org.springframework.security.access.intercept.InterceptorStatusToken Java Examples
The following examples show how to use
org.springframework.security.access.intercept.InterceptorStatusToken.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: ResourceSecurityFilter.java From zxl with Apache License 2.0 | 6 votes |
|
public void invoke(FilterInvocation fi) throws IOException,
ServletException {
if ((fi.getRequest() != null) && (fi.getRequest().getAttribute(FILTER_APPLIED) != null) && observeOncePerRequest) {
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
} else {
if (fi.getRequest() != null) {
fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
}
InterceptorStatusToken token = super.beforeInvocation(fi);
try {
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
} finally {
super.finallyInvocation(token);
}
super.afterInvocation(token, null);
}
}
Example #2
| Source File: AuthorizationCheckingServerInterceptor.java From grpc-spring-boot-starter with MIT License | 6 votes |
|
@SuppressWarnings("unchecked")
@Override
public <ReqT, RespT> Listener<ReqT> interceptCall(final ServerCall<ReqT, RespT> call, final Metadata headers,
final ServerCallHandler<ReqT, RespT> next) {
final MethodDescriptor<ReqT, RespT> methodDescriptor = call.getMethodDescriptor();
final InterceptorStatusToken token;
try {
token = beforeInvocation(methodDescriptor);
} catch (final AuthenticationException | AccessDeniedException e) {
log.debug("Access denied");
throw e;
}
log.debug("Access granted");
final Listener<ReqT> result;
try {
result = next.startCall(call, headers);
} finally {
finallyInvocation(token);
}
// TODO: Call that here or in onHalfClose?
return (Listener<ReqT>) afterInvocation(token, result);
}
Example #3
| Source File: DynamicSecurityFilter.java From mall-swarm with Apache License 2.0 | 6 votes |
|
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
FilterInvocation fi = new FilterInvocation(servletRequest, servletResponse, filterChain);
//OPTIONS请求直接放行
if(request.getMethod().equals(HttpMethod.OPTIONS.toString())){
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
return;
}
//白名单请求直接放行
PathMatcher pathMatcher = new AntPathMatcher();
for (String path : ignoreUrlsConfig.getUrls()) {
if(pathMatcher.match(path,request.getRequestURI())){
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
return;
}
}
//此处会调用AccessDecisionManager中的decide方法进行鉴权操作
InterceptorStatusToken token = super.beforeInvocation(fi);
try {
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
} finally {
super.afterInvocation(token, null);
}
}
Example #4
| Source File: CustomSecurityFilter.java From microservice-integration with MIT License | 6 votes |
|
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
logger.info("doFilter in Security ");
FilterInvocation fi = new FilterInvocation(servletRequest, servletResponse, filterChain);
//beforeInvocation会调用SecureResourceDataSource中的逻辑
InterceptorStatusToken token = super.beforeInvocation(fi);
try {
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
//执行下一个拦截器
} finally {
logger.info("through filter");
super.afterInvocation(token, null);
//throw new AccessDeniedException("no right");
}
}
Example #5
| Source File: DynamicSecurityFilter.java From mall with Apache License 2.0 | 6 votes |
|
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
FilterInvocation fi = new FilterInvocation(servletRequest, servletResponse, filterChain);
//OPTIONS请求直接放行
if(request.getMethod().equals(HttpMethod.OPTIONS.toString())){
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
return;
}
//白名单请求直接放行
PathMatcher pathMatcher = new AntPathMatcher();
for (String path : ignoreUrlsConfig.getUrls()) {
if(pathMatcher.match(path,request.getRequestURI())){
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
return;
}
}
//此处会调用AccessDecisionManager中的decide方法进行鉴权操作
InterceptorStatusToken token = super.beforeInvocation(fi);
try {
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
} finally {
super.afterInvocation(token, null);
}
}
Example #6
| Source File: CustomSecurityFilter.java From Auth-service with MIT License | 6 votes |
|
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
logger.info("doFilter in Security ");
FilterInvocation fi = new FilterInvocation(servletRequest, servletResponse, filterChain);
//beforeInvocation会调用SecureResourceDataSource中的逻辑
InterceptorStatusToken token = super.beforeInvocation(fi);
try {
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
//执行下一个拦截器
} finally {
logger.info("through filter");
super.afterInvocation(token, null);
//throw new AccessDeniedException("no right");
}
}
Example #7
| Source File: AuthorizationCheckingServerInterceptor.java From grpc-spring-boot-starter with MIT License | 6 votes |
|
@SuppressWarnings("unchecked")
@Override
public <ReqT, RespT> Listener<ReqT> interceptCall(final ServerCall<ReqT, RespT> call, final Metadata headers,
final ServerCallHandler<ReqT, RespT> next) {
final MethodDescriptor<ReqT, RespT> methodDescriptor = call.getMethodDescriptor();
final InterceptorStatusToken token;
try {
token = beforeInvocation(methodDescriptor);
} catch (final AuthenticationException | AccessDeniedException e) {
log.debug("Access denied");
throw e;
}
log.debug("Access granted");
final Listener<ReqT> result;
try {
result = next.startCall(call, headers);
} finally {
finallyInvocation(token);
}
// TODO: Call that here or in onHalfClose?
