• Search by APIs
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• light-security-master
  • pom.xml
  • LICENSE
  • light-security-spring-boot-starter
    • src
      • main
        • resources
          • META-INF
            • spring.factories
        • java
          • com
            • itmuch
              • lightsecurity
                • jwt
                  • UserOperator.java
                  • JwtOperator.java
                  • User.java
                • enums
                  • HttpMethod.java
                • util
                  • RestfulMatchUtil.java
                  • SpringElCheckUtil.java
                • exception
                  • LightSecurityException.java
                • constants
                  • ConstantsSecurity.java
                • spec
                  • SpecRegistry.java
                  • Spec.java
                • interceptor
                  • AuthInterceptor.java
                • el
                  • PreAuthorizeExpressionRoot.java
                • annotation
                  • support
                    • PreAuthorizeAspect.java
                  • PreAuthorize.java
                • autoconfigure
                  • lightsecurity
                    • LightSecurityConfiguration.java
                    • LightSecurityProperties.java
                    • LightSecurityAutoConfiguration.java
    • pom.xml
    • pom.xml.versionsBackup
  • light-security-example
    • src
      • main
        • resources
          • application.yml
        • java
          • com
            • itmuch
              • lightsecurity
                • example
                  • LightSecurityExceptionHandler.java
                  • LightSecurityExampleApplication.java
                  • TestController.java
    • pom.xml
    • IDEA HTTP Client测试脚本.http
    • README.md
  • README.md
  • light-security-webflux-spring-boot-starter
    • src
      • main
        • resources
          • META-INF
            • spring.factories
        • java
          • com
            • itmuch
              • lightsecurity
                • reactive
                  • ReactorContextWebFilter.java
                  • ReactiveRequestContextHolder.java
                  • AuthWebFilter.java
                • jwt
                  • ReactiveUserOperator.java
                  • JwtOperator.java
                  • User.java
                • enums
                  • HttpMethod.java
                • util
                  • ReactiveSpringElCheckUtil.java
                  • ReactiveRestfulMatchUtil.java
                • exception
                  • LightSecurityException.java
                • constants
                  • ConstantsSecurity.java
                • spec
                  • SpecRegistry.java
                  • Spec.java
                • el
                  • ReactivePreAuthorizeExpressionRoot.java
                • annotation
                  • support
                    • ReactivePreAuthorizeAspect.java
                  • PreAuthorize.java
                • autoconfigure
                  • lightsecurity
                    • ReactiveLightSecurityProperties.java
                    • ReactiveLightSecurityConfiguration.java
                    • ReactiveLightSecurityAutoConfiguration.java
    • pom.xml
    • pom.xml.versionsBackup
  • light-security-webflux-example
    • src
      • main
        • resources
          • application.yml
        • java
          • com
            • itmuch
              • lightsecurity
                • example
                  • error
                    • GlobalErrorWebFluxConfiguration.java
                    • GlobalErrorWebExceptionHandler.java
                  • ReactiveLightSecurityExampleApplication.java
                  • TestController.java
    • pom.xml
    • pom.xml.versionsBackup
    • IDEA HTTP Client测试脚本.http
    • README.md
  • .gitignore

package com.itmuch.lightsecurity.reactive;

import com.itmuch.lightsecurity.el.ReactivePreAuthorizeExpressionRoot;
import com.itmuch.lightsecurity.exception.LightSecurityException;
import com.itmuch.lightsecurity.spec.Spec;
import com.itmuch.lightsecurity.util.ReactiveRestfulMatchUtil;
import com.itmuch.lightsecurity.util.ReactiveSpringElCheckUtil;
import lombok.RequiredArgsConstructor;
import org.springframework.expression.spel.support.StandardEvaluationContext;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;

import java.util.List;

/**
 * 授权控制过滤器
 *
 * @author itmuch.com
 */
@RequiredArgsConstructor
public class AuthWebFilter implements WebFilter {
    private final List<Spec> specList;
    private final ReactivePreAuthorizeExpressionRoot reactivePreAuthorizeExpressionRoot;

    @Override
    public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
        ServerHttpRequest request = exchange.getRequest();

        Mono<Boolean> mono = specList.stream()
                .filter(spec -> ReactiveRestfulMatchUtil.match(request, spec.getHttpMethod(), spec.getPath()))
                .findFirst()
                .map(spec -> {
                    String expression = spec.getExpression();
                    return ReactiveSpringElCheckUtil.check(
                            new StandardEvaluationContext(reactivePreAuthorizeExpressionRoot),
                            expression
                    );

                })
                .orElse(Mono.just(true));

        return mono.filter(t -> t)
                .switchIfEmpty(Mono.error(new LightSecurityException("Access Denied")))
                .flatMap(t -> chain.filter(exchange));
    }
}