Vincent.Chan‘s Blog

public abstract ConfigAttributeDefinition lookupAttributes(String url);

public class RdbmsBasedFilterInvocationDefinitionSource extends AbstractFilterInvocationDefinitionSource

/**
* <class>ConfigableFilterInvocationDefinition</class> 支持 Perl5 和 ant Path 两种风格的资源配置方式
* @since 2006-1-19
* @author 王政
* @version $Id: ConfigableFilterInvocationDefinition.java,v 1.3 2006/01/19 09:40:37 wz Exp $
*/
public interface ConfigableFilterInvocationDefinition {
       
        /** The Perl5 expression  */
        String PERL5_KEY = "PATTERN_TYPE_PERL5";
   
    /** The ant path expression */
    String ANT_PATH_KEY = "PATTERN_TYPE_APACHE_ANT";
       
    /** 标准分隔符 */
    String STAND_DELIM_CHARACTER = ",";
   
    /**
     * Set resource expression, the value must be {@link #PERL5_KEY_REG_EXP} or {@link #ANT_PATH_KEY}
     * @see #REOURCE_EXPRESSION_PERL5_REG_EXP
     * @see #RESOURCE_EXPRESSION_ANT_PATH_KEY
     * @param resourceExpression the resource expression
     */
    void setResourceExpression(String resourceExpression);
   
    /**
     *
     * @return resource expression
     */
    String getResourceExpression();
   
    /**
     * Set whether convert url to lowercase before comparison
     * @param convertUrlToLowercaseBeforeComparison whether convertUrlToLowercaseBeforeComparison
     */
    void setConvertUrlToLowercaseBeforeComparison(boolean convertUrlToLowercaseBeforeComparison);
       
    /**
     *
     * @return whether convert url to lowercase before comparison
     */
    boolean isConvertUrlToLowercaseBeforeComparison();
   
}

/**
* <class>RdbmsBasedFilterInvocationDefinitionSource</class> 是基于数据库的权限存储实现, 它支持两种风格的配置
* @see com.skyon.uum.security.acegi.intercept.web.ConfigableFilterInvocationDefinition
* @see org.acegisecurity.intercept.web.RegExpBasedFilterInvocationDefinitionMap
* @see org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap
* @since 2006-1-19
* @author 王政
* @version $Id: RdbmsBasedFilterInvocationDefinitionSource.java,v 1.6 2006/02/13 03:20:55 wz Exp $
*/
public class RdbmsBasedFilterInvocationDefinitionSource extends AbstractFilterInvocationDefinitionSource
        implements ConfigableFilterInvocationDefinition, InitializingBean {
       
       
    //~ Static fields/initializers =============================================

    privatestaticfinal Log logger = LogFactory.getLog(RdbmsBasedFilterInvocationDefinitionSource.class);
       
    //        ~ Instance fields ========================================================
       
    privateString resourceExpression = PERL5_KEY;
   
    privateboolean convertUrlToLowercaseBeforeComparison = false;
           
    private ResourceMappingProvider resourceMappingProvider;
   
    //  ~ Methods ================================================================
   
        /**
        *
        * @see org.acegisecurity.intercept.web.AbstractFilterInvocationDefinitionSource#lookupAttributes(java.lang.String)
        */
        public ConfigAttributeDefinition lookupAttributes(String url){
                FilterInvocationDefinitionSource actualSource = populateFilterInvocationDefinitionSource();
               
                if(RegExpBasedFilterInvocationDefinitionMap.class.isInstance(actualSource)){
                        return((RegExpBasedFilterInvocationDefinitionMap) actualSource).lookupAttributes(url);
                }elseif(PathBasedFilterInvocationDefinitionMap.class.isInstance(actualSource)){
                        return((PathBasedFilterInvocationDefinitionMap) actualSource).lookupAttributes(url);
                }
               
                throw newIllegalStateException("wrong type of " + actualSource + ", it should be " + RegExpBasedFilterInvocationDefinitionMap.class
                                + " or " + PathBasedFilterInvocationDefinitionMap.class);               
        }
       
        /**
        *
        * @see org.acegisecurity.intercept.ObjectDefinitionSource#getConfigAttributeDefinitions()
        */
        publicIterator getConfigAttributeDefinitions(){
                FilterInvocationDefinitionSource actualSource = populateFilterInvocationDefinitionSource();
               
                if(RegExpBasedFilterInvocationDefinitionMap.class.isInstance(actualSource)){
                        return((RegExpBasedFilterInvocationDefinitionMap) actualSource).getConfigAttributeDefinitions();
                }elseif(PathBasedFilterInvocationDefinitionMap.class.isInstance(actualSource)){
                        return((PathBasedFilterInvocationDefinitionMap) actualSource).getConfigAttributeDefinitions();
                }
               
                throw newIllegalStateException("wrong type of " + actualSource + ", it should be " + RegExpBasedFilterInvocationDefinitionMap.class
                                + " or " + PathBasedFilterInvocationDefinitionMap.class);       
        }
       
       
    private FilterInvocationDefinitionSource populateFilterInvocationDefinitionSource(){                   
            FilterInvocationDefinitionMap definitionSource = null;
           
            if(PERL5_KEY.equals(getResourceExpression())){
                    definitionSource = new RegExpBasedFilterInvocationDefinitionMap();
            }elseif(ANT_PATH_KEY.equals(getResourceExpression())){
                    definitionSource = new PathBasedFilterInvocationDefinitionMap();
            }else{
                    throw newIllegalArgumentException("wrong resourceExpression value");
            }
       
        definitionSource.setConvertUrlToLowercaseBeforeComparison(isConvertUrlToLowercaseBeforeComparison());
       
