@Before
public void setUp() {
JdbcTemplateUtils.jdbcTemplate().update("delete from sys_users");
JdbcTemplateUtils.jdbcTemplate().update("delete from sys_roles");
JdbcTemplateUtils.jdbcTemplate().update("delete from sys_permissions");
JdbcTemplateUtils.jdbcTemplate().update("delete from sys_users_roles");
JdbcTemplateUtils.jdbcTemplate().update("delete from sys_roles_permissions");
// 1、新增权限
p1 = new Permission("user:create", "用户模块新增", Boolean.TRUE);
p2 = new Permission("user:update", "用户模块修改", Boolean.TRUE);
p3 = new Permission("menu:create", "菜单模块新增", Boolean.TRUE);
permissionService.createPermission(p1);
permissionService.createPermission(p2);
permissionService.createPermission(p3);
// 2、新增角色
r1 = new Role("admin", "管理员", Boolean.TRUE);
r2 = new Role("user", "用户管理员", Boolean.TRUE);
roleService.createRole(r1);
roleService.createRole(r2);
// 3、关联角色-权限
roleService.correlationPermissions(r1.getId(), p1.getId());
roleService.correlationPermissions(r1.getId(), p2.getId());
roleService.correlationPermissions(r1.getId(), p3.getId());
roleService.correlationPermissions(r2.getId(), p1.getId());
roleService.correlationPermissions(r2.getId(), p2.getId());
// 4、新增用户
u1 = new User("zhang", password);
userService.createUser(u1);
// 5、关联用户-角色
userService.correlationRoles(u1.getId(), r1.getId());
// 1、获取SecurityManager工厂,此处使用Ini配置文件初始化SecurityManager
Factory<org.apache.shiro.mgt.SecurityManager> factory =
new IniSecurityManagerFactory("classpath:shiro.ini");
// 2、得到SecurityManager实例 并绑定给SecurityUtils
org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
}
public Guard getGuard() throws ParseException {
if (expression == null || expression.length() == 0) {
return new And(guards.values());
}
return PermissionService.getInstance().parse(expression, guards);
}
@XContent
protected void setGuards(DocumentFragment content) {
Node node = content.getFirstChild();
while (node != null) {
if (node.getNodeType() == Node.ELEMENT_NODE) {
String name = node.getNodeName();
if ("guard".equals(name)) {
NamedNodeMap map = node.getAttributes();
Node aId = map.getNamedItem("id");
Node aType = map.getNamedItem("type");
if (aId == null) {
throw new IllegalArgumentException("id is required");
}
String id = aId.getNodeValue();
if (aType == null) {
throw new IllegalArgumentException("type is required");
} else {
// String value = node.getTextContent().trim();
// guards.put(id, new ScriptGuard(value));
// TODO: compound guard
}
String type = aType.getNodeValue();
if ("permission".equals(type)) {
String value = node.getTextContent().trim();
guards.put(id, new PermissionGuard(value));
} else if ("isAdministrator".equals(type)) {
String value = node.getTextContent().trim();
guards.put(id, new IsAdministratorGuard(value));
} else if ("facet".equals(type)) {
String value = node.getTextContent().trim();
guards.put(id, new FacetGuard(value));
} else if ("type".equals(type)) {
String value = node.getTextContent().trim();
guards.put(id, new TypeGuard(value));
} else if ("schema".equals(type)) {
String value = node.getTextContent().trim();
guards.put(id, new SchemaGuard(value));
} else if ("user".equals(type)) {
String value = node.getTextContent().trim();
guards.put(id, new UserGuard(value));
} else if ("group".equals(type)) {
String value = node.getTextContent().trim();
guards.put(id, new GroupGuard(value));
} else if ("script".equals(type)) {
Node engineNode = map.getNamedItem("engine");
if (engineNode == null) {
throw new IllegalArgumentException(
"Must specify an engine attribute on script guards");
}
String value = node.getTextContent().trim();
guards.put(id, new ScriptGuard(engineNode.getNodeValue(), value));
} else if ("expression".equals(type)) {
String value = node.getTextContent().trim();
try {
guards.put(id, PermissionService.getInstance().parse(value, guards));
} catch (ParseException e) {
log.error(e, e);
}
} else { // the type should be a guard factory
String value = node.getTextContent().trim();
try {
Class<?> factory = Class.forName(type);
Guard guard = ((GuardFactory) factory.newInstance()).newGuard(value);
guards.put(id, guard);
} catch (Exception e) {
log.error(e, e); // TODO should throw a DeployException
}
}
}
}
node = node.getNextSibling();
}
}
@Override
@RequestMapping(value = "/admin/suspendAccount", method = RequestMethod.POST)
public ResponseEntity suspendAccount(
@RequestBody AccountSuspensionInfo suspendInfo,
@RequestHeader(value = "token") String token) {
String actionName = "AdminControllerImpl.suspendAccount";
try {
if (!sessionService.isSessionActive(token)) {
return new ResponseEntity<>(HttpStatus.FORBIDDEN);
}
String userRoleForToken = sessionService.getUserRoleByToken(token);
String usernameForToken = sessionService.getUsernameByToken(token);
try {
if (permissionService.isOperationAvailable(actionName, userRoleForToken)) {
adminService.suspendAccount(suspendInfo);
auditService.addEvent(
new AuditItem(
usernameForToken,
actionName,
suspendInfo.toString(),
Constants.ADMIN_SUSPEND,
true));
return new ResponseEntity<>(HttpStatus.OK);
} else {
auditService.addEvent(
new AuditItem(
usernameForToken,
actionName,
suspendInfo.toString(),
Constants.NO_PERMISSION,
false));
return new ResponseEntity<>(HttpStatus.UNAUTHORIZED);
}
} catch (ServiceException serviceException) {
auditService.addEvent(
new AuditItem(
usernameForToken,
actionName,
suspendInfo.toString(),
serviceException.getMessage(),
false));
return new ResponseEntity<>(serviceException.getMessage(), HttpStatus.UNPROCESSABLE_ENTITY);
} catch (NotFoundException notFoundException) {
auditService.addEvent(
new AuditItem(
usernameForToken,
actionName,
suspendInfo.toString(),
notFoundException.getMessage(),
false));
return new ResponseEntity<>(notFoundException.getMessage(), HttpStatus.NOT_FOUND);
}
} catch (ServiceException serviceException) {
return new ResponseEntity<>(serviceException.getMessage(), HttpStatus.UNPROCESSABLE_ENTITY);
}
}
