第 30 章 控制portal的权限

实际是只是为portlet添加权限拦截器,它会为portlet进行Pre-Auth式认证,就是说它会从当前SecurityContext中取出权限实体,用来进行portlet的校验。

在portlet对应的配置文件中配置如下拦截器,用于校验对应portlet的权限。

<bean id="portletContextIntegrationInterceptor" class="org.springframework.security.context.PortletSessionContextIntegrationInterceptor"/>

<bean id="portletAuthenticationInterceptor" class="org.springframework.security.ui.portlet.PortletProcessingInterceptor">
    <property name="authenticationDetailsSource">
        <bean class="org.springframework.security.ui.portlet.PortletPreAuthenticatedAuthenticationDetailsSource">
            <property name="mappableRolesRetriever">
                <bean class="org.springframework.security.authoritymapping.SimpleMappableAttributesRetriever">
                    <property name="mappableAttributes">
                        <list>
                            <value>tomcat</value>
                            <value>admin</value>
                            <value>manager</value>
                            <!-- Some standard liferay roles -->
                            <value>Administrator</value>
                            <value>Guest</value>
                            <value>User</value>
                            <value>Power User</value>
                        </list>
                    </property>
                </bean>
            </property>
        </bean>
    </property>
    <property name="authenticationManager" ref="authenticationManager"/>
    <!-- Liferay doesn't seem to set the authType -->
    <property name="useAuthTypeAsCredentials" value="false"/>
</bean>

<sec:authentication-manager alias="authenticationManager"/>

<bean id="portletAuthProvider" class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
    <sec:custom-authentication-provider/>
    <property name="preAuthenticatedUserDetailsService">
        <bean class="org.springframework.security.providers.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService"/>
    </property>
    <property name="throwExceptionWhenTokenRejected" value="true"/>
</bean>
    

实例在ch120。