基于安全元信息上下文获得安全元信息。

定义

  1. export interface SecurityMetadataSource {
  2.     load(context: SecurityMetadataContext): Promise<SecurityMetadata>;
  3. }

默认实现

  1. @Component(SecurityMetadataSource)
  2. export class MethodSecurityMetadataSource implements SecurityMetadataSource {
  4.     @Autowired(SecurityExpressionContextHandler) @Optional
  5.     protected readonly securityExpressionContextHandler: SecurityExpressionContextHandler;
  7.     async load(context: MethodSecurityMetadataContext): Promise<SecurityMetadata> {
  8.         const classMetadatas: AuthorizeMetadata[] = getOwnMetadata(METADATA_KEY.authorize, context.target.constructor);
  9.         const methodMetadatas: AuthorizeMetadata[] = getOwnMetadata(METADATA_KEY.authorize, context.target.constructor, context.method);
  10.         const ctx = {
  11.             ...context,
  12.             ...SecurityContext.getAuthentication()
  13.         };
  14.         Context.setAttr(SECURITY_EXPRESSION_CONTEXT_KEY, ctx);
  15.         if (this.securityExpressionContextHandler) {
  16.             await this.securityExpressionContextHandler.handle(ctx);
  17.         }
  18.         const policies = classMetadatas.concat(...methodMetadatas)
  19.             .filter(item => item.authorizeType === context.authorizeType)
  20.             .map(item => ({
  21.                 type: PolicyType.El,
  22.                 authorizeType: item.authorizeType,
  23.                 el: item.el
  24.             }));
  26.         const resource = context.target.name;
  27.         return {
  28.             authorizeType: context.authorizeType,
  29.             principal: SecurityContext.getAuthentication().principal,
  30.             action: context.method,
  31.             resource,
  32.             policies: policies
  33.         };
  34.     }
  35. }