本文介绍了一个拦截器的主要功能,该拦截器使用ConfigAttributeDefinition定义URL及其角色,并利用Voter过滤URL。通过迭代ConfigAttribute并匹配认证权限来决定访问是否被允许。
this interceptor has two main function,one use ConfigAttributeDefinition difineing the url and it's role ,the second use Voter to filter the urls.the parameter ConfigAttributeDefinition config is get from the data base according the url including role(authentication).
[code] public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
int result = ACCESS_ABSTAIN;
Iterator iter = config.getConfigAttributes();
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();
if (this.supports(attribute)) {
result = ACCESS_DENIED;
// Attempt to find a matching granted authority
for (int i = 0; i < authentication.getAuthorities().length; i++) {
if (attribute.getAttribute().equals(authentication.getAuthorities()[i].getAuthority())) {
return ACCESS_GRANTED;
}
}
}
}
return result;
}[/code]
the result defines wheather it pass or deny.if deny,the exceptionTranslationFilter will catch that exception and check.if is AnonymousAuthenticationToken ,it will ridrect to the entry url .otherwise to the deny url.
[code] public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
int result = ACCESS_ABSTAIN;
Iterator iter = config.getConfigAttributes();
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();
if (this.supports(attribute)) {
result = ACCESS_DENIED;
// Attempt to find a matching granted authority
for (int i = 0; i < authentication.getAuthorities().length; i++) {
if (attribute.getAttribute().equals(authentication.getAuthorities()[i].getAuthority())) {
return ACCESS_GRANTED;
}
}
}
}
return result;
}[/code]
the result defines wheather it pass or deny.if deny,the exceptionTranslationFilter will catch that exception and check.if is AnonymousAuthenticationToken ,it will ridrect to the entry url .otherwise to the deny url.
扫一扫
9893
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
