diff --git a/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java b/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java index 971b174d59f388fe13c8512cda5723f7341717c7..0aee2490dcbcff4b7b4b2ccc404426b27657a0fb 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java @@ -17,6 +17,8 @@ package org.maxkey.authn; +import java.util.ArrayList; + import org.maxkey.authn.online.OnlineTicketServices; import org.maxkey.authn.realm.AbstractAuthenticationRealm; import org.maxkey.authn.support.rememberme.AbstractRemeberMeService; @@ -35,6 +37,8 @@ import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; /** * login Authentication abstract class. @@ -65,6 +69,12 @@ public abstract class AbstractAuthenticationProvider { @Autowired @Qualifier("onlineTicketServices") protected OnlineTicketServices onlineTicketServices; + + static ArrayList grantedAdministratorsAuthoritys = new ArrayList(); + + static { + grantedAdministratorsAuthoritys.add(new SimpleGrantedAuthority("ROLE_ADMINISTRATORS")); + } protected abstract String getProviderName(); diff --git a/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java b/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java index 97f3af68008828f44381dfe4d7d14d34139b18e6..8de5cc9e2e3d22c347ee4dc802e0d5cdee524316 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java @@ -23,7 +23,6 @@ import java.util.Collection; import org.maxkey.authn.online.OnlineTicket; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; public class BasicAuthentication implements Authentication { @@ -39,14 +38,12 @@ public class BasicAuthentication implements Authentication { OnlineTicket onlineTicket; ArrayList grantedAuthority; boolean authenticated; + boolean roleAdministrators; /** * BasicAuthentication. */ public BasicAuthentication() { - grantedAuthority = new ArrayList(); - grantedAuthority.add(new SimpleGrantedAuthority("ROLE_USER")); - grantedAuthority.add(new SimpleGrantedAuthority("ORDINARY_USER")); } /** @@ -56,9 +53,6 @@ public class BasicAuthentication implements Authentication { this.username = username; this.password = password; this.authType = authType; - grantedAuthority = new ArrayList(); - grantedAuthority.add(new SimpleGrantedAuthority("ROLE_USER")); - grantedAuthority.add(new SimpleGrantedAuthority("ORDINARY_USER")); } @Override public String getName() { @@ -177,6 +171,14 @@ public class BasicAuthentication implements Authentication { this.onlineTicket = onlineTicket; } + public boolean isRoleAdministrators() { + return roleAdministrators; + } + + public void setRoleAdministrators(boolean roleAdministrators) { + this.roleAdministrators = roleAdministrators; + } + @Override public String toString() { StringBuilder builder = new StringBuilder(); diff --git a/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java b/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java index b15810640b94937d2ace1c9e80ae5323eb996bdc..a458f22ba73d347d5128b8ef4afd8661760dd97f 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java @@ -17,6 +17,8 @@ package org.maxkey.authn; +import java.util.ArrayList; + import org.maxkey.authn.online.OnlineTicket; import org.maxkey.domain.UserInfo; import org.maxkey.web.WebConstants; @@ -26,6 +28,8 @@ import org.slf4j.LoggerFactory; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.web.authentication.WebAuthenticationDetails; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; @@ -157,13 +161,25 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId,authentication); this.onlineTicketServices.store(onlineTickitId, onlineTicket); authentication.setOnlineTicket(onlineTicket); + ArrayList grantedAuthoritys = authenticationRealm.grantAuthority(userInfo); + //set default roles + grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_USER")); + grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_ORDINARY_USER")); authentication.setAuthenticated(true); + + for(GrantedAuthority grantedAuthority : grantedAuthoritys) { + if(grantedAdministratorsAuthoritys.contains(grantedAuthority)) { + authentication.setRoleAdministrators(true); + _logger.trace("ROLE ADMINISTRATORS Authentication ."); + } + } + UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken( authentication, "PASSWORD", - authenticationRealm.grantAuthority(userInfo) + grantedAuthoritys ); authenticationToken.setDetails( diff --git a/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java b/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java index 9e51b1565d5a86b77c26e45233b9f546a5ea6aac..25f7928edc827592eea1abb885c1d84b930e5224 100644 --- a/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java +++ b/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java @@ -17,22 +17,19 @@ package org.maxkey.web.interceptor; -import java.util.ArrayList; import java.util.concurrent.ConcurrentHashMap; import javax.servlet.RequestDispatcher; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.maxkey.authn.BasicAuthentication; import org.maxkey.configuration.ApplicationConfig; import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.stereotype.Component; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; /** @@ -52,11 +49,6 @@ public class PermissionAdapter extends HandlerInterceptorAdapter { static ConcurrentHashMapnavigationsMap=null; - static ArrayList grantedAuthoritys = new ArrayList(); - static { - grantedAuthoritys.add(new SimpleGrantedAuthority("ADMINISTRATORS")); - } - /* * 请求前处理 * (non-Javadoc) @@ -74,20 +66,14 @@ public class PermissionAdapter extends HandlerInterceptorAdapter { dispatcher.forward(request, response); return false; } - - boolean isGrantedAuthority = false; - for(GrantedAuthority grantedAuthority : grantedAuthoritys) { - if(WebContext.getAuthentication().getAuthorities().contains(grantedAuthority)) { - isGrantedAuthority = true; - _logger.trace("ADMINISTRATORS Authentication ."); - } - } - - if(!isGrantedAuthority) { - RequestDispatcher dispatcher = request.getRequestDispatcher("/logout"); - dispatcher.forward(request, response); - return false; - } + + //非管理员用户直接注销 + if (!((BasicAuthentication) WebContext.getAuthentication().getPrincipal()).isRoleAdministrators()) { + _logger.debug("Not ADMINISTRATORS Authentication ."); + RequestDispatcher dispatcher = request.getRequestDispatcher("/logout"); + dispatcher.forward(request, response); + return false; + } boolean hasAccess=true; diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/layout/top.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/layout/top.ftl index 94588f110fa6d3ad14a43756dd39a33cb9bc06b0..7c3bde9322c421bc73dfa57c8ac0be14b36204a2 100644 --- a/maxkey-web-maxkey/src/main/resources/templates/views/layout/top.ftl +++ b/maxkey-web-maxkey/src/main/resources/templates/views/layout/top.ftl @@ -40,12 +40,13 @@
  <@locale code="login.password.changepassword"/>  
+ <#if Session["current_authentication"].principal.roleAdministrators==true >
  <@locale code="global.text.manage"/>  
 - +
  <@locale code="global.text.logout"/>