spring-security-create-new-custom-security-expression

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
class MethodSecurityConfig : GlobalMethodSecurityConfiguration() {
override fun createExpressionHandler(): MethodSecurityExpressionHandler? {
val expressionHandler = CustomMethodSecurityExpressionHandler()
// 自定义 PermissionEvaluator
expressionHandler.setPermissionEvaluator(CustomPermissionEvaluator())
return expressionHandler
}
}

class CustomMethodSecurityExpressionHandler : DefaultMethodSecurityExpressionHandler() {
override fun createSecurityExpressionRoot(authentication: Authentication, invocation: MethodInvocation?): MethodSecurityExpressionOperations? {
val root = MySecurityExpressionRoot(authentication)
root.setPermissionEvaluator(permissionEvaluator)
root.setTrustResolver(trustResolver)
root.setRoleHierarchy(roleHierarchy)
return root
}
}

class CustomPermissionEvaluator : PermissionEvaluator {
override fun hasPermission(authentication: Authentication?, targetDomainObject: Any?, permission: Any?): Boolean {
if (authentication == null || targetDomainObject == null || permission !is String) {
return false
}
val targetType: String = targetDomainObject::class.java.simpleName.toUpperCase()

return hasPrivilege(authentication, targetType, permission.toString())
}

override fun hasPermission(authentication: Authentication?, targetId: Serializable?, targetType: String?, permission: Any?): Boolean {
TODO("not implemented") //To change body of created functions use File | Settings | File Templates.
}

private fun hasPrivilege(auth: Authentication, targetType: String, permission: String): Boolean {
for (grantedAuth in auth.authorities) {
if (grantedAuth.authority.contains(permission)) {
return true
}
}
return false
}
}

class MySecurityExpressionRoot(private val authentication: Authentication) : MethodSecurityExpressionOperations {

private var permissionEvaluator: PermissionEvaluator? = null
...

fun setPermissionEvaluator(permissionEvaluator: PermissionEvaluator?) {
this.permissionEvaluator = permissionEvaluator
}

/** 自定义标签方法 **/
fun isMember(organizationId: Long): Boolean {
// val user: User = (getPrincipal() as MyUserPrincipal).getUser()
// return user.getOrganization().getId().longValue() === OrganizationId
println(organizationId)
return true
}
...
}

@RestController
@RequestMapping("/api")
class SysUserController(
val tokenProvider: TokenProvider,
val authenticationManagerBuilder: AuthenticationManagerBuilder
) {
private val log: Logger = LoggerFactory.getLogger(SysUserController::class.java)

@GetMapping("/users/authenticate")
// @PreAuthorize("hasPermission(#request.attributeNames,'role_admin')")
@PreAuthorize("isMember(#id)")
fun isAuthenticated(request: HttpServletRequest, id: Int = 1): String {
log.debug("REST request to check if the current user is authenticated")
return request.remoteUser
}

}

说明

hexo permalink 插件,使用时间戳生成固定链接

安装

1
2
3
4
# npm 方式安装
$ npm install hexo-number-title --save
# yarn 方式安装
$ yarn add hexo-number-title

使用

1
2
3
4
5
6
7
8
9
10
11
$ hexo new test    
INFO Created: ~/newblog/source/_posts/test.md

$ hexo number-title -h
Usage: hexo number-title

Description:
hexo-number-title plugin, For all didn't set the permalink post

Options:
-f, --force overwrite permalink
阅读全文 »

Welcome to Hexo! This is your very first post. Check documentation for more info. If you get any problems when using Hexo, you can find the answer in troubleshooting or you can ask me on GitHub.

Quick Start

Create a new post

1
$ hexo new "My New Post"

More info: Writing

Run server

1
$ hexo server

More info: Server

Generate static files

1
$ hexo generate

More info: Generating

Deploy to remote sites

1
$ hexo deploy

More info: Deployment