PathMatcher;


 


import javax.servlet.*;


import javax.servlet.http.HttpServletRequest;


import java.io.IOException;


 


/**


 * 动态权限过滤器,用于实现基于路径的动态权限过滤


 */


public class DynamicSecurityFilter extends AbstractSecurityInterceptor implements Filter {


 


    @Autowired


    private DynamicSecurityMetadataSource dynamicSecurityMetadataSource;


    @Autowired


    private IgnoreUrlsConfig ignoreUrlsConfig;


 


    @Autowired


    public void setMyAccessDecisionManager(DynamicAccessDecisionManager dynamicAccessDecisionManager) {


        super.setAccessDecisionManager(dynamicAccessDecisionManager);


    }


 


    @Override


    public void init(FilterConfig filterConfig) throws ServletException {


    }


 


    @Override


    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {


        HttpServletRequest request = (HttpServletRequest) servletRequest;


        FilterInvocation fi = new FilterInvocation(servletRequest, servletResponse, filterChain);


        //OPTIONS请求直接放行


        if(request.getMethod().equals(HttpMethod.OPTIONS.toString())){


            fi.getChain().doFilter(fi.getRequest(), fi.getResponse());


            return;


        }


        //白名单请求直接放行


        PathMatcher pathMatcher = new AntPathMatcher();


        for (String path : ignoreUrlsConfig.getUrls()) {


            if(pathMatcher.match(path,request.getServletPath())){


                fi.getChain().doFilter(fi.getRequest(), fi.getResponse());


                return;


            }


        }


        //此处会调用AccessDecisionManager中的decide方法进行鉴权操作


        InterceptorStatusToken token = super.beforeInvocation(fi);


        try {


            fi.getChain().doFilter(fi.getRequest(), fi.getResponse());


        } finally {


            super.afterInvocation(token, null);


        }


    }


 


    @Override


    public void destroy() {


    }


 


    @Override


    public Class<?> getSecureObjectClass() {


        return FilterInvocation.class;


    }


 


    @Override


    public SecurityMetadataSource obtainSecurityMetadataSource() {


        return dynamicSecurityMetadataSource;


    }


 


}