org.springframework.security.access.intercept.InterceptorStatusToken Java Examples

The following examples show how to use org.springframework.security.access.intercept.InterceptorStatusToken. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ResourceSecurityFilter.java    From zxl with Apache License 2.0 6 votes vote down vote up
public void invoke(FilterInvocation fi) throws IOException,
		ServletException {
	if ((fi.getRequest() != null) && (fi.getRequest().getAttribute(FILTER_APPLIED) != null) && observeOncePerRequest) {
		fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
	} else {
		if (fi.getRequest() != null) {
			fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
		}
		InterceptorStatusToken token = super.beforeInvocation(fi);
		try {
			fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
		} finally {
			super.finallyInvocation(token);
		}
		super.afterInvocation(token, null);
	}
}
 
Example #2
Source File: AuthorizationCheckingServerInterceptor.java    From grpc-spring-boot-starter with MIT License 6 votes vote down vote up
@SuppressWarnings("unchecked")
@Override
public <ReqT, RespT> Listener<ReqT> interceptCall(final ServerCall<ReqT, RespT> call, final Metadata headers,
        final ServerCallHandler<ReqT, RespT> next) {
    final MethodDescriptor<ReqT, RespT> methodDescriptor = call.getMethodDescriptor();
    final InterceptorStatusToken token;
    try {
        token = beforeInvocation(methodDescriptor);
    } catch (final AuthenticationException | AccessDeniedException e) {
        log.debug("Access denied");
        throw e;
    }
    log.debug("Access granted");
    final Listener<ReqT> result;
    try {
        result = next.startCall(call, headers);
    } finally {
        finallyInvocation(token);
    }
    // TODO: Call that here or in onHalfClose?
    return (Listener<ReqT>) afterInvocation(token, result);
}
 
Example #3
Source File: DynamicSecurityFilter.java    From mall-swarm with Apache License 2.0 6 votes vote down vote up
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) servletRequest;
    FilterInvocation fi = new FilterInvocation(servletRequest, servletResponse, filterChain);
    //OPTIONS请求直接放行
    if(request.getMethod().equals(HttpMethod.OPTIONS.toString())){
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
        return;
    }
    //白名单请求直接放行
    PathMatcher pathMatcher = new AntPathMatcher();
    for (String path : ignoreUrlsConfig.getUrls()) {
        if(pathMatcher.match(path,request.getRequestURI())){
            fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
            return;
        }
    }
    //此处会调用AccessDecisionManager中的decide方法进行鉴权操作
    InterceptorStatusToken token = super.beforeInvocation(fi);
    try {
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
    } finally {
        super.afterInvocation(token, null);
    }
}
 
Example #4
Source File: CustomSecurityFilter.java    From microservice-integration with MIT License 6 votes vote down vote up
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    logger.info("doFilter in Security ");

    FilterInvocation fi = new FilterInvocation(servletRequest, servletResponse, filterChain);
    //beforeInvocation会调用SecureResourceDataSource中的逻辑
    InterceptorStatusToken token = super.beforeInvocation(fi);
    try {
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());

        //执行下一个拦截器
    } finally {

        logger.info("through filter");
        super.afterInvocation(token, null);
        //throw new AccessDeniedException("no right");

    }

}
 
Example #5
Source File: DynamicSecurityFilter.java    From mall with Apache License 2.0 6 votes vote down vote up
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) servletRequest;
    FilterInvocation fi = new FilterInvocation(servletRequest, servletResponse, filterChain);
    //OPTIONS请求直接放行
    if(request.getMethod().equals(HttpMethod.OPTIONS.toString())){
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
        return;
    }
    //白名单请求直接放行
    PathMatcher pathMatcher = new AntPathMatcher();
    for (String path : ignoreUrlsConfig.getUrls()) {
        if(pathMatcher.match(path,request.getRequestURI())){
            fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
            return;
        }
    }
    //此处会调用AccessDecisionManager中的decide方法进行鉴权操作
    InterceptorStatusToken token = super.beforeInvocation(fi);
    try {
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
    } finally {
        super.afterInvocation(token, null);
    }
}
 
Example #6
Source File: CustomSecurityFilter.java    From Auth-service with MIT License 6 votes vote down vote up
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    logger.info("doFilter in Security ");

    FilterInvocation fi = new FilterInvocation(servletRequest, servletResponse, filterChain);
    //beforeInvocation会调用SecureResourceDataSource中的逻辑
    InterceptorStatusToken token = super.beforeInvocation(fi);
    try {
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());

        //执行下一个拦截器
    } finally {

        logger.info("through filter");
        super.afterInvocation(token, null);
        //throw new AccessDeniedException("no right");

    }

}
 
Example #7
Source File: AuthorizationCheckingServerInterceptor.java    From grpc-spring-boot-starter with MIT License 6 votes vote down vote up
@SuppressWarnings("unchecked")
@Override
public <ReqT, RespT> Listener<ReqT> interceptCall(final ServerCall<ReqT, RespT> call, final Metadata headers,
        final ServerCallHandler<ReqT, RespT> next) {
    final MethodDescriptor<ReqT, RespT> methodDescriptor = call.getMethodDescriptor();
    final InterceptorStatusToken token;
    try {
        token = beforeInvocation(methodDescriptor);
    } catch (final AuthenticationException | AccessDeniedException e) {
        log.debug("Access denied");
        throw e;
    }
    log.debug("Access granted");
    final Listener<ReqT> result;
    try {
        result = next.startCall(call, headers);
    } finally {
        finallyInvocation(token);
    }
    // TODO: Call that here or in onHalfClose?
    return (Listener<ReqT>) afterInvocation(token, result);
}
 
