可以使用spring-security过滤器的方法实现对某个用户创建项目的权限控制。
创建实现类ProjectPermissonFilter如下:
package com.neusoft.saca.dataviz.common.security;
/**
* TODO 请添加该类的描述
*
*/
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
/**
* 项目权限过滤器。
* <p>
* 根据用户id判断创建项目权限
* </p>
*
* @author l
* @since 2021-04-08
*/
public class ProjectPermissonFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// Nothing.
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
boolean hasPermisson = true;
//获取当前用户id
String currentUserId = SecurityUtil.getCurrentUserId();
/**
* TODO 根据用户判断权限的实现逻辑,如果没有权限 hasPermisson = false
*
*/
// end
if (!hasPermisson) {
if (response instanceof HttpServletResponse) {
((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN, "Invalid Permission.");
} else {
response.getWriter().println("Invalid Permission.");
}
return;
}
chain.doFilter(request, response);
}
@Override
public void destroy() {
// Nothing.
}
}
dataviz-service/WEB-INF/web.xml 中加入如下配置:
<filter>
<filter-name>ProjectPermissonFilter</filter-name>
<filter-class>com.neusoft.saca.dataviz.common.security.ProjectPermissonFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ProjectPermissonFilter</filter-name>
<url-pattern>/service/project/</url-pattern>
</filter-mapping>
可以在半小时内搭建一个dataviz开发环境,参考二次开发环境搭建说明