Java Code Examples for org.springframework.security.web.FilterInvocation#getRequest()
The following examples show how to use
org.springframework.security.web.FilterInvocation#getRequest() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: ResourceSecurityFilter.java From zxl with Apache License 2.0 | 6 votes |
|
public void invoke(FilterInvocation fi) throws IOException,
ServletException {
if ((fi.getRequest() != null) && (fi.getRequest().getAttribute(FILTER_APPLIED) != null) && observeOncePerRequest) {
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
} else {
if (fi.getRequest() != null) {
fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
}
InterceptorStatusToken token = super.beforeInvocation(fi);
try {
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
} finally {
super.finallyInvocation(token);
}
super.afterInvocation(token, null);
}
}
Example 2
| Source File: DynamicallyUrlInterceptor.java From base-admin with MIT License | 5 votes |
|
public void invoke(FilterInvocation fi) throws IOException, ServletException {
if ((fi.getRequest() != null)
&& (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
&& observeOncePerRequest) {
// filter already applied to this request and user wants us to observe
// once-per-request handling, so don't re-do security checking
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
}
else {
// first time this request being called, so perform security checking
if (fi.getRequest() != null) {
fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
}
InterceptorStatusToken token = super.beforeInvocation(fi);
try {
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
}
finally {
super.finallyInvocation(token);
}
super.afterInvocation(token, null);
}
}
Example 3
| Source File: MyFilterInvocationSecurityMetadataSource.java From base-admin with MIT License | 5 votes |
|
/**
* 在我们初始化的权限数据中找到对应当前url的权限数据
*/
@Override
public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
FilterInvocation fi = (FilterInvocation) object;
HttpServletRequest request = fi.getRequest();
//遍历我们初始化的权限数据,找到对应的url对应的权限
for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : requestMap
.entrySet()) {
if (entry.getKey().matches(request)) {
return entry.getValue();
}
}
return null;
}
Example 4
| Source File: FilterSecurityInterceptor.java From bdf3 with Apache License 2.0 | 5 votes |
|
public void invoke(FilterInvocation fi) throws IOException, ServletException {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if ((fi.getRequest() != null)
&& (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
&& observeOncePerRequest
|| (auth.isAuthenticated() && auth.getPrincipal() instanceof String && "anonymousUser".equals(auth.getPrincipal()))) {
// filter already applied to this request and user wants us to observe
// once-per-request handling, so don't re-do security checking
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
}
else {
// first time this request being called, so perform security checking
if (fi.getRequest() != null) {
fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
}
InterceptorStatusToken token = super.beforeInvocation(fi);
try {
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
}
finally {
super.finallyInvocation(token);
}
super.afterInvocation(token, null);
}
}
Example 5
| Source File: StudioGeneralAccessDecisionVoter.java From studio with GNU General Public License v3.0 | 5 votes |
|
@Override
public int vote(Authentication authentication, Object object, Collection collection) {
int toRet = authentication.isAuthenticated() ? ACCESS_ABSTAIN : ACCESS_DENIED;
String requestUri="";
if (object instanceof FilterInvocation) {
FilterInvocation filterInvocation = (FilterInvocation) object;
HttpServletRequest request = filterInvocation.getRequest();
requestUri = request.getRequestURI().replace(request.getContextPath(), "");
if (RegexUtils.matchesAny(requestUri, getPublicUrls())) {
toRet = ACCESS_GRANTED;
}
}
logger.debug("Request: " + requestUri + " - Access: " + toRet);
return toRet;
}
Example 6
| Source File: StudioCmisDSAPIAccessDecisionVoter.java From studio with GNU General Public License v3.0 | 4 votes |
|
@Override
public int vote(Authentication authentication, Object o, Collection collection) {
int toRet = ACCESS_ABSTAIN;
String requestUri = "";
if (o instanceof FilterInvocation) {
FilterInvocation filterInvocation = (FilterInvocation)o;
HttpServletRequest request = filterInvocation.getRequest();
requestUri = request.getRequestURI().replace(request.getContextPath(), "");
String siteParam = request.getParameter("site_id");
User currentUser = null;
try {
currentUser = (User) authentication.getPrincipal();
} catch (ClassCastException e) {
// anonymous user
if (!authentication.getPrincipal().toString().equals("anonymousUser")) {
logger.info("Error getting current user", e);
return ACCESS_ABSTAIN;
}
}
switch (requestUri) {
case UPLOAD:
if (currentUser != null) {
toRet = ACCESS_GRANTED;
} else {
toRet = ACCESS_DENIED;
}
break;
case SEARCH:
case LIST:
if (currentUser != null && isSiteMember(siteParam, currentUser)) {
toRet = ACCESS_GRANTED;
} else {
toRet = ACCESS_DENIED;
}
break;
default:
toRet = ACCESS_ABSTAIN;
break;
}
}
logger.debug("Request: " + requestUri + " - Access: " + toRet);
return toRet;
}