return (Listener<ReqT>) afterInvocation(token, result);
}
Example #8
| Source File: CustomFilterSecurityInterceptor.java From spring-security with Apache License 2.0 | 5 votes |
|
public void invoke(FilterInvocation fi) throws IOException, ServletException {
//fi里面有一个被拦截的url
//里面调用CustomFilterInvocationSecurityMetadataSource的getAttributes(Object object)这个方法判断该请求是否需要进行角色判断
//也就是CustomAccessDecisionManager类的decide方法
InterceptorStatusToken token = super.beforeInvocation(fi);
try {
//执行下一个拦截器
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
} finally {
super.afterInvocation(token, null);
}
}
Example #9
| Source File: MyFilterSecurityInterceptor.java From maintain with MIT License | 5 votes |
|
public void invoke(FilterInvocation fi) throws IOException, ServletException {
// fi里面有一个被拦截的url
// 里面调用MyInvocationSecurityMetadataSource的getAttributes(Object
// object)这个方法获取fi对应的所有权限
// 再调用MyAccessDecisionManager的decide方法来校验用户的权限是否足够
InterceptorStatusToken token = super.beforeInvocation(fi);
try {
// 执行下一个拦截器
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
} finally {
super.afterInvocation(token, null);
}
}
Example #10
| Source File: XWorkSecurityInterceptor.java From dhis2-core with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
@Override
public String intercept( ActionInvocation invocation )
throws Exception
{
ActionConfig actionConfig = invocation.getProxy().getConfig();
definitionSourceTag.set( requiredAuthoritiesProvider.createSecurityMetadataSource( actionConfig ) );
InterceptorStatusToken token = beforeInvocation( actionConfig );
addActionAccessResolver( invocation );
Object result = null;
try
{
result = invocation.invoke();
}
finally
{
result = afterInvocation( token, result );
definitionSourceTag.remove();
}
if ( result != null )
{
return result.toString();
}
return null;
}
Example #11
| Source File: FilterSecurityInterceptor.java From bdf3 with Apache License 2.0 | 5 votes |
|
public void invoke(FilterInvocation fi) throws IOException, ServletException {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if ((fi.getRequest() != null)
&& (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
&& observeOncePerRequest
|| (auth.isAuthenticated() && auth.getPrincipal() instanceof String && "anonymousUser".equals(auth.getPrincipal()))) {
// filter already applied to this request and user wants us to observe
// once-per-request handling, so don't re-do security checking
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
}
else {
// first time this request being called, so perform security checking
if (fi.getRequest() != null) {
fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
}
InterceptorStatusToken token = super.beforeInvocation(fi);
try {
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
}
finally {
super.finallyInvocation(token);
}
super.afterInvocation(token, null);
}
}
Example #12
| Source File: MyFilterSecurityInterceptor.java From itweet-boot with Apache License 2.0 | 5 votes |
|
public void invoke(FilterInvocation fi) throws IOException, ServletException {
//fi里面有一个被拦截的url
//里面调用MyInvocationSecurityMetadataSource的getAttributes(Object object)这个方法获取fi对应的所有权限
//再调用MyAccessDecisionManager的decide方法来校验用户的权限是否足够
InterceptorStatusToken token = super.beforeInvocation(fi);
try {
//执行下一个拦截器
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
} finally {
super.afterInvocation(token, null);
}
}
Example #13
| Source File: MyFilterSecurityInterceptor.java From springboot-security-wechat with Apache License 2.0 | 5 votes |
|
public void invoke(FilterInvocation fi) throws IOException, ServletException {
//fi里面有一个被拦截的url
//里面调用MyInvocationSecurityMetadataSource的getAttributes(Object object)这个方法获取fi对应的所有权限
//再调用MyAccessDecisionManager的decide方法来校验用户的权限是否足够
InterceptorStatusToken token = super.beforeInvocation(fi);
try {
//执行下一个拦截器
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
} finally {
super.afterInvocation(token, null);
}
}
Example #14
| Source File: MyFilterSecurityInterceptor.java From demo-project with MIT License | 5 votes |
|
public void invoke(FilterInvocation fi) throws IOException, ServletException {
InterceptorStatusToken token = super.beforeInvocation(fi);
try {
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
