Collection<? extends GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> authorities); // 根据权限集合映射新的权限集合
RoleHierarchyAuthoritiesMapper实现类
public class RoleHierarchyAuthoritiesMapper {
// NullRoleHierarchy 返回原权限集合
// RoleHierarchyImpl
//
private final RoleHierarchy roleHierarchy;
public RoleHierarchyAuthoritiesMapper(RoleHierarchy roleHierarchy) {
this.roleHierarchy = roleHierarchy;
}
public void main() {
RoleHierarchyImpl rh = new RoleHierarchyImpl();
rh.setHierarchy("ROLE_A > ROLE_B\nROLE_B > ROLE_C");
RoleHierarchyAuthoritiesMapper mapper = new RoleHierarchyAuthoritiesMapper(rh);
Collection<? extends GrantedAuthority> authorities = mapper
.mapAuthorities(AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_D"));
assertThat(authorities).hasSize(4);
mapper = new RoleHierarchyAuthoritiesMapper(new NullRoleHierarchy());
authorities = mapper.mapAuthorities(AuthorityUtils.createAuthorityList("ROLE_A",
"ROLE_D"));
assertThat(authorities).hasSize(2);
}
}
public class RoleHierarchyImpl {
// 值为 "ROLE_A > ROLE_B\nROLE_B > ROLE_C"
// 值为 "ROLE_A > ROLE_B > ROLE_C"
private String roleHierarchyStringRepresentation = null;
// rolesReachableInOneStepMap.size == 2
// ROLE_A SimpleGrantedAuthority(ROLE_B)
// ROLE_B SimpleGrantedAuthority(ROLE_C)
private Map<String, Set<GrantedAuthority>> rolesReachableInOneStepMap = null;
// rolesReachableInOneStepMap.size == 2
// ROLE_A SimpleGrantedAuthority(ROLE_B),SimpleGrantedAuthority(ROLE_C)
// ROLE_B SimpleGrantedAuthority(ROLE_C)
private Map<String, Set<GrantedAuthority>> rolesReachableInOneOrMoreStepsMap = null;
// 根据权限集合,返回所有的权限集合
public Collection<GrantedAuthority> getReachableGrantedAuthorities(
Collection<? extends GrantedAuthority> authorities) {
if (authorities == null || authorities.isEmpty()) {
return AuthorityUtils.NO_AUTHORITIES;
}
Set<GrantedAuthority> reachableRoles = new HashSet<>();
Set<String> processedNames = new HashSet<>();
for (GrantedAuthority authority : authorities) {
// Do not process authorities without string representation
if (authority.getAuthority() == null) {
reachableRoles.add(authority);
continue;
}
// Do not process already processed roles
if (!processedNames.add(authority.getAuthority())) {
continue;
}
// Add original authority
reachableRoles.add(authority);
// Add roles reachable in one or more steps
Set<GrantedAuthority> lowerRoles = this.rolesReachableInOneOrMoreStepsMap.get(authority.getAuthority());
if (lowerRoles == null) {
continue; // No hierarchy for the role
}
for (GrantedAuthority role : lowerRoles) {
if (processedNames.add(role.getAuthority())) {
reachableRoles.add(role);
}
}
}
logger.debug(LogMessage.format(
"getReachableGrantedAuthorities() - From the roles %s one can reach %s in zero or more steps.",
authorities, reachableRoles));
return new ArrayList<>(reachableRoles);
}
}
SimpleAuthorityMapper实现类
public final class SimpleAuthorityMapper {
// 添加默认权限。例如 SimpleGrantedAuthority("ccc")
private GrantedAuthority defaultAuthority;
// "AaA", "ROLE_bbb" 映射为 "ROLE_AaA", "ROLE_bbb",ccc
private String prefix = "ROLE_";
private boolean convertToUpperCase = false;
private boolean convertToLowerCase = false;
// convertToUpperCase和convertToLowerCase不能都为true
@Override
public void afterPropertiesSet() {
Assert.isTrue(!(this.convertToUpperCase && this.convertToLowerCase),
"Either convertToUpperCase or convertToLowerCase can be set to true, but
not both");
}
}