org.springframework.security.access.ConfigAttribute

Here are the examples of the java api org.springframework.security.access.ConfigAttribute taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.

93 Examples 7

19 Source : CustomAccessDecisionManager.java
with Apache License 2.0
from zhouxx

public boolean supports(ConfigAttribute attribute) {
    return true;
}

19 Source : AuthenticationService.java
with Apache License 2.0
from zhoutaoo

/**
 * url对应资源与用户拥有资源进行匹配
 *
 * @param urlConfigAttribute
 * @param userResources
 * @return
 */
public boolean isMatch(ConfigAttribute urlConfigAttribute, Set<Resource> userResources) {
    return userResources.stream().anyMatch(resource -> resource.getCode().equals(urlConfigAttribute.getAttribute()));
}

19 Source : AccessPredicateVoter.java
with MIT License
from yidongnan

/**
 * Finds the first AccessPredicateConfigAttribute in the given collection.
 *
 * @param attributes The attributes to search in.
 * @return The first found AccessPredicateConfigAttribute or null, if no such elements were found.
 */
private AccessPredicateConfigAttribute find(final Collection<ConfigAttribute> attributes) {
    for (final ConfigAttribute attribute : attributes) {
        if (attribute instanceof AccessPredicateConfigAttribute) {
            return (AccessPredicateConfigAttribute) attribute;
        }
    }
    return null;
}

19 Source : SecurityUtil.java
with Apache License 2.0
from Pardus-Engerek

public static Collection<String> getActions(Collection<ConfigAttribute> configAttributes) {
    Collection<String> actions = new ArrayList<String>(configAttributes.size());
    for (ConfigAttribute attr : configAttributes) {
        actions.add(attr.getAttribute());
    }
    return actions;
}

19 Source : UnlockedVoter.java
with MIT License
from PaperMC

private UnlockedAttribute findUnlockedAttribute(Collection<ConfigAttribute> attributes) {
    for (ConfigAttribute attribute : attributes) {
        if (attribute instanceof UnlockedAttribute) {
            return (UnlockedAttribute) attribute;
        }
    }
    return null;
}

19 Source : UrlRoleVoter.java
with Apache License 2.0
from muxiangqiu

public boolean supports(ConfigAttribute attribute) {
    if ((attribute.getAttribute() != null) && attribute.getAttribute().startsWith(getRolePrefix())) {
        return true;
    } else {
        return false;
    }
}

19 Source : ExpressionVoter.java
with MIT License
from jobmission

private ExpressionConfigAttribute findConfigAttribute(Collection<ConfigAttribute> attributes) {
    for (ConfigAttribute attribute : attributes) {
        if (attribute instanceof ExpressionConfigAttribute) {
            return (ExpressionConfigAttribute) attribute;
        }
    }
    return null;
}

19 Source : AppFilterInvocationSecurityMetadataSource.java
with GNU General Public License v3.0
from chenCmengmengda

/**
 * 自定义方法。最好在项目启动时,去数据库查询一次就好。
 * 数据库查询一次 权限表出现的所有要拦截的url
 */
public void loadResourceDefine() {
    map = new HashMap<>();
    Collection<ConfigAttribute> array;
    ConfigAttribute cfg;
    // 去数据库查询 使用dao层。 你使用自己的即可
    TbPermissionExample example = new TbPermissionExample();
    List<TbPermission> permissions = permissionMapper.selectByExample(example);
    TbRoleExample roleExample = new TbRoleExample();
    List<TbRole> roles = roleMapper.selectByExample(roleExample);
    TbRolePermissionExample rolePermissionExample = new TbRolePermissionExample();
    List<TbRolePermissionKey> rolePermissionKeys = rolePermissionMapper.selectByExample(rolePermissionExample);
    for (TbRolePermissionKey rolePermissionKey : rolePermissionKeys) {
        TbRoleCustom roleCustom = roleMapperCustom.findRolePermissionById(rolePermissionKey.getRoleid());
        for (TbPermission permission : roleCustom.getPermissionList()) {
            array = new ArrayList<>();
            // 下面你可以添加你想要比较的信息过去。 注意的是,需要在用户登录时存储的权限信息一致
            cfg = new SecurityConfig("ROLE_" + roleCustom.getRolename());
            // 此处添加了资源菜单的名字,例如请求方法到ConfigAttribute的集合中去。此处添加的信息将会作为MyAccessDecisionManager类的decide的第三个参数。
            array.add(cfg);
            // 用权限的getUrl() 作为map的key,用ConfigAttribute的集合作为 value,
            map.put(permission.getUrl(), array);
        }
    }
/*
        for(TbPermission permission : permissions) {
            array = new ArrayList<>();
            //下面你可以添加你想要比较的信息过去。 注意的是,需要在用户登录时存储的权限信息一致
            cfg = new SecurityConfig(permission.getPermissionname());
            //此处添加了资源菜单的名字,例如请求方法到ConfigAttribute的集合中去。此处添加的信息将会作为MyAccessDecisionManager类的decide的第三个参数。

