Java Code Examples for org.springframework.security.web.util.matcher.AntPathRequestMatcher#matches()
The following examples show how to use
org.springframework.security.web.util.matcher.AntPathRequestMatcher#matches() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: RbacAuthorityService.java From spring-boot-demo with MIT License | 6 votes |
|
/**
* 校验请求是否存在
*
* @param request 请求
*/
private void checkRequest(HttpServletRequest request) {
// 获取当前 request 的方法
String currentMethod = request.getMethod();
Multimap<String, String> urlMapping = allUrlMapping();
for (String uri : urlMapping.keySet()) {
// 通过 AntPathRequestMatcher 匹配 url
// 可以通过 2 种方式创建 AntPathRequestMatcher
// 1:new AntPathRequestMatcher(uri,method) 这种方式可以直接判断方法是否匹配,因为这里我们把 方法不匹配 自定义抛出,所以,我们使用第2种方式创建
// 2:new AntPathRequestMatcher(uri) 这种方式不校验请求方法,只校验请求路径
AntPathRequestMatcher antPathMatcher = new AntPathRequestMatcher(uri);
if (antPathMatcher.matches(request)) {
if (!urlMapping.get(uri)
.contains(currentMethod)) {
throw new SecurityException(Status.HTTP_BAD_METHOD);
} else {
return;
}
}
}
throw new SecurityException(Status.REQUEST_NOT_FOUND);
}
Example 2
| Source File: RbacAuthorityService.java From spring-boot-demo with MIT License | 6 votes |
|
/**
* 校验请求是否存在
*
* @param request 请求
*/
private void checkRequest(HttpServletRequest request) {
// 获取当前 request 的方法
String currentMethod = request.getMethod();
Multimap<String, String> urlMapping = allUrlMapping();
for (String uri : urlMapping.keySet()) {
// 通过 AntPathRequestMatcher 匹配 url
// 可以通过 2 种方式创建 AntPathRequestMatcher
// 1:new AntPathRequestMatcher(uri,method) 这种方式可以直接判断方法是否匹配,因为这里我们把 方法不匹配 自定义抛出,所以,我们使用第2种方式创建
// 2:new AntPathRequestMatcher(uri) 这种方式不校验请求方法,只校验请求路径
AntPathRequestMatcher antPathMatcher = new AntPathRequestMatcher(uri);
if (antPathMatcher.matches(request)) {
if (!urlMapping.get(uri)
.contains(currentMethod)) {
throw new SecurityException(Status.HTTP_BAD_METHOD);
} else {
return;
}
}
}
throw new SecurityException(Status.REQUEST_NOT_FOUND);
}
Example 3
| Source File: RbacAuthorityService.java From spring-boot-demo with MIT License | 6 votes |
|
/**
* 校验请求是否存在
*
* @param request 请求
*/
private void checkRequest(HttpServletRequest request) {
// 获取当前 request 的方法
String currentMethod = request.getMethod();
Multimap<String, String> urlMapping = allUrlMapping();
for (String uri : urlMapping.keySet()) {
// 通过 AntPathRequestMatcher 匹配 url
// 可以通过 2 种方式创建 AntPathRequestMatcher
// 1:new AntPathRequestMatcher(uri,method) 这种方式可以直接判断方法是否匹配,因为这里我们把 方法不匹配 自定义抛出,所以,我们使用第2种方式创建
// 2:new AntPathRequestMatcher(uri) 这种方式不校验请求方法,只校验请求路径
AntPathRequestMatcher antPathMatcher = new AntPathRequestMatcher(uri);
if (antPathMatcher.matches(request)) {
if (!urlMapping.get(uri)
.contains(currentMethod)) {
throw new SecurityException(Status.HTTP_BAD_METHOD);
} else {
return;
}
}
}
throw new SecurityException(Status.REQUEST_NOT_FOUND);
}
Example 4
| Source File: CustomFilterInvocationSecurityMetadataSource.java From spring-security with Apache License 2.0 | 5 votes |
|
private boolean matchers(String url, HttpServletRequest request) {
AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
if (matcher.matches(request)) {
return true;
}
return false;
}
Example 5
| Source File: CommonUtil.java From spring-security with Apache License 2.0 | 5 votes |
|
public static boolean matchers(String url, HttpServletRequest request) {
AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
if (matcher.matches(request)) {
return true;
}
return false;
}
Example 6
| Source File: CustomFilterInvocationSecurityMetadataSource.java From spring-security with Apache License 2.0 | 5 votes |
|
private boolean matchers(String url, HttpServletRequest request) {
AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
if (matcher.matches(request)) {