} finally {
super.afterInvocation(token, null);
}
}
Example #15
| Source File: SecurityFilter.java From BlogManagePlatform with Apache License 2.0 | 5 votes |
|
/**
* 自定义权限拦截
* @author Frodez
* @date 2018-12-21
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// fi里面有一个被拦截的url
// 里面调用SecuritySource的getAttributes(Object object)这个方法获取fi对应的所有权限
// 再调用AuthorityManager的decide方法来校验用户的权限是否足够
FilterInvocation invocation = new FilterInvocation(request, response, chain);
InterceptorStatusToken token = super.beforeInvocation(invocation);
try {
// 执行下一个拦截器
invocation.getChain().doFilter(invocation.getRequest(), invocation.getResponse());
} finally {
super.afterInvocation(token, null);
}
}
Example #16
| Source File: CustomFilterSecurityInterceptor.java From bbs with GNU Affero General Public License v3.0 | 5 votes |
|
public void invoke( FilterInvocation fi ) throws IOException, ServletException{
InterceptorStatusToken token = super.beforeInvocation(fi);
try{
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
}finally{
super.afterInvocation(token, null);
}
}
Example #17
| Source File: DynamicallyUrlInterceptor.java From base-admin with MIT License | 5 votes |
|
public void invoke(FilterInvocation fi) throws IOException, ServletException {
if ((fi.getRequest() != null)
&& (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
&& observeOncePerRequest) {
// filter already applied to this request and user wants us to observe
// once-per-request handling, so don't re-do security checking
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
}
else {
// first time this request being called, so perform security checking
if (fi.getRequest() != null) {
fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
}
InterceptorStatusToken token = super.beforeInvocation(fi);
try {
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
}
finally {
super.finallyInvocation(token);
}
super.afterInvocation(token, null);
}
}
Example #18
| Source File: CustomFilterSecurityInterceptor.java From spring-security with Apache License 2.0 | 5 votes |
|
public void invoke(FilterInvocation fi) throws IOException, ServletException {
//fi里面有一个被拦截的url
//里面调用CustomFilterInvocationSecurityMetadataSource的getAttributes(Object object)这个方法判断该请求是否需要进行角色判断
//也就是CustomAccessDecisionManager类的decide方法
InterceptorStatusToken token = super.beforeInvocation(fi);
try {
//执行下一个拦截器
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
} finally {
super.afterInvocation(token, null);
}
}
Example #19
| Source File: CustomFilterSecurityInterceptor.java From spring-security with Apache License 2.0 | 5 votes |
|
public void invoke(FilterInvocation fi) throws IOException, ServletException {
//fi里面有一个被拦截的url
//里面调用CustomFilterInvocationSecurityMetadataSource的getAttributes(Object object)这个方法判断该请求是否需要进行角色判断
//也就是CustomAccessDecisionManager类的decide方法
InterceptorStatusToken token = super.beforeInvocation(fi);
try {
//执行下一个拦截器
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
} finally {
super.afterInvocation(token, null);
}
}
Example #20
| Source File: CustomFilterSecurityInterceptor.java From spring-security with Apache License 2.0 | 5 votes |
|
public void invoke(FilterInvocation fi) throws IOException, ServletException {
//fi里面有一个被拦截的url
//里面调用CustomFilterInvocationSecurityMetadataSource的getAttributes(Object object)这个方法判断该请求是否需要进行角色判断
//也就是CustomAccessDecisionManager类的decide方法
InterceptorStatusToken token = super.beforeInvocation(fi);
try {
//执行下一个拦截器
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
} finally {
super.afterInvocation(token, null);
}
}
Example #21
| Source File: MyFilterSecurityInterceptor.java From spring-boot-demo with MIT License | 5 votes |
|
public void invoke(FilterInvocation fi) throws IOException, ServletException {
InterceptorStatusToken token = super.beforeInvocation(fi);
try {
//执行下一个拦截器
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
} finally {
super.afterInvocation(token, null);
}
}
Example #22
| Source File: SecurityFilter.java From hermes with Apache License 2.0 | 4 votes |
|
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
InterceptorStatusToken token = beforeInvocation(req);
chain.doFilter(req, resp);
afterInvocation(token, null);
}
