Java 类org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource 实例源码

public void execute(FilterSecurityInterceptor filterSecurityInterceptor,
        Map<String, String> resourceMap) {
    Assert.notNull(filterSecurityInterceptor);
    Assert.notNull(resourceMap);

    logger.info("refresh url resource");

    LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = null;
    requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();

    for (Map.Entry<String, String> entry : resourceMap.entrySet()) {
        String key = entry.getKey();
        String value = entry.getValue();
        requestMap.put(new AntPathRequestMatcher(key),
                SecurityConfig.createListFromCommaDelimitedString(value));
    }

    FilterInvocationSecurityMetadataSource source = new DefaultFilterInvocationSecurityMetadataSource(
            requestMap);
    filterSecurityInterceptor.setSecurityMetadataSource(source);
}

protected void initInterceptor(FilterSecurityInterceptor interceptor) {
   FilterInvocationSecurityMetadataSource metaDatasource = interceptor.getSecurityMetadataSource();
   if (metaDatasource == null) {
      String msg = "Configuration error: FilterSecurityInterceptor bean "
            + "has not set an instance SecurityMetadataSource";
      log.error(msg);
      throw new RuntimeException(msg);
   }
   if (metaDatasource instanceof CibetFilterInvocationSecurityMetadataSource) {
      return;
   }
   CibetFilterInvocationSecurityMetadataSource cibetDel = new CibetFilterInvocationSecurityMetadataSource(
         metaDatasource);
   interceptor.setSecurityMetadataSource(cibetDel);
   log.debug("replace existing " + metaDatasource.getClass().getName()
         + " against CibetFilterInvocationSecurityMetadataSource");
}

private void addSecureChannel(List<Filter> filters, Protocol protocol) {
    ChannelProcessingFilter channelProcessingFilter = new ChannelProcessingFilter();
    channelProcessingFilter.setChannelDecisionManager(channelDecisionManager);

    RequestMatcher anyRequest = AnyRequestMatcher.INSTANCE;

    LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<>();
    Collection<ConfigAttribute> configAtts = new ArrayList<>();

    switch (protocol) {
        case HTTP:
            configAtts.add(new SecurityConfig("ANY_CHANNEL"));
            break;
        case HTTPS:
            configAtts.add(new SecurityConfig("REQUIRES_SECURE_CHANNEL"));
            break;
        default:
    }

    requestMap.put(anyRequest, configAtts);
    FilterInvocationSecurityMetadataSource securityMetadataSource = new DefaultFilterInvocationSecurityMetadataSource(requestMap);
    channelProcessingFilter.setSecurityMetadataSource(securityMetadataSource);

    filters.add(channelProcessingFilter);
}

public void refresh() {
    if ((filterSecurityInterceptor == null) || (urlSourceFetcher == null)) {
        logger.info(
                "filterSecurityInterceptor : {}, urlSourceFetcher : {}",
                filterSecurityInterceptor, urlSourceFetcher);

        return;
    }

    logger.info("execute refresh");

    Map<String, String> resourceMap = urlSourceFetcher.getSource(null);

    LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = null;
    requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();

    for (Map.Entry<String, String> entry : resourceMap.entrySet()) {
        String key = entry.getKey();
        String value = entry.getValue();
        requestMap.put(new AntPathRequestMatcher(key),
                SecurityConfig.createListFromCommaDelimitedString(value));
    }

    FilterInvocationSecurityMetadataSource source = new DefaultFilterInvocationSecurityMetadataSource(
            requestMap);
    filterSecurityInterceptor.setSecurityMetadataSource(source);
}

public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() {
    return securityMetadataSource;
}

public MockedSecurityInterceptor() {
    this.setAuthenticationManager(authentication -> null);

    AccessDecisionManager accessDecisionManager = mock(AccessDecisionManager.class);
    doReturn(true).when(accessDecisionManager).supports(any(Class.class));
    this.setAccessDecisionManager(accessDecisionManager);

    FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource =
        mock(FilterInvocationSecurityMetadataSource.class);
    doReturn(true).when(filterInvocationSecurityMetadataSource).supports(any(Class.class));
    this.setSecurityMetadataSource(filterInvocationSecurityMetadataSource);
}