            array.add(cfg);
            //用权限的getUrl() 作为map的key,用ConfigAttribute的集合作为 value,
            map.put(permission.getUrl(), array);
        }*/
}

18 Source : UrlAccessDecisionManager.java
with Apache License 2.0
from ztgreat

@Override
public boolean supports(ConfigAttribute configAttribute) {
    return true;
}

18 Source : MyAccessDecisionManager.java
with MIT License
from zhaopei8948

@Override
public boolean supports(ConfigAttribute attribute) {
    return true;
}

18 Source : AccessPredicateVoter.java
with MIT License
from yidongnan

@Override
public boolean supports(final ConfigAttribute attribute) {
    return attribute instanceof AccessPredicateConfigAttribute;
}

18 Source : SpreadsheetAccessDecisionVoter.java
with MIT License
from timtebeek

@Override
public boolean supports(ConfigAttribute attribute) {
    return getProcessDomainObjectClreplaced().getName().equals(attribute.getAttribute());
}

18 Source : MyAccessDecisionManager.java
with MIT License
from smltq

/**
 * 表示此AccessDecisionManager是否能够处理传递的ConfigAttribute呈现的授权请求
 */
@Override
public boolean supports(ConfigAttribute configAttribute) {
    return true;
}

18 Source : MidPointGuiAuthorizationEvaluator.java
with Apache License 2.0
from Pardus-Engerek

@Override
public boolean supports(ConfigAttribute attribute) {
    return securityEnforcer.supports(attribute);
}

18 Source : UserLockVoter.java
with MIT License
from PaperMC

@Override
public boolean supports(ConfigAttribute attribute) {
    return attribute instanceof UserLockAttribute;
}

18 Source : HangarPermissionVoter.java
with MIT License
from PaperMC

@Override
public boolean supports(ConfigAttribute attribute) {
    return attribute instanceof PermissionAttribute;
}

18 Source : UnlockedVoter.java
with MIT License
from PaperMC

@Override
public boolean supports(ConfigAttribute attribute) {
    return attribute instanceof UnlockedAttribute;
}

18 Source : HangarDecisionVoter.java
with MIT License
from PaperMC

@SuppressWarnings("unchecked")
protected final A findAttribute(Collection<ConfigAttribute> attributes) {
    for (ConfigAttribute attribute : attributes) {
        if (attributeClreplaced.isreplacedignableFrom(attribute.getClreplaced())) {
            return (A) attribute;
        }
    }
    return null;
}

18 Source : HangarDecisionVoter.java
with MIT License
from PaperMC

@Override
public boolean supports(ConfigAttribute attribute) {
    return attributeClreplaced.isreplacedignableFrom(attribute.getClreplaced());
}

18 Source : AuthorityVoter.java
with MIT License
from njuro

@Override
public boolean supports(ConfigAttribute attribute) {
    return attribute instanceof AuthorityAttribute;
}

18 Source : MyAccessDecisionManager.java
with GNU General Public License v3.0
from microacup

/**
 * @param attribute
 * @return
 */
@Override
public boolean supports(ConfigAttribute attribute) {
    return true;
}

18 Source : UrlAccessDecisionManager.java
with GNU General Public License v3.0
from luoye663

@Override
public boolean supports(ConfigAttribute configAttribute) {
    log.info("进入权限判断! ConfigAttribute configAttribute");
    return true;
}

