Java Code Examples for org.springframework.security.web.FilterInvocation#getRequest()

The following examples show how to use org.springframework.security.web.FilterInvocation#getRequest() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ResourceSecurityFilter.java    From zxl with Apache License 2.0 6 votes vote down vote up
public void invoke(FilterInvocation fi) throws IOException,
		ServletException {
	if ((fi.getRequest() != null) && (fi.getRequest().getAttribute(FILTER_APPLIED) != null) && observeOncePerRequest) {
		fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
	} else {
		if (fi.getRequest() != null) {
			fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
		}
		InterceptorStatusToken token = super.beforeInvocation(fi);
		try {
			fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
		} finally {
			super.finallyInvocation(token);
		}
		super.afterInvocation(token, null);
	}
}
 
Example 2
Source File: DynamicallyUrlInterceptor.java    From base-admin with MIT License 5 votes vote down vote up
public void invoke(FilterInvocation fi) throws IOException, ServletException {

        if ((fi.getRequest() != null)
                && (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
                && observeOncePerRequest) {
            // filter already applied to this request and user wants us to observe
            // once-per-request handling, so don't re-do security checking
            fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
        }
        else {
            // first time this request being called, so perform security checking
            if (fi.getRequest() != null) {
                fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
            }

            InterceptorStatusToken token = super.beforeInvocation(fi);

            try {
                fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
            }
            finally {
                super.finallyInvocation(token);
            }

            super.afterInvocation(token, null);
        }
    }
 
Example 3
Source File: MyFilterInvocationSecurityMetadataSource.java    From base-admin with MIT License 5 votes vote down vote up
/**
 * 在我们初始化的权限数据中找到对应当前url的权限数据
 */
@Override
public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
    FilterInvocation fi = (FilterInvocation) object;
    HttpServletRequest request = fi.getRequest();

    //遍历我们初始化的权限数据,找到对应的url对应的权限
    for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : requestMap
            .entrySet()) {
        if (entry.getKey().matches(request)) {
            return entry.getValue();
        }
    }
    return null;
}
 
Example 4
Source File: FilterSecurityInterceptor.java    From bdf3 with Apache License 2.0 5 votes vote down vote up
public void invoke(FilterInvocation fi) throws IOException, ServletException {
	Authentication auth = SecurityContextHolder.getContext().getAuthentication();
	if ((fi.getRequest() != null)
			&& (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
			&& observeOncePerRequest
			|| (auth.isAuthenticated() && auth.getPrincipal() instanceof String && "anonymousUser".equals(auth.getPrincipal()))) {
		// filter already applied to this request and user wants us to observe
		// once-per-request handling, so don't re-do security checking
		fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
	}
	else {
		// first time this request being called, so perform security checking
		if (fi.getRequest() != null) {
			fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
		}

		InterceptorStatusToken token = super.beforeInvocation(fi);

		try {
			fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
		}
		finally {
			super.finallyInvocation(token);
		}

		super.afterInvocation(token, null);
	}
}
 
Example 5
Source File: StudioGeneralAccessDecisionVoter.java    From studio with GNU General Public License v3.0 5 votes vote down vote up
@Override
public int vote(Authentication authentication, Object object, Collection collection) {
    int toRet = authentication.isAuthenticated() ? ACCESS_ABSTAIN : ACCESS_DENIED;
    String requestUri="";
    if (object instanceof FilterInvocation) {
        FilterInvocation filterInvocation = (FilterInvocation) object;
        HttpServletRequest request = filterInvocation.getRequest();
        requestUri = request.getRequestURI().replace(request.getContextPath(), "");
        if (RegexUtils.matchesAny(requestUri, getPublicUrls())) {
            toRet = ACCESS_GRANTED;
        }
    }
    logger.debug("Request: " + requestUri + " - Access: " + toRet);
    return toRet;
}
 
Example 6
Source File: StudioCmisDSAPIAccessDecisionVoter.java    From studio with GNU General Public License v3.0 4 votes vote down vote up
@Override
public int vote(Authentication authentication, Object o, Collection collection) {
    int toRet = ACCESS_ABSTAIN;
    String requestUri = "";
    if (o instanceof FilterInvocation) {
        FilterInvocation filterInvocation = (FilterInvocation)o;
        HttpServletRequest  request = filterInvocation.getRequest();
        requestUri = request.getRequestURI().replace(request.getContextPath(), "");
        String siteParam = request.getParameter("site_id");
        User currentUser = null;
        try {
            currentUser = (User) authentication.getPrincipal();
        } catch (ClassCastException e) {
            // anonymous user
            if (!authentication.getPrincipal().toString().equals("anonymousUser")) {
                logger.info("Error getting current user", e);
                return ACCESS_ABSTAIN;
            }
        }

        switch (requestUri) {
            case UPLOAD:
                if (currentUser != null) {
                    toRet = ACCESS_GRANTED;
                } else {
                    toRet = ACCESS_DENIED;
                }
                break;
            case SEARCH:
            case LIST:
                if (currentUser != null && isSiteMember(siteParam, currentUser)) {
                    toRet = ACCESS_GRANTED;
                } else {
                    toRet = ACCESS_DENIED;
                }
                break;
            default:
                toRet = ACCESS_ABSTAIN;
                break;
        }
    }
    logger.debug("Request: " + requestUri + " - Access: " + toRet);
    return toRet;
}