权限控制:分拆对角色的校验的代码为多个方法,方便灵活重写部分代码
This commit is contained in:
parent
544a869416
commit
46ccadec08
@ -240,6 +240,7 @@ public abstract class AbstractVerifier<T> implements Verifier<T>, IdCallback {
|
|||||||
* @return
|
* @return
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
|
@Override
|
||||||
public boolean verifyAccess(SQLConfig config) throws Exception {
|
public boolean verifyAccess(SQLConfig config) throws Exception {
|
||||||
String table = config == null ? null : config.getTable();
|
String table = config == null ? null : config.getTable();
|
||||||
if (table == null) {
|
if (table == null) {
|
||||||
@ -249,7 +250,7 @@ public abstract class AbstractVerifier<T> implements Verifier<T>, IdCallback {
|
|||||||
String role = config.getRole();
|
String role = config.getRole();
|
||||||
if (role == null) {
|
if (role == null) {
|
||||||
role = UNKNOWN;
|
role = UNKNOWN;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (ROLE_MAP.containsKey(role) == false) {
|
if (ROLE_MAP.containsKey(role) == false) {
|
||||||
Set<String> NAMES = ROLE_MAP.keySet();
|
Set<String> NAMES = ROLE_MAP.keySet();
|
||||||
@ -262,14 +263,72 @@ public abstract class AbstractVerifier<T> implements Verifier<T>, IdCallback {
|
|||||||
}
|
}
|
||||||
|
|
||||||
RequestMethod method = config.getMethod();
|
RequestMethod method = config.getMethod();
|
||||||
|
verifyRole(config, table, method, role);
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void verifyRole(SQLConfig config, String table, RequestMethod method, String role) throws Exception {
|
||||||
|
verifyAllowRole(config, table, method, role); //验证允许的角色
|
||||||
|
verifyUseRole(config, table, method, role); //验证使用的角色
|
||||||
|
}
|
||||||
|
|
||||||
verifyRole(table, method, role);//验证允许的角色
|
/**允许请求使用的所以可能角色
|
||||||
|
* @param config
|
||||||
|
* @param table
|
||||||
|
* @param method
|
||||||
|
* @param role
|
||||||
|
* @return
|
||||||
|
* @throws Exception
|
||||||
|
* @see {@link apijson.JSONObject#KEY_ROLE}
|
||||||
|
*/
|
||||||
|
public void verifyAllowRole(SQLConfig config, String table, RequestMethod method, String role) throws Exception {
|
||||||
|
Log.d(TAG, "verifyAllowRole table = " + table + "; method = " + method + "; role = " + role);
|
||||||
|
if (table == null) {
|
||||||
|
table = config == null ? null : config.getTable();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (table != null) {
|
||||||
|
if (method == null) {
|
||||||
|
method = config == null ? GET : config.getMethod();
|
||||||
|
}
|
||||||
|
if (role == null) {
|
||||||
|
role = config == null ? UNKNOWN : config.getRole();
|
||||||
|
}
|
||||||
|
|
||||||
|
Map<RequestMethod, String[]> map = ACCESS_MAP.get(table);
|
||||||
|
|
||||||
|
if (map == null || Arrays.asList(map.get(method)).contains(role) == false) {
|
||||||
|
throw new IllegalAccessException(table + " 不允许 " + role + " 用户的 " + method.name() + " 请求!");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**校验请求使用的角色,角色不好判断,让访问者发过来角色名,OWNER,CONTACT,ADMIN等
|
||||||
|
* @param config
|
||||||
|
* @param table
|
||||||
|
* @param method
|
||||||
|
* @param role
|
||||||
|
* @return
|
||||||
|
* @throws Exception
|
||||||
|
* @see {@link apijson.JSONObject#KEY_ROLE}
|
||||||
|
*/
|
||||||
|
public void verifyUseRole(SQLConfig config, String table, RequestMethod method, String role) throws Exception {
