1、 配置文件
Auth/META-INF.contribution.eosinf
<configValue key="account_isrecord_operation_log">true</configValue>
<group name="permission-config">
<configValue key="permission_check_isused">true</configValue>
<configValue key="permission_check_handler">org.gocom.abframe.auth.permission.PermissionCheckedHandler</configValue>
2、 调用类
PermissionCheckedHandler implements IAccessedResourceCheckedHandler
return PermissionUtil.hasPermission(accessedResource, userObject);
PermissionUtil
public static CheckedResult hasPermission(IAccessedResource accessedResource, IUserObject userObject) throws Exception {
return hasPermission(accessedResource.getResourceURI(), userObject);
}
public static CheckedResult hasPermission(String uri, IUserObject userObject) {
boolean haspermission = false;
if (uri != null) {
// uri,packagename,name,params,type
String[] info = getContributionName(uri);
// 是否已注册功能
CacheFunction cacheFunc = isRegistedFunction(info[0]);
// 不进行权限校验的情况,有如下几种:
//
// 用户名为sysadmin账号
// 注册在功能表中的功能需要做一下验证
// 当前构件包下的资源不在需要权限校验的范围-
// 是默认提供的内置资源
// 是portal资源
// 调试版
// haspermission = isAdminUser(userObject);
// LogUtil.logDebug("权限检验:isAdminUser={0}", null, new Object[] {
// haspermission });
// haspermission = haspermission ||
// isUnCheckedContributions(info[1], info[0]);
// LogUtil.logDebug("权限检验:isUnCheckedContributions={0}", null, new
// Object[] { haspermission });
// haspermission = haspermission ||
// isUncheckedPermssionResource(info[0]);
// LogUtil.logDebug("权限检验:isUncheckedPermssionResource={0}", null,
// new Object[] { haspermission });
// haspermission = isPortalResource(info[0]);
// LogUtil.logDebug("权限检验:isPortalResource={0}", null, new Object[]
// { haspermission });
// 运行版
haspermission = isAdminUser(userObject) || isUnCheckedContributions(info[1], info[0]) || isUncheckedPermssionResource(info[0]) || isPortalResource(info[0]);
if (!haspermission) {
// session超时或未登录,返回登录页面
if (userObject == null) {
LogUtil.logDebug("权限检验:userObject==null", null, (Object) null);
return CheckedResult.FORWARDLOGIN;
}
try {
if (cacheFunc!=null) {
try {
PermissionChecker checker = PermissionCheckerFactory.create(userObject, true);
// 判断请求是否为已授权功能
haspermission = checker.hasAccessPermission(info[0], false);
// 判断请求是否为已授权功能的资源,如果是已授权功能则通过逻辑短路跳过资源判断
haspermission = haspermission || checker.hasAccessPermission(info[0], true);
} catch (Exception e) {
e.printStackTrace();
haspermission = false;
}
} else {
haspermission = ABFConfigKey.PERMISSION_UNREGIST_ACCESS.getBLConfigValue();
}
} catch (Exception e) {
LogUtil.logError("判断权限出现异常:url={0}", e, new Object[] { uri });
haspermission = false;
}
}
if (ISRECORD_OPERATION_LOG && haspermission && cacheFunc!=null) { //记录操作日志
if (cacheFunc.getFuncaction()!=null && cacheFunc.getFuncaction().indexOf("com.hymake.fjbid.util.syslog")<0) {
DataObject operLog = DataObjectUtil.createDataObject("com.hymake.fjbid.util.Common_PO.HtOperatorLog");
operLog.setString("funccode",cacheFunc.getFunccode());
operLog.setString("funcname",cacheFunc.getFuncname());
operLog.setString("funcaction",cacheFunc.getFuncaction());
operLog.setString("haspermission",haspermission?"1":"0");
DataObject[] acRoles = (DataObject[])userObject.getAttributes().get("roles");
String roles = acRoles[0].getString("roleid");
for (int j=1; j<acRoles.length; j++) {
roles += ","+acRoles[j].getString("roleid");
}
operLog.setString("operrole",roles);
operLog.setString("operid",(String)userObject.getAttributes().get("operatorid"));
operLog.setString("clientip",userObject.getUserRemoteIP());
ISysLog sysLog = new ISysLogImpl();
sysLog.saveOperationLog(operLog);
}
}
}
return haspermission ? CheckedResult.THREAD_ACCESSED_PASS : CheckedResult.REJECT;
}
3、 保存日志
private static final Queue<DataObject> logQueue = new LinkedList<DataObject>();
sysLog.saveOperationLog(operLog);
public boolean saveOperationLog(DataObject operLog) {
boolean flag = false;
if (operLog != null) {
if (operLog.getString("id") == null || "".equals(operLog.getString("id"))) {
DatabaseExt.getPrimaryKey(operLog);
}
operLog.setDate("logtime", new java.util.Date());
flag = logQueue.offer(operLog);
}
if (operLogThread == null || !operLogThread.isAlive()) {
operLogThread = new OperationLogThread();
operLogThread.start();
log.debug("start OperationLogThread, name:"+operLogThread.getName());
} else {
log.debug("OperationLogThread isStop:"+operLogThread.isInterrupted()+",isAlive:"+operLogThread.isAlive());
}
return flag;
}
先加入到队列
后调用线程执行
解决同步问题
public void run() {
log.debug("current thread:"+OperationLogThread.currentThread().getName());
while (!ISysLogImpl.getLogQueue().isEmpty()) {
DataObject logObj = ISysLogImpl.getLogQueue().poll();
DatabaseUtil.insertEntity("default",logObj);
}
OperationLogThread.currentThread().interrupt();
}