From e155d29b411f0033cffa082c7991baf26e98d4dd Mon Sep 17 00:00:00 2001 From: GPU is all you need <2778335106@qq.com> Date: Thu, 19 May 2022 20:02:54 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=B2=A1=E6=9C=89=E5=AF=B9re?= =?UTF-8?q?source=E7=9A=84=E6=96=B9=E6=B3=95=E5=81=9A=E5=8C=B9=E9=85=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../config/{security => }/DataBaseUrlVoter.java | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) rename awardBE/src/main/java/edu/ncst/award/config/{security => }/DataBaseUrlVoter.java (84%) diff --git a/awardBE/src/main/java/edu/ncst/award/config/security/DataBaseUrlVoter.java b/awardBE/src/main/java/edu/ncst/award/config/DataBaseUrlVoter.java similarity index 84% rename from awardBE/src/main/java/edu/ncst/award/config/security/DataBaseUrlVoter.java rename to awardBE/src/main/java/edu/ncst/award/config/DataBaseUrlVoter.java index 2e57f23..3f38965 100644 --- a/awardBE/src/main/java/edu/ncst/award/config/security/DataBaseUrlVoter.java +++ b/awardBE/src/main/java/edu/ncst/award/config/DataBaseUrlVoter.java @@ -1,5 +1,6 @@ -package edu.ncst.award.config.security; +package edu.ncst.award.config; +import edu.ncst.award.model.system.Resource; import edu.ncst.award.model.system.Role; import edu.ncst.award.service.IResourceService; import edu.ncst.award.utils.URLUtils; @@ -78,18 +79,18 @@ public class DataBaseUrlVoter implements AccessDecisionVoter { return ACCESS_GRANTED; // 赞同票 } - List rolesResourceList = resourceService.getRolesResourceList(roleNames);//获取目标角色绑定的资源 - - + List rolesResourceList = resourceService.getUserScopeResourceList(roleNames);//获取目标角色绑定的资源 // Role Resource - if (rolesResourceList == null) { + if (rolesResourceList == null || rolesResourceList.size() <=0) { return ACCESS_DENIED; // 反对票 } - for (String allowUrl : rolesResourceList) { - boolean match = antPathMatcher.match(allowUrl, urlWithoutQueryString); + // 当方法和url都匹配上才匹配成功 + for (Resource resource : rolesResourceList) { + boolean match = antPathMatcher.match(resource.getUrl(), urlWithoutQueryString) + && fi.getHttpRequest().getMethod().equals(resource.getMethod()); if (match) { return ACCESS_GRANTED; // 赞同票 }