18 Source : ExpressionVoter.java
with MIT License
from jobmission

@Override
public boolean supports(ConfigAttribute attribute) {
    return attribute instanceof ExpressionConfigAttribute;
}

18 Source : CustomAccessDecisionManager.java
with Apache License 2.0
from huifer

@Override
public boolean supports(ConfigAttribute attribute) {
    // 都要设为true
    return true;
}

18 Source : AuthorizationService.java
with GNU General Public License v3.0
from GuoGuang

/**
 * url对应资源与用户拥有资源进行匹配
 * @param urlConfigAttribute
 * @param userResources
 */
public boolean isMatch(ConfigAttribute urlConfigAttribute, Set<Resource> userResources) {
    boolean isMatchBool = userResources.stream().anyMatch(resource -> resource.getCode().equals(urlConfigAttribute.getAttribute()));
    if (!isMatchBool) {
        LogBack.error("url编码错误,请检查角色是否有此权限!");
        throw new AccessDeniedException("url编码错误,请检查角色是否有此权限!");
    }
    return true;
}

18 Source : SimpleAccessVoter.java
with BSD 3-Clause "New" or "Revised" License
from dhis2

@Override
public boolean supports(ConfigAttribute configAttribute) {
    return configAttribute != null && configAttribute.getAttribute() != null && configAttribute.getAttribute().equals(requiredAuthority);
}

18 Source : ExternalAccessVoter.java
with BSD 3-Clause "New" or "Revised" License
from dhis2

// -------------------------------------------------------------------------
// AccessDecisionVoter Implementation
// -------------------------------------------------------------------------
@Override
public boolean supports(ConfigAttribute attribute) {
    return false;
}

18 Source : AbstractPrefixedAccessDecisionVoter.java
with BSD 3-Clause "New" or "Revised" License
from dhis2

// -------------------------------------------------------------------------
// AccessDecisionVoter implementation
// -------------------------------------------------------------------------
@Override
public boolean supports(ConfigAttribute configAttribute) {
    boolean result = configAttribute.getAttribute() != null && configAttribute.getAttribute().startsWith(attributePrefix);
    log.debug("Supports configAttribute: " + configAttribute + ", " + result + " (" + getClreplaced().getSimpleName() + ")");
    return result;
}

18 Source : RoleAccessDecisionManager.java
with MIT License
from ccfish86

/* (non-Javadoc)
     * @see org.springframework.security.access.AccessDecisionManager#supports(org.springframework.security.access.ConfigAttribute)
     */
@Override
public boolean supports(ConfigAttribute arg0) {
    // TODO Auto-generated method stub
    return false;
}

17 Source : MyInvocationSecurityMetadataSourceService.java
with Apache License 2.0
from luotuo

/**
 * 加载权限表中所有权限
 */
public void loadResourceDefine() {
    map = new HashMap<>();
    Collection<ConfigAttribute> array;
    ConfigAttribute cfg;
    List<PrivilegeConfig> permissions = privilegeConfigService.findAll();
    for (PrivilegeConfig permission : permissions) {
        array = new ArrayList<>();
        cfg = new SecurityConfig(permission.getName());
        // 此处只添加了用户的名字,其实还可以添加更多权限的信息,例如请求方法到ConfigAttribute的集合中去。此处添加的信息将会作为MyAccessDecisionManager类的decide的第三个参数。
        array.add(cfg);
        // 用权限的getUrl() 作为map的key,用ConfigAttribute的集合作为 value,
        map.put(permission.getUrl(), array);
    }
}

17 Source : AuthenticationServiceTest.java
with Apache License 2.0
from jorrellz

@Test
public void testGetConfigAttributesByUrl_假如存在如上资源信息_当请求url存在参数时_那么返回匹配的资源信息() {
    AuthenticationService authenticationService = new AuthenticationService(this.resourceConfigAttributes);
    ConfigAttribute attributesByUrl = authenticationService.findConfigAttributesByUrl(new HttpServletRequestAuthWrapper(new MockHttpServletRequest(), "/users/1/order", "GET"));
    replacedert.replacedertEquals("user_order:view", attributesByUrl.getAttribute());
}