/**
 * Refresh.
 */
public void refresh() {
    ApplicationContext ctx = WebApplicationContextUtils
            .getRequiredWebApplicationContext(servletContext);
    FilterInvocationSecurityMetadataSource fisms = (FilterInvocationSecurityMetadataSource) ctx
            .getBean("securityMetadataSource");
    // Get  FilterSecurityInterceptor
    FilterSecurityInterceptor fsi = (FilterSecurityInterceptor) ctx
            .getBean("filterSecurityInterceptor");
    // Set new SecurityMetadataSource to FilterSecurityInterceptor
    fsi.setSecurityMetadataSource(fisms);
    log.info(" SecurityMetadataSource updating ....");
}

public void setSecurityMetadataSource(
        FilterInvocationSecurityMetadataSource securityMetadataSource) {
    this.securityMetadataSource = securityMetadataSource;
}

public CibetFilterInvocationSecurityMetadataSource(
      FilterInvocationSecurityMetadataSource s) {
   originalMetadataSource = s;
}

/**
 * @return the originalMetadataSource
 */
public FilterInvocationSecurityMetadataSource getOriginalMetadataSource() {
   return originalMetadataSource;
}

private void addFilterSecurityInterceptor(List<Filter> filters, MotechURLSecurityRule securityRule) {
    Map<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<>();

    List<AccessDecisionVoter> voters = new ArrayList<>();
    Collection<ConfigAttribute> configAtts = new ArrayList<>();

    if (CollectionUtils.isEmpty(securityRule.getPermissionAccess()) && CollectionUtils.isEmpty(securityRule.getUserAccess())) {
        configAtts.add(new SecurityConfig("IS_AUTHENTICATED_FULLY"));
        AuthenticatedVoter authVoter = new AuthenticatedVoter();
        voters.add(authVoter);
    } else {
        if (!CollectionUtils.isEmpty(securityRule.getPermissionAccess())) {
            for (String permission : securityRule.getPermissionAccess()) {
                configAtts.add(new SecurityConfig(permission));
            }
        }
        if (!CollectionUtils.isEmpty(securityRule.getUserAccess())) {
            for (String userAccess : securityRule.getUserAccess()) {
                configAtts.add(new SecurityConfig(SecurityConfigConstants.USER_ACCESS_PREFIX + userAccess));
            }
        }
    }

    buildRequestMap(requestMap, configAtts, securityRule);

    FilterInvocationSecurityMetadataSource metadataSource = new DefaultFilterInvocationSecurityMetadataSource((LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>) requestMap);

    FilterSecurityInterceptor interceptor = new FilterSecurityInterceptor();
    interceptor.setSecurityMetadataSource(metadataSource);

    RoleVoter roleVoter = new RoleVoter();

    roleVoter.setRolePrefix(SecurityConfigConstants.ROLE_ACCESS_PREFIX);
    voters.add(roleVoter);

    voters.add(new MotechAccessVoter());

    AccessDecisionManager decisionManager = new AffirmativeBased(voters);

    interceptor.setAccessDecisionManager(decisionManager);
    interceptor.setAuthenticationManager(authenticationManager);

    filters.add(interceptor);
}

@Override
public Class<?> getObjectType() {
    return FilterInvocationSecurityMetadataSource.class;
}

@Override
public FilterInvocationSecurityMetadataSource getObject() {
    logger.info("###### DefaultFilterInvocationSecurityMetadataSource has changed. ######");
    return new DefaultFilterInvocationSecurityMetadataSource(buildRequestMap());

}

public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() {
    return this.securityMetadataSource;
}

public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource) {
    this.securityMetadataSource = newSource;
}

public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() {  
    return securityMetadataSource;  
}

public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource securityMetadataSource) {  
     this.securityMetadataSource = securityMetadataSource;  
}

/**
 * Gets the security metadata source.
 * 
 * @return the security metadata source
 */
public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() {
    return this.securityMetadataSource;
}

/**
 * Sets the security metadata source.
 * 
 * @param newSource
 *            the new security metadata source
 */
public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource) {
    this.securityMetadataSource = newSource;
}

/**
 * The filter invocation definition source.
 *
 * @return The filter invocation definition source.
 */
public FilterInvocationSecurityMetadataSource getObjectDefinitionSource() {
  return objectDefinitionSource;
}

/**
 * The filter invocation definition source.
 *
 * @param objectDefinitionSource The filter invocation definition source.
 */
public void setObjectDefinitionSource(FilterInvocationSecurityMetadataSource objectDefinitionSource) {
  this.objectDefinitionSource = objectDefinitionSource;
}