/*
* Copyright 2017-2018 the original author(https://github.com/wj596)
*
* <p>
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* </p>
*/
package org.jsets.shiro.filter;
import java.io.IOException;
import java.util.List;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.CollectionUtils;
import org.jsets.shiro.listener.AuthListenerManager;
/**
* 重写RolesAuthorizationFilter,使其继承自JsetsAuthorizationFilter;
* <br>修改了匹配逻辑,只要当前用户有一个角色满足URL所需角色就放行
*
* author wangjie (https://github.com/wj596)
* @date 2016年6月31日
*/
public class JsetsRolesAuthorizationFilter extends JsetsAuthorizationFilter{
private final AuthListenerManager authListenerManager;
public JsetsRolesAuthorizationFilter(AuthListenerManager authListenerManager) {
this.authListenerManager = authListenerManager;
}
public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException {
Subject subject = getSubject(request, response);
String[] rolesArray = (String[]) mappedValue;
if (rolesArray == null || rolesArray.length == 0) {
return true;
}
List<String> roles = CollectionUtils.asList(rolesArray);
boolean[] hasRoles = subject.hasRoles(roles);
for(boolean hasRole:hasRoles){
if(hasRole) {
this.authListenerManager.onAccessAssert(request, (String)subject.getPrincipal(),roles.toString(), true);
return true;
}
}
this.authListenerManager.onAccessAssert(request, (String)subject.getPrincipal(),roles.toString(), false);
return false;
}
}