17 Source : AuthenticationServiceTest.java
with Apache License 2.0
from jorrellz

@Test
public void testGetConfigAttributesByUrl_假如存在如上资源信息_当请求存在的资源时_那么返回url和method都匹配的资源信息() {
    AuthenticationService authenticationService = new AuthenticationService(this.resourceConfigAttributes);
    ConfigAttribute attributesByUrl = authenticationService.findConfigAttributesByUrl(new HttpServletRequestAuthWrapper(new MockHttpServletRequest(), "/users", "POST"));
    replacedert.replacedertEquals("user_manager:btn_add", attributesByUrl.getAttribute());
}

17 Source : AuthenticationServiceTest.java
with Apache License 2.0
from jorrellz

@Test
public void testGetConfigAttributesByUrl_假如存在如上资源信息_当请求不存在method的资源时_那么返回NONEXISTENT_URL() {
    AuthenticationService authenticationService = new AuthenticationService(this.resourceConfigAttributes);
    ConfigAttribute attributesByUrl = authenticationService.findConfigAttributesByUrl(new HttpServletRequestAuthWrapper(new MockHttpServletRequest(), "/users/1/order", "POST"));
    replacedert.replacedertEquals("NONEXISTENT_URL", attributesByUrl.getAttribute());
}

17 Source : AuthAccessDecisionManager.java
with MIT License
from gzmuSoft

@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
    for (ConfigAttribute configAttribute : configAttributes) {
        String needRole = configAttribute.getAttribute();
        if (ROLE_NO_AUTH.equals(needRole)) {
            throw new AccessDeniedException("权限不足");
        }
        // 如果是 ROLE_NO_LOGIN 资源,放行
        if (ROLE_NO_LOGIN.equals(needRole)) {
            return;
        }
        // 如果是 ROLE_PUBLIC 资源且不是匿名用户,放行
        if (ROLE_PUBLIC.equals(needRole) && !roleCondition(authentication, ROLE_ANONYMOUS)) {
            return;
        }
        // 符合条件的,放行
        if (roleCondition(authentication, needRole)) {
            return;
        }
    }
    throw new AccessDeniedException("权限不足");
}

17 Source : AuthorizationService.java
with GNU General Public License v3.0
from GuoGuang

/**
 * 根据url和method查询到对应的权限信息
 * @param authRequest request
 * @return ConfigAttribute
 */
public ConfigAttribute findConfigAttributesByUrl(HttpServletRequest authRequest) {
    ConfigAttribute configAttribute = resourceConfigAttributes.keySet().stream().filter(requestMatcher -> requestMatcher.matches(authRequest)).map(requestMatcher -> resourceConfigAttributes.get(requestMatcher)).peek(urlConfigAttribute -> LogBack.info("url在资源池中配置:{}", urlConfigAttribute.getAttribute())).findFirst().orElse(new SecurityConfig(NONEXISTENT_URL));
    return configAttribute;
}

17 Source : AuthorityManager.java
with Apache License 2.0
from Frodez

/**
 * 权限匹配管理器
 * @author Frodez
 * @date 2018-12-03
 */
@Component
@DependsOn("contextUtil")
public clreplaced AuthorityManager implements AccessDecisionManager {

    private ConfigAttribute defaultDeniedRole;

    private void clear() {
        defaultDeniedRole = null;
    }

    @PostConstruct
    private void init() {
        SecurityProperties properties = ContextUtil.bean(SecurityProperties.clreplaced);
        defaultDeniedRole = new SecurityConfig(properties.getAuth().getDeniedRole());
        replacedert.notNull(defaultDeniedRole, "defaultDeniedRole must not be null");
    }

    /**
     * 更新权限信息
     * @author Frodez
     * @date 2019-03-17
     */
    public void refresh() {
        synchronized (this) {
            clear();
            init();
        }
    }

