1.首先如果调用如 isPermitted(“user:view”),首先通过 PermissionResolver 将权限字符串转换成相应的 Permission 实例,默认使用 WildcardPermissionResolver,即转换为通配符的WildcardPermission;
源码:
public boolean isPermitted(PrincipalCollection principals, String permission) {
Permission p = this.getPermissionResolver().resolvePermission(permission);
return this.isPermitted(principals, p);
}
2、通 过 AuthorizationInfo.getObjectPermissions() 得 到 Permission 实 例 集 合 ; 通 过AuthorizationInfo. getStringPermissions()得到字符串集合并通过 PermissionResolver 解析为Permission 实例;然后获取用户的角色,并通过 RolePermissionResolver 解析角色对应的权限集合(默认没有实现,可以自己提供);
protected boolean isPermitted(Permission permission, AuthorizationInfo info) {
Collection perms = this.getPermissions(info);
if(perms != null && !perms.isEmpty()) {
Iterator i$ = perms.iterator();
while(i$.hasNext()) {
Permission perm = (Permission)i$.next();
if(perm.implies(permission)) {
return true;
}
}
}
return false;
}
//获取权限的集合
protected Collection<Permission> getPermissions(AuthorizationInfo info) {
HashSet permissions = new HashSet();
if(info != null) {
Collection perms = info.getObjectPermissions();
if(!CollectionUtils.isEmpty(perms)) {
permissions.addAll(perms);
}
perms = this.resolvePermissions(info.getStringPermissions());
if(!CollectionUtils.isEmpty(perms)) {
permissions.addAll(perms);
}
perms = this.resolveRolePermissions(info.getRoles());
if(!CollectionUtils.isEmpty(perms)) {
permissions.addAll(perms);
}
}
return permissions.isEmpty()?Collections.emptySet():Collections.unmodifiableSet(permissions);
}
3、接着调用 Permission. implies(Permission p)逐个与传入的权限比较,如果有匹配的则返回true,否则 false。
如果配置了缓存的话,每次先从缓存中获取,如果获取不到再走自己定义的授权代码
判断是否配置了缓存
private Cache<Object, AuthorizationInfo> getAvailableAuthorizationCache() {
Cache cache = this.getAuthorizationCache();
if(cache == null && this.isAuthorizationCachingEnabled()) {
cache = this.getAuthorizationCacheLazy();
}
return cache;
}
//realm的属性配置
<property name="cachingEnabled" value="true"/>
<property name="authenticationCachingEnabled" value="true"/>
<property name="authenticationCacheName" value="authenticationCache"/>
<property name="authorizationCachingEnabled" value="true"/>
<property name="authorizationCacheName" value="authorizationCache"/>
protected AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) {
if(principals == null) {
return null;
} else {
AuthorizationInfo info = null;
if(log.isTraceEnabled()) {
log.trace("Retrieving AuthorizationInfo for principals [" + principals + "]");
}
Cache cache = this.getAvailableAuthorizationCache();
Object key;
if(cache != null) {
if(log.isTraceEnabled()) {
log.trace("Attempting to retrieve the AuthorizationInfo from cache.");
}
key = this.getAuthorizationCacheKey(principals);
info = (AuthorizationInfo)cache.get(key);
if(log.isTraceEnabled()) {
if(info == null) {
log.trace("No AuthorizationInfo found in cache for principals [" + principals + "]");
} else {
log.trace("AuthorizationInfo found in cache for principals [" + principals + "]");
}
}
}
if(info == null) {
info = this.doGetAuthorizationInfo(principals);
if(info != null && cache != null) {
if(log.isTraceEnabled()) {
log.trace("Caching authorization info for principals: [" + principals + "].");
}
key = this.getAuthorizationCacheKey(principals);
cache.put(key, info);
}
}
return info;
}
}
浙公网安备 33010602011771号