|
||||||
|
Log.d(TAG, "verifyUseRole table = " + table + "; method = " + method + "; role = " + role);
|
||||||
//验证角色,假定真实强制匹配<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
|
//验证角色,假定真实强制匹配<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
|
||||||
|
|
||||||
String visitorIdKey = getVisitorIdKey(config);
|
String visitorIdKey = getVisitorIdKey(config);
|
||||||
|
if (table == null) {
|
||||||
|
table = config == null ? null : config.getTable();
|
||||||
|
}
|
||||||
|
if (method == null) {
|
||||||
|
method = config == null ? GET : config.getMethod();
|
||||||
|
}
|
||||||
|
if (role == null) {
|
||||||
|
role = config == null ? UNKNOWN : config.getRole();
|
||||||
|
}
|
||||||
|
|
||||||
Object requestId;
|
Object requestId;
|
||||||
switch (role) {
|
switch (role) {
|
||||||
case LOGIN://verifyRole通过就行
|
case LOGIN://verifyRole通过就行
|
||||||
@ -366,39 +425,6 @@ public abstract class AbstractVerifier<T> implements Verifier<T>, IdCallback {
|
|||||||
}
|
}
|
||||||
|
|
||||||
//验证角色,假定真实强制匹配>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
//验证角色,假定真实强制匹配>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/**允许请求,角色不好判断,让访问者发过来角色名,OWNER,CONTACT,ADMIN等
|
|
||||||
* @param table
|
|
||||||
* @param method
|
|
||||||
* @param role
|
|
||||||
* @return
|
|
||||||
* @throws Exception
|
|
||||||
* @see {@link apijson.JSONObject#KEY_ROLE}
|
|
||||||
*/
|
|
||||||
public void verifyRole(String table, RequestMethod method, String role) throws Exception {
|
|
||||||
Log.d(TAG, "verifyRole table = " + table + "; method = " + method + "; role = " + role);
|
|
||||||
if (table != null) {
|
|
||||||
if (method == null) {
|
|
||||||
method = GET;
|
|
||||||
}
|
|
||||||
if (role == null) {
|
|
||||||
role = UNKNOWN;
|
|
||||||
}
|
|
||||||
|
|
||||||
Map<RequestMethod, String[]> map = ACCESS_MAP.get(table);
|
|
||||||
|
|
||||||
if (map == null || Arrays.asList(map.get(method)).contains(role) == false) {
|
|
||||||
throw new IllegalAccessException(table + " 不允许 " + role + " 用户的 " + method.name() + " 请求!");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -24,7 +24,9 @@ public interface Verifier<T> {
|
|||||||
*/
|
*/
|
||||||
boolean verifyAccess(SQLConfig config) throws Exception;
|
boolean verifyAccess(SQLConfig config) throws Exception;
|
||||||
|
|
||||||
/**允许请求,角色不好判断,让访问者发过来角色名,OWNER,CONTACT,ADMIN等
|
|
||||||
|
/**校验请求使用的角色,角色不好判断,让访问者发过来角色名,OWNER,CONTACT,ADMIN等
|
||||||
|
* @param config
|
||||||
* @param table
|
* @param table
|
||||||
* @param method
|
* @param method
|
||||||
* @param role
|
* @param role
|
||||||
@ -32,7 +34,7 @@ public interface Verifier<T> {
|
|||||||
* @throws Exception
|
* @throws Exception
|
||||||
* @see {@link apijson.JSONObject#KEY_ROLE}
|
* @see {@link apijson.JSONObject#KEY_ROLE}
|
||||||
*/
|
*/
|
||||||
void verifyRole(String table, RequestMethod method, String role) throws Exception;
|
void verifyRole(SQLConfig config, String table, RequestMethod method, String role) throws Exception;
|
||||||
|
|
||||||
/**登录校验
|
/**登录校验
|
||||||
* @param config
|
* @param config
|
||||||
@ -94,4 +96,5 @@ public interface Verifier<T> {
|
|||||||
|
|
||||||
String getVisitorIdKey(SQLConfig config);
|
String getVisitorIdKey(SQLConfig config);
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user