    /**
     * 判定是否拥有权限<br>
     * authentication是UserDetailsServiceImpl中添加到GrantedAuthority中的权限信息.<br>
     * object包含客户端请求的request信息,可转换为HttpServletRequest,方法如下:<br>
     * request = ((FilterInvocation) object).getHttpRequest()<br>
     * attributes是DatabaseSecurityMetadataSource的getAttributes方法的返回值.<br>
     * 如果用户不具有请求的url的权限,抛出AccessDeniedException.<br>
     * @author Frodez
     * @date 2018-12-03
     */
    @Override
    public void decide(Authentication auth, Object object, Collection<ConfigAttribute> permissions) throws AccessDeniedException, InsufficientAuthenticationException {
        FilterInvocation invocation = (FilterInvocation) object;
        if (!Matcher.needVerify(invocation.getHttpRequest())) {
            // 如果是免验证路径,则直接放行,因为免验证路径下为了防止报错,设置了一个默认的无访问权限
            return;
        }
        // 如果用户不带有权限,说明用户信息可能有问题,必须直接驳回
        // 详情见frodez.config.security.filter.TokenFilter.doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
        // 和frodez.config.security.user.UserDetailsServiceImpl.loadUserByUsername(String username)方法
        if (EmptyUtil.yes(auth.getAuthorities())) {
            throw new AccessDeniedException("无访问权限!");
        }
        // 当包含无访问权限时,直接驳回(此时只有无访问权限一个权限)
        if (permissions.contains(defaultDeniedRole)) {
            throw new AccessDeniedException("无访问权限!");
        }
        Set<String> auths = StreamUtil.set(auth.getAuthorities(), GrantedAuthority::getAuthority);
        for (ConfigAttribute permission : permissions) {
            if (auths.contains(permission.getAttribute())) {
                return;
            }
        }
        // 当token携带权限与资源所需访问权限不符时,驳回
        throw new AccessDeniedException("无访问权限!");
    }

    @Override
    public boolean supports(ConfigAttribute attribute) {
        return true;
    }

    @Override
    public boolean supports(Clreplaced<?> clazz) {
        return true;
    }
}

17 Source : AppFilterInvocationSecurityMetadataSource.java
with GNU General Public License v3.0
from chenCmengmengda

/**
 * 自定义方法。最好在项目启动时,去数据库查询一次就好。
 * 数据库查询一次 权限表出现的所有要拦截的url
 */
public void loadResourceDefine() {
    map = new HashMap<>();
    Collection<ConfigAttribute> array;
    ConfigAttribute cfg;
    // 去数据库查询 使用dao层。 你使用自己的即可
    TbPermissionExample example = new TbPermissionExample();
    List<TbPermission> permissions = permissionMapper.selectByExample(example);
    for (TbPermission permission : permissions) {
        array = new ArrayList<>();
        // 下面你可以添加你想要比较的信息过去。 注意的是,需要在用户登录时存储的权限信息一致
        cfg = new SecurityConfig(permission.getPermissionname());
        // 此处添加了资源菜单的名字,例如请求方法到ConfigAttribute的集合中去。此处添加的信息将会作为MyAccessDecisionManager类的decide的第三个参数。
        array.add(cfg);
        // 用权限的getUrl() 作为map的key,用ConfigAttribute的集合作为 value,
        map.put(permission.getUrl(), array);
    }
}

16 Source : CustomSecurityMetadataSource.java
with Apache License 2.0
from zhouxx

public Map<RequestMatcher, Collection<ConfigAttribute>> getRequestMatchersPermitAllMap() {
    if (CollectionUtils.isEmpty(requestMatchersPermitAllMap)) {
        List<AntPathRequestMatcher> requestMatchers = securityBizProperties.getPermitAllPatterns().stream().map(requestMatcher -> new AntPathRequestMatcher(requestMatcher.getPattern(), requestMatcher.getMethod().toString())).collect(Collectors.toList());
        for (RequestMatcher requestMatcher : requestMatchers) {
            ConfigAttribute configAttribute = new SecurityConfig("ROLE_PUBLIC");
            requestMatchersPermitAllMap.put(requestMatcher, Collections.singletonList(configAttribute));
        }
    }
    return requestMatchersPermitAllMap;
}

16 Source : ResourceServiceTest.java
with Apache License 2.0
from zhoutaoo

@Test
@Ignore
public void testGetConfigAttributesByUrl_假如存在如上资源信息_当请求url存在参数时_那么返回匹配的资源信息() {
    ConfigAttribute attributesByUrl = resourceService.findConfigAttributesByUrl(new HttpServletRequestAuthWrapper(new MockHttpServletRequest(), "/users/1/order", "GET"));
    replacedert.replacedertEquals("NONEXISTENT_URL", attributesByUrl.getAttribute());
}