        ResourceMapping[] mappings = getResourceMappingProvider().getResourceMappings();
        if(mappings == null || mappings.length ==0){
            return(FilterInvocationDefinitionSource) definitionSource;
        }
       
        for(int i = 0; i < mappings.length; i++){
            ResourceMapping mapping = mappings[i];
            String[] recipents = mapping.getRecipients();
           
            if(recipents == null || recipents.length == 0){
                if(logger.isErrorEnabled()){
                    logger.error("Notice, the resource : " + mapping.getResourcePath() + " hasn't no recipents, it will access by any one ! ");
                }
                continue;
            }
           
            StringBuffer valueBuffer = new StringBuffer();
            for (int j = 0; j < recipents.length; j++) {
                valueBuffer.append(recipents[j]);
                if (j < recipents.length - 1) {
                    valueBuffer.append(STAND_DELIM_CHARACTER);
                }
            }
            String value = valueBuffer.toString();                   
            addSecureUrl(definitionSource, mapping.getResourcePath(), value);
         }
     
        return (FilterInvocationDefinitionSource )definitionSource;
    }
       
   
    /**
     * @param source
     * @param name
     * @param value
     * @throws IllegalArgumentException
     */
    private synchronized void addSecureUrl(FilterInvocationDefinitionMap source, String name, String value)
        throws IllegalArgumentException {
       
        // Convert value to series of security configuration attributes
        ConfigAttributeEditor configAttribEd = new ConfigAttributeEditor();
        configAttribEd.setAsText(value);

        ConfigAttributeDefinition attr = (ConfigAttributeDefinition) configAttribEd.getValue();

        // Register the regular expression and its attribute
        source.addSecureUrl(name, attr);
    }
   
    省去 getter， setter....

}

public interface ResourceMappingProvider {
   
        String RESOURCE_PATH_PREFIX = "/";
       
    /**
     * Get Resource Mapping
     * @return resource mapping
     */
    ResourceMapping[] getResourceMappings();
   
}

publicclass ResourceMapping {
   
    // url
    privateString resourcePath;
   
    // 即角色
    privateString[] recipients = newString[0];
       
    省去 getter， setter....

}

<bean id="resourceCache" class="com.skyon.uum.security.acegi.intercept.web.cache.EhCacheBasedResourceCache">
                <property name="dataSource">
                        <ref bean="dataSource"></ref>
                </property>
                <property name="cache">
                        <bean parent="cacheTemplate">                               
                                <property name="cacheName"><value>resourceCache</value></property>
                        </bean>
        </property>
                <property name="allResourcesQuery">
                        <value>
                        select distinct t.id, t.id, t.parent_id, t.url, t.title, t.layer, t.type, t.application_id
                        from uum_resource t order by t.orderField
                        </value>
                </property>
        </bean>
       
        <bean id="permissionCache" class="com.skyon.uum.security.acegi.intercept.web.cache.EhCacheBasedPermissionCache">
                <property name="dataSource">
                        <ref bean="dataSource"></ref>
                </property>
                <property name="cache">
                        <bean parent="cacheTemplate">                               
                                <property name="cacheName"><value>permissionCache</value></property>
                        </bean>
        </property>
                <property name="recipentsResourceMappingQuery">
                        <value>
                        select r.name, p.resource_id from uum_permission p left outer join uum_role r on p.role_id = r.id
                        </value>
                </property>       
        </bean>
       
                       
        <bean id="resourceMappingProvider" class="com.skyon.uum.security.acegi.intercept.web.ResourceMappingProviderImpl" autowire="byType"/>

    <!-- ======================== AUTHENTICATION ======================= -->
   
    <!-- Note the order that entries are placed against the objectDefinitionSource is critical.
         The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
         Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last -->
    <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
        <property name="authenticationManager"><ref local="authenticationManager"/></property>
        <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
        <property name="objectDefinitionSource"><ref local="filterInvocationDefinitionSource"></ref></property>
    </bean>
       
        <bean id="filterInvocationDefinitionSource" class="com.skyon.uum.security.acegi.intercept.web.RdbmsBasedFilterInvocationDefinitionSource">
                <property name="resourceMappingProvider">
                        <ref local="resourceMappingProvider"></ref>
                </property>
                <property name="resourceExpression">
                        <value>PATTERN_TYPE_APACHE_ANT</value>
                </property>
        </bean>