提交拦截器

examcloud-core-questions-starter/src/main/java/cn/com/qmth/examcloud/core/questions/starter/config/DefaultWebMvcConfigurerAdapter.java

@@ -0,0 +1,123 @@
+package cn.com.qmth.examcloud.core.questions.starter.config;
+
+import java.util.List;
+import java.util.Set;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+
+import com.google.common.collect.Sets;
+
+import cn.com.qmth.examcloud.commons.base.util.PathUtil;
+import cn.com.qmth.examcloud.commons.base.util.PropertiesUtil;
+import cn.com.qmth.examcloud.commons.base.util.RegExpUtil;
+import cn.com.qmth.examcloud.commons.web.interceptor.FirstInterceptor;
+import cn.com.qmth.examcloud.commons.web.redis.RedisClient;
+import cn.com.qmth.examcloud.commons.web.security.RequestPermissionInterceptor;
+import cn.com.qmth.examcloud.commons.web.security.SpringCloudInterceptor;
+import cn.com.qmth.examcloud.commons.web.security.bean.Role;
+import cn.com.qmth.examcloud.commons.web.security.bean.User;
+import cn.com.qmth.examcloud.commons.web.security.bean.UserType;
+import cn.com.qmth.examcloud.commons.web.security.enums.RoleMeta;
+
+/**
+ * 默认WebMvcConfigurer
+ *
+ * @author WANGWEI
+ * @date 2018年5月22日
+ * @Copyright (c) 2018-? http://qmth.com.cn All Rights Reserved.
+ */
+@Configuration
+public class DefaultWebMvcConfigurerAdapter extends WebMvcConfigurerAdapter {
+
+	@Autowired
+	RedisClient redisClient;
+
+	static {
+		PropertiesUtil.configureAndWatch(PathUtil.getResoucePath("security-mapping.properties"));
+	}
+
+	@Override
+	public void addInterceptors(InterceptorRegistry registry) {
+		registry.addInterceptor(new FirstInterceptor()).addPathPatterns("/**");
+
+		SpringCloudInterceptor springCloudInterceptor = new SpringCloudInterceptor();
+		springCloudInterceptor.setRedisClient(redisClient);
+		//registry.addInterceptor(springCloudInterceptor).addPathPatterns("/**");
+
+		RequestPermissionInterceptor requestPermissionInterceptor = getRequestPermissionInterceptor();
+		requestPermissionInterceptor.configureAndWatch("security-exclusions.conf");
+		registry.addInterceptor(requestPermissionInterceptor).addPathPatterns("/**");
+
+		super.addInterceptors(registry);
+	}
+
+	@Bean
+	public RequestPermissionInterceptor getRequestPermissionInterceptor() {
+		return new RequestPermissionInterceptor(redisClient) {
+
+			@Override
+			public boolean hasPermission(String mappingPath, User user) {
+
+				// 学生鉴权
+				if (user.getUserType().equals(UserType.STUDENT)) {
+					String key = "[s]" + mappingPath;
+					return PropertiesUtil.getBoolean(key, false);
+				}
+
+				List<Role> roleList = user.getRoleList();
+
+				if (CollectionUtils.isEmpty(roleList)) {
+					return false;
+				}
+
+				for (Role role : roleList) {
+					if (role.getRoleCode().equals(RoleMeta.SUPER_ADMIN.name())) {
+						return true;
+					}
+				}
+
+				// 权限组集合
+				String privilegeGroups = PropertiesUtil.getString(mappingPath);
+				if (StringUtils.isBlank(privilegeGroups)) {
+					return true;
+				}
+
+				// 用户权限集合
+				Set<String> rolePrivilegeList = Sets.newHashSet();
+				Long rootOrgId = user.getRootOrgId();
+				for (Role role : roleList) {
+					String key = "$_P_" + rootOrgId + "_" + role.getRoleId();
+					String rolePrivileges = redisClient.get(key, String.class);
+
+					List<String> rpList = RegExpUtil.findAll(rolePrivileges, "\\w+");
+					rolePrivilegeList.addAll(rpList);
+				}
+
+				List<String> privilegeGroupList = RegExpUtil.findAll(privilegeGroups, "[^\\;]+");
+
+				for (String pg : privilegeGroupList) {
+					pg = pg.trim();
+					if (StringUtils.isBlank(pg)) {
+						continue;
+					}
+
+					List<String> pList = RegExpUtil.findAll(pg, "[^\\,]+");
+					if (rolePrivilegeList.containsAll(pList)) {
+						return true;
+					} else {
+						continue;
+					}
+				}
+
+				return false;
+			}
+
+		};
+	}
+}