Filter 用户权限进行过滤

来源：互联网发布：sql删除含带4的语句编辑：程序博客网时间：2024/06/05 08:20

用户权限进行过滤

public class AuthorityCheckFilter implements Filter, InitializingBean {
private final Logger logger = Logger.getLogger(getClass());

private final static ThreadLocal<String> CURRENT_USER_NAME = new ThreadLocal<String>();

private final static ThreadLocal<HttpServletRequest> CURRENT_REQUEST = new ThreadLocal<HttpServletRequest>();

@Resource
private SecurityService securityService1;

private PathMatcher matcher = new AntPathMatcher();

private String uncheckedURI;

private String[] uncheckedURIs;

private Ehcache ehcache = Ehcache.getInstance();

public static final String AUTH_MAPPING_CACHE = "auth_map";

@Resource
private JedisClient jedis;

@Resource
private SystemConfigurationService systemConfigurationService;

@Override
public void afterPropertiesSet() throws Exception {
// TODO Auto-generated method stub
System.out.println("initial authority check");
if (StringUtils.isNotBlank(uncheckedURI)) {
uncheckedURIs = uncheckedURI.split(",");
} else {
uncheckedURIs = new String[] {};
}
}

@Override
public void init(FilterConfig filterConfig) throws ServletException {

}

@SuppressWarnings("unchecked")
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
try {
CURRENT_REQUEST.set(req);
String access_token = HttpRequestUtil.getAccessToken(req);
System.out.println("uri:" + req.getRequestURI() + ",access_token:" + access_token);
if (uncheckedURIs.length > 0) {
for (String path : uncheckedURIs) {
if (matcher.match(path, req.getRequestURI())) {
chain.doFilter(request, response);
return;
}
}

}

String username = securityService1.getPrincipal(access_token);
logger.info("与当前accessToken 绑定的 username=" + username);

if (StringUtils.isBlank(username)) {
resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
resp.getWriter().flush();
if (logger.isDebugEnabled()) {
logger.debug("access forbidden, access_token expired :" + access_token);
}
return;
}

CURRENT_USER_NAME.set(username);

// 缓存取开关
String checkFlag = jedis.hGetS("AUTH_CHECK_FILTER", "IS_CHECK");
if (StringUtils.isBlank(checkFlag)) {
// 数据库取配置
checkFlag = systemConfigurationService.getDataByCode("AUTH_CHECK_FILTER_ISCHECK");
// 默认为需要校验权限
if (StringUtils.isBlank(checkFlag)) {
checkFlag = "ON";
} else {
// 写缓存
jedis.hSetS("AUTH_CHECK_FILTER", "IS_CHECK", checkFlag);
}
}

if ("ON".equals(checkFlag)) {
System.out.println("检查权限, do ...");
java.util.Set<String> authUri = (java.util.Set<String>) ehcache.get(
AUTH_MAPPING_CACHE, access_token);

if (authUri == null) {
Collection<Authority> auths = securityService1.getAuthorities(access_token);
if (logger.isDebugEnabled()) {
logger.debug("principal:" + username + ",auths:" + auths);
}
authUri = new HashSet<String>();
ehcache.put(AUTH_MAPPING_CACHE, access_token, authUri);
if (auths != null) {
for (Authority authority : auths) {
authUri.add(authority.getRequestMethod() + authority.getRequestURI());
}
}
}

}
chain.doFilter(request, response);
} finally {
CURRENT_USER_NAME.set(null);
CURRENT_REQUEST.set(null);
}
}

@Override
public void destroy() {
}

public static String getCurrentUserName() {
return CURRENT_USER_NAME.get();
}

public static void setCurrentUserName(String username) {
CURRENT_USER_NAME.set(username);
}

public static HttpServletRequest getCurrentRequest() {
return CURRENT_REQUEST.get();
}

public static void setCurrentRequest(HttpServletRequest req) {
CURRENT_REQUEST.set(req);
}

public void setSecurityService(SecurityService securityService) {
this.securityService1 = securityService;
}

public void setUncheckedURI(String uncheckedURI) {
this.uncheckedURI = uncheckedURI;
}

}

0 0