NutzCN Logo
精华 自定义的注解拦截器的实现(nutzbook代码)
发布于 2667天前 作者 shusheng 2632 次浏览 复制 上一个帖子 下一个帖子
标签: nutzbook

handler类

package net.wendal.nutzbook.shiro.handler1;

import java.lang.annotation.Annotation;

import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.aop.RoleAnnotationHandler;
import org.apache.shiro.subject.Subject;

import net.wendal.nutzbook.shiro.anno.MyPermissionAnnotation;

public class MyAnnoHandler extends RoleAnnotationHandler{

	public MyAnnoHandler() {
		setAnnotationClass(MyPermissionAnnotation.class);
	}

	@Override
	public void assertAuthorized(Annotation a) throws AuthorizationException {
		if (!(a instanceof MyPermissionAnnotation))
			return;

		MyPermissionAnnotation rpAnnotation = (MyPermissionAnnotation) a;
		String[] roles_ = rpAnnotation.value();
		Subject subject = getSubject();

//		final String[] roles = new String[roles_.length];

//		Lang.each(roles_, new Each<InstalledRole>() {
//
//			@Override
//			public void invoke(int index, InstalledRole ele, int length) throws ExitLoop, ContinueLoop, LoopException {
//				roles[index] = ele.getName();
//			}
//		});

		if (roles_.length == 1) {
			subject.checkRole(roles_[0]);
			return;
		}
		if (Logical.AND.equals(rpAnnotation.logical())) {
			getSubject().checkRoles(roles_);
			return;
		}
		if (Logical.OR.equals(rpAnnotation.logical())) {
			boolean hasAtLeastOneRoles = false;
			for (String role : roles_)
				if (getSubject().hasRole(role))
					hasAtLeastOneRoles = true;
			if (!hasAtLeastOneRoles)
				getSubject().checkRole(roles_[0]);
		}
	}
}

拦截器

package net.wendal.nutzbook.shiro.handler1;

import org.apache.shiro.aop.AnnotationResolver;
import org.apache.shiro.authz.aop.RoleAnnotationMethodInterceptor;

public class MyAnnoInterceptor extends RoleAnnotationMethodInterceptor{

	public MyAnnoInterceptor() {
		setHandler(new MyAnnoHandler());
	}

	public MyAnnoInterceptor(AnnotationResolver resolver) {
		setHandler(new MyAnnoHandler());
		setResolver(resolver);
	}
}

package net.wendal.nutzbook.shiro.handler1;

import java.util.Collection;

import org.apache.shiro.aop.MethodInvocation;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor;
import org.nutz.aop.InterceptorChain;
import org.nutz.integration.shiro.NutShiroInterceptor;
import org.nutz.integration.shiro.NutShiroMethodInterceptor;

public class MyAnnoMethodInterceptor extends NutShiroMethodInterceptor {

	public MyAnnoMethodInterceptor(Collection<AuthorizingAnnotationMethodInterceptor> interceptors) {
		super.getMethodInterceptors().addAll(interceptors);
	}

	public MyAnnoMethodInterceptor() {
		super.getMethodInterceptors().add(new MyAnnoInterceptor());
	}

	@Override
	public void filter(InterceptorChain chain) throws Throwable {
		assertAuthorized(new NutShiroInterceptor(chain));
		chain.doChain();
	}

	
	@Override
	public void assertAuthorized(MethodInvocation methodInvocation) throws AuthorizationException {
		super.assertAuthorized(methodInvocation);
	}
}

process类

package net.wendal.nutzbook.shiro.forum;

import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.Collection;

import org.apache.shiro.authz.UnauthenticatedException;
import org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor;
import org.nutz.integration.shiro.NutShiro;
import org.nutz.integration.shiro.NutShiroInterceptor;
import org.nutz.integration.shiro.NutShiroProcessor;
import org.nutz.lang.util.NutMap;
import org.nutz.mvc.ActionContext;
import org.nutz.mvc.ActionInfo;
import org.nutz.mvc.NutConfig;

import net.wendal.nutzbook.shiro.anno.MyPermissionAnnotation;
import net.wendal.nutzbook.shiro.handler1.MyAnnoMethodInterceptor;

public class MyShiroProcessor extends NutShiroProcessor {

	public MyShiroProcessor(Collection<AuthorizingAnnotationMethodInterceptor> interceptors) {
		super.interceptor = new MyAnnoMethodInterceptor(interceptors);
    }

	public MyShiroProcessor(Collection<AuthorizingAnnotationMethodInterceptor> interceptors, Class<? extends Annotation>... annotations) {
		super.interceptor = new MyAnnoMethodInterceptor(interceptors);
		super.annotations = annotations;
	}

	public MyShiroProcessor() {
		super.interceptor = new MyAnnoMethodInterceptor();
	}
	
	protected void whenUnauthenticated(ActionContext ac, UnauthenticatedException e) throws Exception {
		ac.getResponse().addHeader("loginStatus", "accessDenied");
		NutMap re = new NutMap().setv("ok", 0);
		NutShiro.rendAjaxResp(ac.getRequest(), ac.getResponse(), re);
	}
	
	
	@Override
	public void init(NutConfig config, ActionInfo ai) throws Throwable {
		if (super.init) // 禁止重复初始化,常见于ioc注入且使用了单例
			throw new IllegalStateException("this Processor have bean inited!!");
		super.init(config, ai);
		if (super.annotations == null || super.annotations.length == 0) {
			super.match = NutShiro.match(ai.getMethod());
			if(!super.match){
				if(ai.getMethod().getAnnotation(MyPermissionAnnotation.class) != null){
					super.match = true;
			}
				
			}
		} else {
			super.match = NutShiro.match(ai.getMethod()) || hasAuthAnnotion(ai.getMethod(), super.annotations);
		}
		super.init = true;
	}
	
	
	private boolean hasAuthAnnotion(Method method, Class<? extends Annotation>[] annotations) {
		for (Class<? extends Annotation> clazz : annotations) {
			if (method.getAnnotation(clazz) != null) {
				return true;
			}
		}
		return false;
	}
}

在nutzbook-mvc-chain.js中,NutShiroProcessor 换成自己的MyShiroProcessor ,搞定

0 回复
添加回复
请先登陆
回到顶部