16 Source : ResourceServiceTest.java
with Apache License 2.0
from zhoutaoo

@Test
@Ignore
public void testGetConfigAttributesByUrl_假如存在如上资源信息_当请求存在的资源时_那么返回url和method都匹配的资源信息() {
    ConfigAttribute attributesByUrl = resourceService.findConfigAttributesByUrl(new HttpServletRequestAuthWrapper(new MockHttpServletRequest(), "/users", "POST"));
    replacedert.replacedertEquals("user_manager:btn_add", attributesByUrl.getAttribute());
}

16 Source : ResourceServiceTest.java
with Apache License 2.0
from zhoutaoo

@Test
@Ignore
public void testGetConfigAttributesByUrl_假如存在如上资源信息_当请求不存在method的资源时_那么返回NONEXISTENT_URL() {
    ConfigAttribute attributesByUrl = resourceService.findConfigAttributesByUrl(new HttpServletRequestAuthWrapper(new MockHttpServletRequest(), "/users/1/order", "POST"));
    replacedert.replacedertEquals("NONEXISTENT_URL", attributesByUrl.getAttribute());
}

16 Source : ResourceLocator.java
with MIT License
from uhonliu

/**
 * 加载授权列表
 */
public void loadAuthority() {
    Collection<ConfigAttribute> array;
    ConfigAttribute cfg;
    HashMap<String, Collection<ConfigAttribute>> configAttributes = Maps.newHashMap();
    try {
        // 查询所有接口
        List<AuthorityResource> list = baseAuthorityServiceClient.findAuthorityResource().getData();
        if (list != null) {
            for (AuthorityResource item : list) {
                String path = item.getPath();
                if (path == null) {
                    continue;
                }
                String fullPath = getFullPath(item.getServiceId(), path);
                item.setPath(fullPath);
                array = configAttributes.get(fullPath);
                if (array == null) {
                    array = new ArrayList<>();
                }
                // noinspection SuspiciousMethodCalls
                if (!array.contains(item.getAuthority())) {
                    cfg = new SecurityConfig(item.getAuthority());
                    array.add(cfg);
                }
                configAttributes.put(fullPath, array);
            }
            this.configAttributes.clear();
            this.authorityResources.clear();
            this.configAttributes = configAttributes;
            this.authorityResources = list;
        }
        log.info("=============加载动态权限:{}==============", this.authorityResources.size());
    } catch (Exception e) {
        log.error("加载动态权限错误:{}", e.getMessage());
    }
}

16 Source : ResourceLocator.java
with MIT License
from uhonliu

/**
 * 加载授权列表
 */
public List<AuthorityResource> loadAuthorityResources() {
    List<AuthorityResource> resources = Lists.newArrayList();
    Collection<ConfigAttribute> array;
    ConfigAttribute cfg;
    try {
        // 查询所有接口
        resources = baseAuthorityServiceClient.findAuthorityResource().getData();
        if (resources != null) {
            for (AuthorityResource item : resources) {
                String path = item.getPath();
                if (path == null) {
                    continue;
                }
                String fullPath = getFullPath(item.getServiceId(), path);
                item.setPath(fullPath);
                array = configAttributes.get(fullPath);
                if (array == null) {
                    array = new ArrayList<>();
                }
                if (!array.contains(item.getAuthority())) {
                    cfg = new SecurityConfig(item.getAuthority());
                    array.add(cfg);
                }
                configAttributes.put(fullPath, array);
            }
            log.info("=============加载动态权限:{}==============", resources.size());
        }
    } catch (Exception e) {
        log.error("加载动态权限错误:{}", e.getMessage());
    }
    return resources;
}

16 Source : MyInvocationSecurityMetadataSourceService.java
with Apache License 2.0
from realXuJiang

/**
 * 加载资源,初始化资源变量
 */
public void loadResourceDefine() {
    map = new HashMap<>();
    Collection<ConfigAttribute> array;
    ConfigAttribute cfg;
    List<SysPermission> permissions = permissionRepository.findAll();
    for (SysPermission permission : permissions) {
        array = new ArrayList<>();
        cfg = new SecurityConfig(permission.getName());
        array.add(cfg);
        map.put(permission.getUrl(), array);
    }
}