return true;
}
return false;
}
Example 7
| Source File: RequestUtil.java From spring-security with Apache License 2.0 | 5 votes |
|
public static boolean matchers(String url, HttpServletRequest request) {
AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
if (matcher.matches(request)) {
return true;
}
return false;
}
Example 8
| Source File: CustomFilterInvocationSecurityMetadataSource.java From spring-security with Apache License 2.0 | 5 votes |
|
private boolean matchers(String url, HttpServletRequest request) {
AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
if (matcher.matches(request)) {
return true;
}
return false;
}
Example 9
| Source File: RequestUtil.java From spring-security with Apache License 2.0 | 5 votes |
|
public static boolean matchers(String url, HttpServletRequest request) {
AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
if (matcher.matches(request)) {
return true;
}
return false;
}
Example 10
| Source File: JwtAuthenticationFilter.java From spring-boot-demo with MIT License | 4 votes |
|
/**
* 请求是否不需要进行权限拦截
*
* @param request 当前请求
* @return true - 忽略,false - 不忽略
*/
private boolean checkIgnores(HttpServletRequest request) {
String method = request.getMethod();
HttpMethod httpMethod = HttpMethod.resolve(method);
if (ObjectUtil.isNull(httpMethod)) {
httpMethod = HttpMethod.GET;
}
Set<String> ignores = Sets.newHashSet();
switch (httpMethod) {
case GET:
ignores.addAll(customConfig.getIgnores()
.getGet());
break;
case PUT:
ignores.addAll(customConfig.getIgnores()
.getPut());
break;
case HEAD:
ignores.addAll(customConfig.getIgnores()
.getHead());
break;
case POST:
ignores.addAll(customConfig.getIgnores()
.getPost());
break;
case PATCH:
ignores.addAll(customConfig.getIgnores()
.getPatch());
break;
case TRACE:
ignores.addAll(customConfig.getIgnores()
.getTrace());
break;
case DELETE:
ignores.addAll(customConfig.getIgnores()
.getDelete());
break;
case OPTIONS:
ignores.addAll(customConfig.getIgnores()
.getOptions());
break;
default:
break;
}
ignores.addAll(customConfig.getIgnores()
.getPattern());
if (CollUtil.isNotEmpty(ignores)) {
for (String ignore : ignores) {
AntPathRequestMatcher matcher = new AntPathRequestMatcher(ignore, method);
if (matcher.matches(request)) {
return true;
}
}
}
return false;
}
Example 11
| Source File: TempletesInterceptor.java From bbs with GNU Affero General Public License v3.0 | 4 votes |
|
/**
* preHandle()方法在业务处理器处理请求之前被调用
*/
public boolean preHandle(HttpServletRequest request,HttpServletResponse response,
Object handler) throws Exception {
//System.out.println(request.getRequestURI()+" -- "+request.getQueryString()+" -- "+request.getMethod());
//拦截用户角色处理 注解参考: @RoleAnnotation(resourceCode=ResourceEnum._2001000)
if(handler instanceof HandlerMethod){
HandlerMethod handlerMethod= (HandlerMethod) handler;
Method method=handlerMethod.getMethod();
RoleAnnotation roleAnnotation = method.getAnnotation(RoleAnnotation.class);
if(roleAnnotation != null){
boolean flag = userRoleManage.checkPermission(roleAnnotation.resourceCode(),null);
if(!flag){
return false;
}
}
}
//设置自定义标签的URL
if(request != null){
if(Configuration.getPath() == null || "".equals(Configuration.getPath())){
Configuration.setPath(request.getContextPath());
}
//添加sessionId
TemplateThreadLocal.addRuntimeParameter("sessionId", request.getSession().getId());
//Cookies
TemplateThreadLocal.addRuntimeParameter("cookies", request.getCookies());
//URI
TemplateThreadLocal.addRuntimeParameter("requestURI", request.getRequestURI());
//URL参数
TemplateThreadLocal.addRuntimeParameter("queryString", request.getQueryString());
//IP
TemplateThreadLocal.addRuntimeParameter("ip", IpAddress.getClientIpAddress(request));
//获取登录用户(user/开头的URL才有值)
AccessUser accessUser = AccessUserThreadLocal.get();
if(accessUser != null){
