@Before public void setUp() { JdbcTemplateUtils.jdbcTemplate().update("delete from sys_users"); JdbcTemplateUtils.jdbcTemplate().update("delete from sys_roles"); JdbcTemplateUtils.jdbcTemplate().update("delete from sys_permissions"); JdbcTemplateUtils.jdbcTemplate().update("delete from sys_users_roles"); JdbcTemplateUtils.jdbcTemplate().update("delete from sys_roles_permissions"); // 1、新增权限 p1 = new Permission("user:create", "用户模块新增", Boolean.TRUE); p2 = new Permission("user:update", "用户模块修改", Boolean.TRUE); p3 = new Permission("menu:create", "菜单模块新增", Boolean.TRUE); permissionService.createPermission(p1); permissionService.createPermission(p2); permissionService.createPermission(p3); // 2、新增角色 r1 = new Role("admin", "管理员", Boolean.TRUE); r2 = new Role("user", "用户管理员", Boolean.TRUE); roleService.createRole(r1); roleService.createRole(r2); // 3、关联角色-权限 roleService.correlationPermissions(r1.getId(), p1.getId()); roleService.correlationPermissions(r1.getId(), p2.getId()); roleService.correlationPermissions(r1.getId(), p3.getId()); roleService.correlationPermissions(r2.getId(), p1.getId()); roleService.correlationPermissions(r2.getId(), p2.getId()); // 4、新增用户 u1 = new User("zhang", password); userService.createUser(u1); // 5、关联用户-角色 userService.correlationRoles(u1.getId(), r1.getId()); // 1、获取SecurityManager工厂,此处使用Ini配置文件初始化SecurityManager Factory<org.apache.shiro.mgt.SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini"); // 2、得到SecurityManager实例 并绑定给SecurityUtils org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance(); SecurityUtils.setSecurityManager(securityManager); }
public Guard getGuard() throws ParseException { if (expression == null || expression.length() == 0) { return new And(guards.values()); } return PermissionService.getInstance().parse(expression, guards); }
@XContent protected void setGuards(DocumentFragment content) { Node node = content.getFirstChild(); while (node != null) { if (node.getNodeType() == Node.ELEMENT_NODE) { String name = node.getNodeName(); if ("guard".equals(name)) { NamedNodeMap map = node.getAttributes(); Node aId = map.getNamedItem("id"); Node aType = map.getNamedItem("type"); if (aId == null) { throw new IllegalArgumentException("id is required"); } String id = aId.getNodeValue(); if (aType == null) { throw new IllegalArgumentException("type is required"); } else { // String value = node.getTextContent().trim(); // guards.put(id, new ScriptGuard(value)); // TODO: compound guard } String type = aType.getNodeValue(); if ("permission".equals(type)) { String value = node.getTextContent().trim(); guards.put(id, new PermissionGuard(value)); } else if ("isAdministrator".equals(type)) { String value = node.getTextContent().trim(); guards.put(id, new IsAdministratorGuard(value)); } else if ("facet".equals(type)) { String value = node.getTextContent().trim(); guards.put(id, new FacetGuard(value)); } else if ("type".equals(type)) { String value = node.getTextContent().trim(); guards.put(id, new TypeGuard(value)); } else if ("schema".equals(type)) { String value = node.getTextContent().trim(); guards.put(id, new SchemaGuard(value)); } else if ("user".equals(type)) { String value = node.getTextContent().trim(); guards.put(id, new UserGuard(value)); } else if ("group".equals(type)) { String value = node.getTextContent().trim(); guards.put(id, new GroupGuard(value)); } else if ("script".equals(type)) { Node engineNode = map.getNamedItem("engine"); if (engineNode == null) { throw new IllegalArgumentException( "Must specify an engine attribute on script guards"); } String value = node.getTextContent().trim(); guards.put(id, new ScriptGuard(engineNode.getNodeValue(), value)); } else if ("expression".equals(type)) { String value = node.getTextContent().trim(); try { guards.put(id, PermissionService.getInstance().parse(value, guards)); } catch (ParseException e) { log.error(e, e); } } else { // the type should be a guard factory String value = node.getTextContent().trim(); try { Class<?> factory = Class.forName(type); Guard guard = ((GuardFactory) factory.newInstance()).newGuard(value); guards.put(id, guard); } catch (Exception e) { log.error(e, e); // TODO should throw a DeployException } } } } node = node.getNextSibling(); } }
@Override @RequestMapping(value = "/admin/suspendAccount", method = RequestMethod.POST) public ResponseEntity suspendAccount( @RequestBody AccountSuspensionInfo suspendInfo, @RequestHeader(value = "token") String token) { String actionName = "AdminControllerImpl.suspendAccount"; try { if (!sessionService.isSessionActive(token)) { return new ResponseEntity<>(HttpStatus.FORBIDDEN); } String userRoleForToken = sessionService.getUserRoleByToken(token); String usernameForToken = sessionService.getUsernameByToken(token); try { if (permissionService.isOperationAvailable(actionName, userRoleForToken)) { adminService.suspendAccount(suspendInfo); auditService.addEvent( new AuditItem( usernameForToken, actionName, suspendInfo.toString(), Constants.ADMIN_SUSPEND, true)); return new ResponseEntity<>(HttpStatus.OK); } else { auditService.addEvent( new AuditItem( usernameForToken, actionName, suspendInfo.toString(), Constants.NO_PERMISSION, false)); return new ResponseEntity<>(HttpStatus.UNAUTHORIZED); } } catch (ServiceException serviceException) { auditService.addEvent( new AuditItem( usernameForToken, actionName, suspendInfo.toString(), serviceException.getMessage(), false)); return new ResponseEntity<>(serviceException.getMessage(), HttpStatus.UNPROCESSABLE_ENTITY); } catch (NotFoundException notFoundException) { auditService.addEvent( new AuditItem( usernameForToken, actionName, suspendInfo.toString(), notFoundException.getMessage(), false)); return new ResponseEntity<>(notFoundException.getMessage(), HttpStatus.NOT_FOUND); } } catch (ServiceException serviceException) { return new ResponseEntity<>(serviceException.getMessage(), HttpStatus.UNPROCESSABLE_ENTITY); } }