SecurityInterceptor.java example

Explorer
tourismwork-master
- src
  - apps
  - modules
package com.opentravelsoft.interceptor;

import java.util.Map;

import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.ActionSupport;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import com.opentravelsoft.common.EbizCommon;
import com.opentravelsoft.common.GlobalMessages;
import com.opentravelsoft.common.SessionKeyParams;
import com.opentravelsoft.entity.Employee;
import com.opentravelsoft.util.StringUtil;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;

public class SecurityInterceptor extends AbstractInterceptor {
  private static final long serialVersionUID = -726209768089734484L;

  protected static final Log logger = LogFactory
      .getLog(SecurityInterceptor.class);

  public String intercept(ActionInvocation actionInvocation) throws Exception {
    ActionContext act = actionInvocation.getInvocationContext();
    Map<String, Object> session = act.getSession();

    // ---------------------------------------------------------------------
    Authentication authent = SecurityContextHolder.getContext()
        .getAuthentication();

    Employee currentUser = null;
    if (authent.getPrincipal() instanceof UserDetails) {
      currentUser = (Employee) authent.getPrincipal();
    } else if (authent.getDetails() instanceof UserDetails) {
      currentUser = (Employee) authent.getDetails();
    } else {
      throw new AccessDeniedException("User not properly authenticated.");
    }

    Object suser = session.get(SessionKeyParams.EBIZ_USER);
    if (null != currentUser && null == suser) {
      session.put(SessionKeyParams.EBIZ_USER, currentUser);
    } else if (null != suser) {
      currentUser = (Employee) suser;
    }

    // ---------------------------------------------------------------------
    String moduleName = "";
    Map<String, Object> params = actionInvocation.getInvocationContext()
        .getParameters();
    if (null == currentUser)
      return actionInvocation.invoke();

    // Action 标注 moduleName
    if (params.containsKey("moduleName")) {
      moduleName = (String) params.get("moduleName");
      if (!isAuthorized(currentUser, moduleName)) {
        ActionSupport action = (ActionSupport) actionInvocation.getAction();
        action.addActionError(action
            .getText(GlobalMessages.ERROR_NOTAUTHORIZED));

        return EbizCommon.NOT_AUTHORIZED;
      }
    }

    // ---------------------------------------------------------------------
    // 设置快捷菜单
    // String menuName = KeyParams.EBIZ_SESSION_MANAGE_DESTOP;
    // if (params.containsKey("menuName"))
    // moduleName = (String) params.get("menuName");
    // if (StringUtil.hasLength(menuName))
    // ServletActionContext.getRequest().getSession().setAttribute(
    // SessionKeyParams.EBIZ_CURRENT_MANAGE_CLASS, menuName);

    ActionContext.getContext().getValueStack().push(this);

    return actionInvocation.invoke();
  }

  protected boolean isAuthorized(Employee user, String moduleName) {
    if (!StringUtil.hasLength(moduleName))
      return true;

    Map<String, String> priv = user.getPriv();
    if (priv.containsKey(moduleName) && priv.get(moduleName).equals("1"))
      return true;

    logger.debug("no authorized :" + moduleName);
    return false;
  }

}