TemplateThreadLocal.addRuntimeParameter("accessUser", accessUser);
}else{
//获取登录用户
AccessUser _accessUser = oAuthManage.getUserName(request);
if(_accessUser != null){
UserState userState = userManage.query_userState(_accessUser.getUserName().trim());//用户状态
if(userState != null && userState.getSecurityDigest().equals(_accessUser.getSecurityDigest())){//验证安全摘要
TemplateThreadLocal.addRuntimeParameter("accessUser", _accessUser );
AccessUserThreadLocal.set(_accessUser);
}
}
}
}
//设置令牌
csrfTokenManage.setToken(request,response);
SystemSetting systemSetting = settingService.findSystemSetting_cache();
if(systemSetting.getCloseSite().equals(3)){//3.全站关闭
boolean backstage_flag = false;
//后台URL
for (AntPathRequestMatcher rm : backstage_filterMatchers) {
if (rm.matches(request)) {
backstage_flag = true;
}
}
if(backstage_flag == false){
String baseURI = Configuration.baseURI(request.getRequestURI(), request.getContextPath());
//删除后缀
baseURI = StringUtils.substringBeforeLast(baseURI, ".");
if(!baseURI.equalsIgnoreCase("message")){
response.sendRedirect(Configuration.getUrl(request)+"message");
return false;
}
}
}
return true;
}
Example 12
| Source File: JwtAuthenticationFilter.java From spring-boot-demo with MIT License | 4 votes |
|
/**
* 请求是否不需要进行权限拦截
*
* @param request 当前请求
* @return true - 忽略,false - 不忽略
*/
private boolean checkIgnores(HttpServletRequest request) {
String method = request.getMethod();
HttpMethod httpMethod = HttpMethod.resolve(method);
if (ObjectUtil.isNull(httpMethod)) {
httpMethod = HttpMethod.GET;
}
Set<String> ignores = Sets.newHashSet();
switch (httpMethod) {
case GET:
ignores.addAll(customConfig.getIgnores()
.getGet());
break;
case PUT:
ignores.addAll(customConfig.getIgnores()
.getPut());
break;
case HEAD:
ignores.addAll(customConfig.getIgnores()
.getHead());
break;
case POST:
ignores.addAll(customConfig.getIgnores()
.getPost());
break;
case PATCH:
ignores.addAll(customConfig.getIgnores()
.getPatch());
break;
case TRACE:
ignores.addAll(customConfig.getIgnores()
.getTrace());
break;
case DELETE:
ignores.addAll(customConfig.getIgnores()
.getDelete());
break;
case OPTIONS:
ignores.addAll(customConfig.getIgnores()
.getOptions());
break;
default:
break;
}
ignores.addAll(customConfig.getIgnores()
.getPattern());
if (CollUtil.isNotEmpty(ignores)) {
for (String ignore : ignores) {
AntPathRequestMatcher matcher = new AntPathRequestMatcher(ignore, method);
if (matcher.matches(request)) {
return true;
}
}
}
return false;
}
Example 13
| Source File: JwtAuthenticationFilter.java From spring-boot-demo with MIT License | 4 votes |
|
/**
* 请求是否不需要进行权限拦截
*
* @param request 当前请求
* @return true - 忽略,false - 不忽略
*/
private boolean checkIgnores(HttpServletRequest request) {
String method = request.getMethod();
HttpMethod httpMethod = HttpMethod.resolve(method);
if (ObjectUtil.isNull(httpMethod)) {
httpMethod = HttpMethod.GET;
}
Set<String> ignores = Sets.newHashSet();
switch (httpMethod) {
case GET:
ignores.addAll(customConfig.getIgnores()
.getGet());
break;
case PUT:
ignores.addAll(customConfig.getIgnores()
.getPut());
break;
case HEAD:
ignores.addAll(customConfig.getIgnores()
.getHead());
break;
case POST:
ignores.addAll(customConfig.getIgnores()
.getPost());
break;
case PATCH:
ignores.addAll(customConfig.getIgnores()
.getPatch());
break;
case TRACE:
ignores.addAll(customConfig.getIgnores()
.getTrace());
break;
case DELETE:
ignores.addAll(customConfig.getIgnores()
.getDelete());
break;
case OPTIONS:
ignores.addAll(customConfig.getIgnores()
.getOptions());
break;
default:
break;
}
ignores.addAll(customConfig.getIgnores()
.getPattern());
if (CollUtil.isNotEmpty(ignores)) {
for (String ignore : ignores) {
AntPathRequestMatcher matcher = new AntPathRequestMatcher(ignore, method);
if (matcher.matches(request)) {
return true;
}
}
}
return false;
}
