From 83887ca2ff898398e36312c07ea49440f2b5bece Mon Sep 17 00:00:00 2001 From: "Crystal.Sea" Date: Sat, 31 Oct 2020 21:54:13 +0800 Subject: [PATCH] =?UTF-8?q?RoleAdministrators=20=E6=9D=83=E9=99=90?= =?UTF-8?q?=E6=8E=A7=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../authn/AbstractAuthenticationProvider.java | 10 ++++++ .../org/maxkey/authn/BasicAuthentication.java | 16 ++++++---- .../authn/RealmAuthenticationProvider.java | 18 ++++++++++- .../web/interceptor/PermissionAdapter.java | 32 ++++++------------- .../resources/templates/views/layout/top.ftl | 3 +- 5 files changed, 47 insertions(+), 32 deletions(-) diff --git a/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java b/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java index 971b174d..0aee2490 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java @@ -17,6 +17,8 @@ package org.maxkey.authn; +import java.util.ArrayList; + import org.maxkey.authn.online.OnlineTicketServices; import org.maxkey.authn.realm.AbstractAuthenticationRealm; import org.maxkey.authn.support.rememberme.AbstractRemeberMeService; @@ -35,6 +37,8 @@ import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; /** * login Authentication abstract class. @@ -65,6 +69,12 @@ public abstract class AbstractAuthenticationProvider { @Autowired @Qualifier("onlineTicketServices") protected OnlineTicketServices onlineTicketServices; + + static ArrayList grantedAdministratorsAuthoritys = new ArrayList(); + + static { + grantedAdministratorsAuthoritys.add(new SimpleGrantedAuthority("ROLE_ADMINISTRATORS")); + } protected abstract String getProviderName(); diff --git a/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java b/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java index 97f3af68..8de5cc9e 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java @@ -23,7 +23,6 @@ import java.util.Collection; import org.maxkey.authn.online.OnlineTicket; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; public class BasicAuthentication implements Authentication { @@ -39,14 +38,12 @@ public class BasicAuthentication implements Authentication { OnlineTicket onlineTicket; ArrayList grantedAuthority; boolean authenticated; + boolean roleAdministrators; /** * BasicAuthentication. */ public BasicAuthentication() { - grantedAuthority = new ArrayList(); - grantedAuthority.add(new SimpleGrantedAuthority("ROLE_USER")); - grantedAuthority.add(new SimpleGrantedAuthority("ORDINARY_USER")); } /** @@ -56,9 +53,6 @@ public class BasicAuthentication implements Authentication { this.username = username; this.password = password; this.authType = authType; - grantedAuthority = new ArrayList(); - grantedAuthority.add(new SimpleGrantedAuthority("ROLE_USER")); - grantedAuthority.add(new SimpleGrantedAuthority("ORDINARY_USER")); } @Override public String getName() { @@ -177,6 +171,14 @@ public class BasicAuthentication implements Authentication { this.onlineTicket = onlineTicket; } + public boolean isRoleAdministrators() { + return roleAdministrators; + } + + public void setRoleAdministrators(boolean roleAdministrators) { + this.roleAdministrators = roleAdministrators; + } + @Override public String toString() { StringBuilder builder = new StringBuilder(); diff --git a/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java b/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java index b1581064..a458f22b 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java @@ -17,6 +17,8 @@ package org.maxkey.authn; +import java.util.ArrayList; + import org.maxkey.authn.online.OnlineTicket; import org.maxkey.domain.UserInfo; import org.maxkey.web.WebConstants; @@ -26,6 +28,8 @@ import org.slf4j.LoggerFactory; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.web.authentication.WebAuthenticationDetails; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; @@ -157,13 +161,25 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId,authentication); this.onlineTicketServices.store(onlineTickitId, onlineTicket); authentication.setOnlineTicket(onlineTicket); + ArrayList grantedAuthoritys = authenticationRealm.grantAuthority(userInfo); + //set default roles + grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_USER")); + grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_ORDINARY_USER")); authentication.setAuthenticated(true); + + for(GrantedAuthority grantedAuthority : grantedAuthoritys) { + if(grantedAdministratorsAuthoritys.contains(grantedAuthority)) { + authentication.setRoleAdministrators(true); + _logger.trace("ROLE ADMINISTRATORS Authentication ."); + } + } + UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken( authentication, "PASSWORD", - authenticationRealm.grantAuthority(userInfo) + grantedAuthoritys ); authenticationToken.setDetails( diff --git a/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java b/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java index 9e51b156..25f7928e 100644 --- a/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java +++ b/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java @@ -17,22 +17,19 @@ package org.maxkey.web.interceptor; -import java.util.ArrayList; import java.util.concurrent.ConcurrentHashMap; import javax.servlet.RequestDispatcher; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.maxkey.authn.BasicAuthentication; import org.maxkey.configuration.ApplicationConfig; import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.stereotype.Component; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; /** @@ -52,11 +49,6 @@ public class PermissionAdapter extends HandlerInterceptorAdapter { static ConcurrentHashMapnavigationsMap=null; - static ArrayList grantedAuthoritys = new ArrayList(); - static { - grantedAuthoritys.add(new SimpleGrantedAuthority("ADMINISTRATORS")); - } - /* * 请求前处理 * (non-Javadoc) @@ -74,20 +66,14 @@ public class PermissionAdapter extends HandlerInterceptorAdapter { dispatcher.forward(request, response); return false; } - - boolean isGrantedAuthority = false; - for(GrantedAuthority grantedAuthority : grantedAuthoritys) { - if(WebContext.getAuthentication().getAuthorities().contains(grantedAuthority)) { - isGrantedAuthority = true; - _logger.trace("ADMINISTRATORS Authentication ."); - } - } - - if(!isGrantedAuthority) { - RequestDispatcher dispatcher = request.getRequestDispatcher("/logout"); - dispatcher.forward(request, response); - return false; - } + + //非管理员用户直接注销 + if (!((BasicAuthentication) WebContext.getAuthentication().getPrincipal()).isRoleAdministrators()) { + _logger.debug("Not ADMINISTRATORS Authentication ."); + RequestDispatcher dispatcher = request.getRequestDispatcher("/logout"); + dispatcher.forward(request, response); + return false; + } boolean hasAccess=true; diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/layout/top.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/layout/top.ftl index 94588f11..7c3bde93 100644 --- a/maxkey-web-maxkey/src/main/resources/templates/views/layout/top.ftl +++ b/maxkey-web-maxkey/src/main/resources/templates/views/layout/top.ftl @@ -40,12 +40,13 @@
  <@locale code="login.password.changepassword"/>  
+ <#if Session["current_authentication"].principal.roleAdministrators==true >
  <@locale code="global.text.manage"/>  
 - +
  <@locale code="global.text.logout"/>