...

examcloud-core-basic-starter/src/main/java/cn/com/qmth/examcloud/core/basic/starter/config/DefaultWebMvcConfigurerAdapter.java

@@ -1,21 +1,22 @@
 package cn.com.qmth.examcloud.core.basic.starter.config;
 
-import java.util.ArrayList;
-import java.util.HashMap;
 import java.util.List;
-import java.util.Map;
 
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
 
-import cn.com.qmth.examcloud.commons.base.util.RegExpUtil;
+import cn.com.qmth.examcloud.commons.base.util.PathUtil;
+import cn.com.qmth.examcloud.commons.base.util.PropertiesUtil;
 import cn.com.qmth.examcloud.commons.web.interceptor.FirstInterceptor;
 import cn.com.qmth.examcloud.commons.web.redis.RedisClient;
 import cn.com.qmth.examcloud.commons.web.security.RequestPermissionInterceptor;
 import cn.com.qmth.examcloud.commons.web.security.bean.Role;
+import cn.com.qmth.examcloud.commons.web.security.bean.User;
 
 /**
  * 默认WebMvcConfigurer
@@ -30,51 +31,43 @@ public class DefaultWebMvcConfigurerAdapter extends WebMvcConfigurerAdapter {
 	@Autowired
 	RedisClient redisClient;
 
-	private static Map<String, String[]> rolePathMap = new HashMap<String, String[]>();
+	static {
+		PropertiesUtil.configureAndWatch(PathUtil.getResoucePath("security-mapping.properties"));
+	}
 
 	@Override
 	public void addInterceptors(InterceptorRegistry registry) {
 		registry.addInterceptor(new FirstInterceptor()).addPathPatterns("/**");
-		registry.addInterceptor(getRequestPermissionInterceptor()).addPathPatterns("/**");
+		RequestPermissionInterceptor requestPermissionInterceptor = getRequestPermissionInterceptor();
+		requestPermissionInterceptor.configureAndWatch("security-exclusions.conf");
+		registry.addInterceptor(requestPermissionInterceptor).addPathPatterns("/**");
 		super.addInterceptors(registry);
 	}
 
 	@Bean
 	public RequestPermissionInterceptor getRequestPermissionInterceptor() {
-		String[] exclusions = new String[]{".*login.*", ".*\\[getLoginUser\\].*",
-				RegExpUtil.escape("[${app.api.root}/org]:[/download]:[GET]"),
-				RegExpUtil.escape("[${app.api.root}/course]:[/download]:[GET]"),
-				RegExpUtil.escape("[${app.api.root}/course]:[]:[GET]"),
-				RegExpUtil.escape("[${app.api.root}/org]:[/{id}]:[GET]"),
-				RegExpUtil.escape("[${app.api.root}/org]:[/all]:[GET]"),
-				RegExpUtil.escape("[${app.api.root}/student]:[/{id}]:[GET]"),
-				RegExpUtil.escape("[${app.api.root}/studentFaceInfo]:[/identityNumber]:[GET]"),
-				RegExpUtil.escape("[${app.api.root}/user]:[/{id}]:[GET]"),
-				RegExpUtil.escape("[${app.api.root}/org]:[/logo]:[GET]"),
-				RegExpUtil.escape("[${$rmp}demo]:[getXxx,getYYY]:[POST]")
-				//
-		};
-
-		return new RequestPermissionInterceptor(redisClient, exclusions) {
+		return new RequestPermissionInterceptor(redisClient) {
 
 			@Override
-			public boolean hasPermission(String mappingPath, List<Role> roleList) {
-				String[] roles = rolePathMap.get(mappingPath);
-				if (roles == null) {
-					return true;
-				}
-				if (roleList == null) {
+			public boolean hasPermission(String mappingPath, User user) {
+				List<Role> roleList = user.getRoleList();
+				if (CollectionUtils.isEmpty(roleList)) {
 					return false;
 				}
-				List<String> roleCodes = new ArrayList<String>();
-				for (Role role : roleList) {
-					roleCodes.add(role.getRoleCode());
+
+				String roles = PropertiesUtil.getString(mappingPath);
+				if (StringUtils.isBlank(roles)) {
+					return true;
 				}
-				for (String role : roles) {
-					if (roleCodes.contains(role)) {
+
+				roles = "," + roles + ",";
+
+				for (Role role : roleList) {
+					if (roles.contains("," + role.getRoleCode() + ",")) {
 						return true;
 					}
 				}
+
 				return false;
 			}
 

examcloud-core-basic-starter/src/main/resources/security-exclusions.conf

@@ -0,0 +1,14 @@
+regexp:.*login.*
+regexp:.*\[getLoginUser\].*
+ 
+[${app.api.root}/org]:[/download]:[GET]
+[${app.api.root}/course]:[/download]:[GET]
+[${app.api.root}/course]:[]:[GET]
+[${app.api.root}/org]:[/{id}]:[GET]
+[${app.api.root}/org]:[/all]:[GET]
+[${app.api.root}/student]:[/{id}]:[GET]
+[${app.api.root}/studentFaceInfo]:[/identityNumber]:[GET]
+[${app.api.root}/user]:[/{id}]:[GET]
+[${app.api.root}/org]:[/logo]:[GET]
+[${$rmp}demo]:[getXxx,getYYY]:[POST]
+

examcloud-core-basic-starter/src/main/resources/security-mapping.properties

@@ -0,0 +1,2 @@
+[${$rmp}demo][getXxx,getYYY][POST] fdsaf,adfmm,
+