16 Source : UrlRoleVoter.java
with Apache License 2.0
from muxiangqiu

public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
    if (authentication == null) {
        return ACCESS_DENIED;
    }
    int result = ACCESS_ABSTAIN;
    Collection<? extends GrantedAuthority> authorities = extractAuthorities(authentication);
    for (ConfigAttribute attribute : attributes) {
        if (this.supports(attribute)) {
            result = ACCESS_DENIED;
            for (GrantedAuthority authority : authorities) {
                if (attribute.getAttribute().equals(authority.getAuthority())) {
                    return ACCESS_GRANTED;
                }
            }
        }
    }
    return result;
}

16 Source : ComponentRoleVoter.java
with Apache License 2.0
from muxiangqiu

public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
    if (authentication == null) {
        return ACCESS_DENIED;
    }
    if (CollectionUtils.isEmpty(attributes)) {
        return ACCESS_GRANTED;
    }
    int result = ACCESS_ABSTAIN;
    Component component = (Component) object;
    String componentType = "";
    if (component.getComponentType() != null) {
        componentType = component.getComponentType().name();
    }
    Collection<? extends GrantedAuthority> authorities = extractAuthorities(authentication);
    for (ConfigAttribute attribute : attributes) {
        if (this.supports(attribute)) {
            result = ACCESS_DENIED;
            for (GrantedAuthority authority : authorities) {
                if (attribute.getAttribute().startsWith((authority.getAuthority() + "_" + componentType))) {
                    return ACCESS_GRANTED;
                }
            }
        }
    }
    return result;
}

16 Source : LogicalOrAccessDecisionManager.java
with BSD 3-Clause "New" or "Revised" License
from dhis2

@Override
public boolean supports(ConfigAttribute configAttribute) {
    for (AccessDecisionManager accessDecisionManager : accessDecisionManagers) {
        if (accessDecisionManager.supports(configAttribute)) {
            return true;
        }
    }
    return false;
}

15 Source : SpreadsheetAccessDecisionVoter.java
with MIT License
from timtebeek

@Override
public int vote(Authentication authentication, MethodInvocation methodInvocation, Collection<ConfigAttribute> attributes) {
    for (ConfigAttribute configAttribute : attributes) {
        if (supports(configAttribute)) {
            User principal = (User) authentication.getPrincipal();
            Spreadsheet domainObjectInstance = (Spreadsheet) getDomainObjectInstance(methodInvocation);
            return hreplacedpreadsheetAccess(principal, domainObjectInstance) ? ACCESS_GRANTED : ACCESS_DENIED;
        }
    }
    return ACCESS_ABSTAIN;
}

15 Source : MyInvocationSecurityMetadataSourceService.java
with MIT License
from smltq

/**
 * 初始化 所有资源 对应的角色
 */
public void loadResourceDefine() {
    map = new HashMap<>(16);
    // 权限资源 和 角色对应的表  也就是 角色权限 中间表
    List<RolePermisson> rolePermissons = permissionMapper.getRolePermissions();
    // 某个资源 可以被哪些角色访问
    for (RolePermisson rolePermisson : rolePermissons) {
        String url = rolePermisson.getUrl();
        String roleName = rolePermisson.getRoleName();
        ConfigAttribute role = new SecurityConfig(roleName);
        if (map.containsKey(url)) {
            map.get(url).add(role);
        } else {
            List<ConfigAttribute> list = new ArrayList<>();
            list.add(role);
            map.put(url, list);
        }
    }
}

15 Source : MyAccessDecisionManager.java
with GNU General Public License v3.0
from microacup

/**
 * @param authentication
 * @param object
 * @param configAttributes
 * @throws org.springframework.security.access.AccessDeniedException
 * @throws org.springframework.security.authentication.InsufficientAuthenticationException
 */
@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) {
    if (null == configAttributes || configAttributes.size() <= 0) {
        return;
    }
    for (ConfigAttribute attr : configAttributes) {
        String attribute = attr.getAttribute();
        for (GrantedAuthority ga : authentication.getAuthorities()) {
            if (attribute.equals(ga.getAuthority())) {
                return;
            }
        }
    }
    throw new AccessDeniedException("no right");
}

See More Examples