权限控制:分拆对角色的校验的代码为多个方法,方便灵活重写部分代码

This commit is contained in:
TommyLemon 2022-03-27 02:42:33 +08:00
parent 544a869416
commit 46ccadec08
2 changed files with 67 additions and 38 deletions

View File

@ -240,6 +240,7 @@ public abstract class AbstractVerifier<T> implements Verifier<T>, IdCallback {
* @return * @return
* @throws Exception * @throws Exception
*/ */
@Override
public boolean verifyAccess(SQLConfig config) throws Exception { public boolean verifyAccess(SQLConfig config) throws Exception {
String table = config == null ? null : config.getTable(); String table = config == null ? null : config.getTable();
if (table == null) { if (table == null) {
@ -249,7 +250,7 @@ public abstract class AbstractVerifier<T> implements Verifier<T>, IdCallback {
String role = config.getRole(); String role = config.getRole();
if (role == null) { if (role == null) {
role = UNKNOWN; role = UNKNOWN;
} }
else { else {
if (ROLE_MAP.containsKey(role) == false) { if (ROLE_MAP.containsKey(role) == false) {
Set<String> NAMES = ROLE_MAP.keySet(); Set<String> NAMES = ROLE_MAP.keySet();
@ -262,14 +263,72 @@ public abstract class AbstractVerifier<T> implements Verifier<T>, IdCallback {
} }
RequestMethod method = config.getMethod(); RequestMethod method = config.getMethod();
verifyRole(config, table, method, role);
return true;
}
@Override
public void verifyRole(SQLConfig config, String table, RequestMethod method, String role) throws Exception {
verifyAllowRole(config, table, method, role); //验证允许的角色
verifyUseRole(config, table, method, role); //验证使用的角色
}
verifyRole(table, method, role);//验证允许的角色 /**允许请求使用的所以可能角色
* @param config
* @param table
* @param method
* @param role
* @return
* @throws Exception
* @see {@link apijson.JSONObject#KEY_ROLE}
*/
public void verifyAllowRole(SQLConfig config, String table, RequestMethod method, String role) throws Exception {
Log.d(TAG, "verifyAllowRole table = " + table + "; method = " + method + "; role = " + role);
if (table == null) {
table = config == null ? null : config.getTable();
}
if (table != null) {
if (method == null) {
method = config == null ? GET : config.getMethod();
}
if (role == null) {
role = config == null ? UNKNOWN : config.getRole();
}
Map<RequestMethod, String[]> map = ACCESS_MAP.get(table);
if (map == null || Arrays.asList(map.get(method)).contains(role) == false) {
throw new IllegalAccessException(table + " 不允许 " + role + " 用户的 " + method.name() + " 请求!");
}
}
}
/**校验请求使用的角色角色不好判断让访问者发过来角色名OWNER,CONTACT,ADMIN等
* @param config
* @param table
* @param method
* @param role
* @return
* @throws Exception
* @see {@link apijson.JSONObject#KEY_ROLE}
*/
public void verifyUseRole(SQLConfig config, String table, RequestMethod method, String role) throws Exception {
Log.d(TAG, "verifyUseRole table = " + table + "; method = " + method + "; role = " + role);
//验证角色假定真实强制匹配<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< //验证角色假定真实强制匹配<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
String visitorIdKey = getVisitorIdKey(config); String visitorIdKey = getVisitorIdKey(config);
if (table == null) {
table = config == null ? null : config.getTable();
}
if (method == null) {
method = config == null ? GET : config.getMethod();
}
if (role == null) {
role = config == null ? UNKNOWN : config.getRole();
}
Object requestId; Object requestId;
switch (role) { switch (role) {
case LOGIN://verifyRole通过就行 case LOGIN://verifyRole通过就行
@ -366,39 +425,6 @@ public abstract class AbstractVerifier<T> implements Verifier<T>, IdCallback {
} }
//验证角色假定真实强制匹配>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> //验证角色假定真实强制匹配>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
return true;
}
/**允许请求角色不好判断让访问者发过来角色名OWNER,CONTACT,ADMIN等
* @param table
* @param method
* @param role
* @return
* @throws Exception
* @see {@link apijson.JSONObject#KEY_ROLE}
*/
public void verifyRole(String table, RequestMethod method, String role) throws Exception {
Log.d(TAG, "verifyRole table = " + table + "; method = " + method + "; role = " + role);
if (table != null) {
if (method == null) {
method = GET;
}
if (role == null) {
role = UNKNOWN;
}
Map<RequestMethod, String[]> map = ACCESS_MAP.get(table);
if (map == null || Arrays.asList(map.get(method)).contains(role) == false) {
throw new IllegalAccessException(table + " 不允许 " + role + " 用户的 " + method.name() + " 请求!");
}
}
} }

View File

@ -24,7 +24,9 @@ public interface Verifier<T> {
*/ */
boolean verifyAccess(SQLConfig config) throws Exception; boolean verifyAccess(SQLConfig config) throws Exception;
/**允许请求角色不好判断让访问者发过来角色名OWNER,CONTACT,ADMIN等
/**校验请求使用的角色角色不好判断让访问者发过来角色名OWNER,CONTACT,ADMIN等
* @param config
* @param table * @param table
* @param method * @param method
* @param role * @param role
@ -32,7 +34,7 @@ public interface Verifier<T> {
* @throws Exception * @throws Exception
* @see {@link apijson.JSONObject#KEY_ROLE} * @see {@link apijson.JSONObject#KEY_ROLE}
*/ */
void verifyRole(String table, RequestMethod method, String role) throws Exception; void verifyRole(SQLConfig config, String table, RequestMethod method, String role) throws Exception;
/**登录校验 /**登录校验
* @param config * @param config
@ -94,4 +96,5 @@ public interface Verifier<T> {
String getVisitorIdKey(SQLConfig config); String getVisitorIdKey(SQLConfig config);
} }