/** * 构造函数 * * @param request * @param response */ public WebApp(HttpServletRequest request, HttpServletResponse response) { this.request = request; Flash.prepare(request); Logger.debug("request uri: " + request.getRequestURI()); }
@Override public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException { String uri = HttpServletRequest.class.cast(object).getRequestURI(); uri = uri.replaceFirst(WebApp.getAppPath(), ""); for (Entry<String, Collection<ConfigAttribute>> entry : getAttributesMap().entrySet()) { if (Strings.equals(uri, entry.getKey())) { Logger.debug("match uri '%s' with pattern '%s', the config attributes is: %s", uri, entry.getKey(), entry.getValue()); return entry.getValue(); } } Logger.debug("cannot match uri '%s'", uri); return null; }
@Override public List<LoanInfo> findForIndex(List<String> loanKinds) { // 初始化 Integer size = Integer.valueOf(App.config("index.loan.size", "10").trim()); List<LoanInfo> loans = new ArrayList<LoanInfo>(size); // 查询招标中记录 loans.addAll(toInfos(findByKindAndStatus(size, loanKinds, Loan.Status.BID))); Logger.debug("find %d loans by status bid.", loans.size()); // 判断是否已经满足记录条数 // 当不满足条数要求时查询以已完成记录补充 if (loans.size() < size) { loans.addAll(toInfos(findByKindAndStatus(size - loans.size(), loanKinds, Loan.Status.COMPLETED))); } // 返回结果 return loans; }
@Override public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException { // 判断目标是否在权限控制内 if (configAttributes == null) return; // 遍历权限 for (ConfigAttribute configAttribute: configAttributes) { // 将权限与用户角色进行匹配 String role = configAttribute.getAttribute(); for (GrantedAuthority grantedAuthority: authentication.getAuthorities()) { Logger.debug("match between %s and %s.", role, grantedAuthority.getAuthority()); if (Strings.equals(role, grantedAuthority.getAuthority())) { Logger.debug("matched! access allow."); return; } } } // 无法匹配权限抛出异常 Logger.info("denied!"); throw new AccessDeniedException("no authority."); }
@Override public PaymentChannelImpl getPaymentChannelImpl(PaymentChannel channel) { // 若存在代码则通过容器获取实例 if (!Strings.empty(channel.getCode())) { try { return SpringWebApp.getBean(channel.getCode(), PaymentChannelImpl.class); } catch (Exception e) { Logger.debug("cannot get payment channel instance by code: %s", channel.getCode()); } } // 若无法通过容器获取实例则通过全类名获取实例 try { return PaymentChannelImpl.class.cast(Class.forName(channel.getClazz()).newInstance()); } catch (InstantiationException e) { throw new ServiceException("cannot get payment channel instance.", e); } catch (IllegalAccessException e) { throw new ServiceException("cannot get payment channel instance.", e); } catch (ClassNotFoundException e) { throw new ServiceException("cannot get payment channel instance.", e); } }