only match subject supportRoles once (#47)

7f5e4752 · sinat_25235033 · GitHub · ae0de660 · 7f5e4752 · 7f5e4752
2 changed file
--- a/core/src/main/java/com/usthe/sureness/mgt/SecurityManager.java
+++ b/core/src/main/java/com/usthe/sureness/mgt/SecurityManager.java
@@ -14,15 +14,6 @@ import java.util.List;
 */
 public interface SecurityManager {

-
-    /**
-     * auth entrance, put the subject in authentication and authorization process
-     * @param subject subject
-     * @return com.usthe.sureness.subject.Subject
-     * @throws BaseSurenessException sureness exception
-     */
-    SubjectSum checkIn(Subject subject) throws BaseSurenessException;
-
    /**
     * auth entrance, put the request in authentication and authorization process
     * @param var1 request

--- a/core/src/main/java/com/usthe/sureness/mgt/SurenessSecurityManager.java
+++ b/core/src/main/java/com/usthe/sureness/mgt/SurenessSecurityManager.java
@@ -57,17 +57,6 @@ public class SurenessSecurityManager implements SecurityManager {
        }
    }

-    @Override
-    public SubjectSum checkIn(Subject subject) throws BaseSurenessException {
-        // Determine whether the requested resource is a filtered resource
-        // if yes, pass directly
-        if (pathRoleMatcher.isExcludedResource(subject)) {
-            return null;
-        }
-        pathRoleMatcher.matchRole(subject);
-        return processorManager.process(subject);
-    }
-
    @Override
    public SubjectSum checkIn(Object var1) throws BaseSurenessException {
        checkComponentInit();
@@ -75,13 +64,27 @@ public class SurenessSecurityManager implements SecurityManager {
        // Create a subject list to try auth one by one
        List<Subject> subjectList = createSubject(var1);
        RuntimeException lastException = new UnsupportedSubjectException("this request can not " +
-                "create subject by creators");
+                "create subject by creators,please config no subject creator by default");

        // for the subject keys, try one by one
        // if one success, pass and return directly
+        boolean noTryExcluded = true;
+        Subject preSubject = null;
        for (Subject thisSubject : subjectList) {
            try {
-                return checkIn(thisSubject);
+                // Determine whether the requested resource is a filtered resource
+                // if yes, pass directly
+                if (noTryExcluded && pathRoleMatcher.isExcludedResource(thisSubject)) {
+                    return null;
+                }
+                noTryExcluded = false;
+                if (preSubject == null) {
+                    pathRoleMatcher.matchRole(thisSubject);
+                    preSubject = thisSubject;
+                } else {
+                    thisSubject.setSupportRoles(preSubject.getSupportRoles());
+                }
+                return processorManager.process(thisSubject);
            } catch (BaseSurenessException e) {
                lastException = e;
            }