Java Code Examples for org.springframework.security.web.util.matcher.RequestMatcher#matches()
The following examples show how to use
org.springframework.security.web.util.matcher.RequestMatcher#matches() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: DelegateRequestMatchingFilter.java From youkefu with Apache License 2.0 | 6 votes |
|
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
boolean matchAnyRoles = false ;
for(RequestMatcher anyRequest : ignoredRequests ){
if(anyRequest.matches(request)){
matchAnyRoles = true ;
}
}
User user = (User) request.getSession().getAttribute(UKDataContext.USER_SESSION_NAME) ;
if(matchAnyRoles){
if(user !=null && "0".equals(user.getUsertype())){
chain.doFilter(req,resp);
}else{
//重定向到 无权限执行操作的页面
HttpServletResponse response = (HttpServletResponse) resp ;
response.sendRedirect("/?msg=security");
}
}else{
try{
chain.doFilter(req,resp);
}catch(ClientAbortException ex){
//Tomcat异常,不做处理
}
}
}
Example 2
| Source File: ValidateCodeFilter.java From FEBS-Cloud with Apache License 2.0 | 6 votes |
|
@Override
protected void doFilterInternal(@Nonnull HttpServletRequest httpServletRequest, @Nonnull HttpServletResponse httpServletResponse,
@Nonnull FilterChain filterChain) throws ServletException, IOException {
String header = httpServletRequest.getHeader(HttpHeaders.AUTHORIZATION);
RequestMatcher matcher = new AntPathRequestMatcher(EndpointConstant.OAUTH_TOKEN, HttpMethod.POST.toString());
if (matcher.matches(httpServletRequest)
&& StringUtils.equalsIgnoreCase(httpServletRequest.getParameter(ParamsConstant.GRANT_TYPE), GrantTypeConstant.PASSWORD)) {
try {
validateCode(httpServletRequest);
filterChain.doFilter(httpServletRequest, httpServletResponse);
} catch (Exception e) {
FebsResponse febsResponse = new FebsResponse();
FebsUtil.makeFailureResponse(httpServletResponse, febsResponse.message(e.getMessage()));
log.error(e.getMessage(), e);
}
} else {
filterChain.doFilter(httpServletRequest, httpServletResponse);
}
}
Example 3
| Source File: TokenAuthenticationFilter.java From ChengFeng1.5 with MIT License | 5 votes |
|
protected boolean permissiveRequest(HttpServletRequest request) {
if(permissiveRequestMatchers == null)
return false;
for(RequestMatcher permissiveMatcher : permissiveRequestMatchers) {
if(permissiveMatcher.matches(request))
return true;
}
return false;
}
Example 4
| Source File: CrustAuthenticationFilter.java From Milkomeda with MIT License | 5 votes |
|
protected boolean permissiveRequest(HttpServletRequest request) {
if (permissiveRequestMatchers == null)
return false;
for (RequestMatcher permissiveMatcher : permissiveRequestMatchers) {
if (permissiveMatcher.matches(request))
return true;
}
return false;
}
Example 5
| Source File: CaptchaAuthenticationFilter.java From cola with MIT License | 5 votes |
|
private AuthenticationFailureHandler requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
for (RequestMatcher matcher : requestMatcherMap.keySet()) {
if (matcher.matches(request)) {
return requestMatcherMap.get(matcher);
}
}
return null;
}
Example 6
| Source File: MutipleRequestMatcher.java From onetwo with Apache License 2.0 | 5 votes |
|
@Override
public boolean matches(HttpServletRequest request) {
for(RequestMatcher matcher : matchers){
if(matcher.matches(request)){
return true;
}
}
return false;
}
Example 7
| Source File: ApiRequestMatchingFilter.java From youkefu with Apache License 2.0 | 4 votes |
|
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
String method = request.getMethod() ;
if(!StringUtils.isBlank(method) && method.equalsIgnoreCase("options")){
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with,accept,authorization,content-type");
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setStatus(HttpStatus.ACCEPTED.value());
}else{
boolean matchAnyRoles = false ;
for(RequestMatcher anyRequest : ignoredRequests ){
if(anyRequest.matches(request)){
matchAnyRoles = true ;
}
}
if(matchAnyRoles){
String authorization = request.getHeader("authorization") ;
if(StringUtils.isBlank(authorization)){
authorization = request.getParameter("authorization") ;
}
Object data = null ;
if(!StringUtils.isBlank(authorization)){
data = CacheHelper.getApiUserCacheBean().getCacheObject(authorization, UKDataContext.SYSTEM_ORGI) ;
if(data != null && !StringUtils.isBlank(request.getParameter("userid")) && data instanceof User) {
User user = (User)data ;
if(StringUtils.isBlank(user.getId()) || !user.getId().equals(request.getParameter("userid"))) {
authorization = null ;
}
}
}
if(!StringUtils.isBlank(authorization)){
chain.doFilter(req,resp);
}else{
response.sendRedirect("/tokens/error");
}
}else{
chain.doFilter(req,resp);
}
}
}