Example #8
Source File: CustomFilterSecurityInterceptor.java    From spring-security with Apache License 2.0 5 votes vote down vote up
public void invoke(FilterInvocation fi) throws IOException, ServletException {
    //fi里面有一个被拦截的url
    //里面调用CustomFilterInvocationSecurityMetadataSource的getAttributes(Object object)这个方法判断该请求是否需要进行角色判断
    //也就是CustomAccessDecisionManager类的decide方法
    InterceptorStatusToken token = super.beforeInvocation(fi);
    try {
        //执行下一个拦截器
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
    } finally {
        super.afterInvocation(token, null);
    }
}
 
Example #9
Source File: MyFilterSecurityInterceptor.java    From maintain with MIT License 5 votes vote down vote up
public void invoke(FilterInvocation fi) throws IOException, ServletException {
	// fi里面有一个被拦截的url
	// 里面调用MyInvocationSecurityMetadataSource的getAttributes(Object
	// object)这个方法获取fi对应的所有权限
	// 再调用MyAccessDecisionManager的decide方法来校验用户的权限是否足够
	InterceptorStatusToken token = super.beforeInvocation(fi);
	try {
		// 执行下一个拦截器
		fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
	} finally {
		super.afterInvocation(token, null);
	}
}
 
Example #10
Source File: XWorkSecurityInterceptor.java    From dhis2-core with BSD 3-Clause "New" or "Revised" License 5 votes vote down vote up
@Override
public String intercept( ActionInvocation invocation )
    throws Exception
{
    ActionConfig actionConfig = invocation.getProxy().getConfig();
    definitionSourceTag.set( requiredAuthoritiesProvider.createSecurityMetadataSource( actionConfig ) );

    InterceptorStatusToken token = beforeInvocation( actionConfig );

    addActionAccessResolver( invocation );

    Object result = null;
    try
    {
        result = invocation.invoke();
    }
    finally
    {
        result = afterInvocation( token, result );

        definitionSourceTag.remove();
    }

    if ( result != null )
    {
        return result.toString();
    }

    return null;
}
 
Example #11
Source File: FilterSecurityInterceptor.java    From bdf3 with Apache License 2.0 5 votes vote down vote up
public void invoke(FilterInvocation fi) throws IOException, ServletException {
	Authentication auth = SecurityContextHolder.getContext().getAuthentication();
	if ((fi.getRequest() != null)
			&& (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
			&& observeOncePerRequest
			|| (auth.isAuthenticated() && auth.getPrincipal() instanceof String && "anonymousUser".equals(auth.getPrincipal()))) {
		// filter already applied to this request and user wants us to observe
		// once-per-request handling, so don't re-do security checking
		fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
	}
	else {
		// first time this request being called, so perform security checking
		if (fi.getRequest() != null) {
			fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
		}

		InterceptorStatusToken token = super.beforeInvocation(fi);

		try {
			fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
		}
		finally {
			super.finallyInvocation(token);
		}

		super.afterInvocation(token, null);
	}
}
 
Example #12
Source File: MyFilterSecurityInterceptor.java    From itweet-boot with Apache License 2.0 5 votes vote down vote up
public void invoke(FilterInvocation fi) throws IOException, ServletException {
    //fi里面有一个被拦截的url
    //里面调用MyInvocationSecurityMetadataSource的getAttributes(Object object)这个方法获取fi对应的所有权限
    //再调用MyAccessDecisionManager的decide方法来校验用户的权限是否足够
    InterceptorStatusToken token = super.beforeInvocation(fi);
    try {
        //执行下一个拦截器
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
    } finally {
        super.afterInvocation(token, null);
    }
}
 
Example #13
Source File: MyFilterSecurityInterceptor.java    From springboot-security-wechat with Apache License 2.0 5 votes vote down vote up
public void invoke(FilterInvocation fi) throws IOException, ServletException {
    //fi里面有一个被拦截的url
    //里面调用MyInvocationSecurityMetadataSource的getAttributes(Object object)这个方法获取fi对应的所有权限
    //再调用MyAccessDecisionManager的decide方法来校验用户的权限是否足够
    InterceptorStatusToken token = super.beforeInvocation(fi);
    try {
    //执行下一个拦截器
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
    } finally {
        super.afterInvocation(token, null);
    }
}
 
Example #14
Source File: MyFilterSecurityInterceptor.java    From demo-project with MIT License 5 votes vote down vote up
public void invoke(FilterInvocation fi) throws IOException, ServletException {
    InterceptorStatusToken token = super.beforeInvocation(fi);
    try {
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
    } finally {
        super.afterInvocation(token, null);
    }
}
 
Example #15
Source File: SecurityFilter.java    From BlogManagePlatform with Apache License 2.0 5 votes vote down vote up
/**
 * 自定义权限拦截
 * @author Frodez
 * @date 2018-12-21
 */
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
	// fi里面有一个被拦截的url
	// 里面调用SecuritySource的getAttributes(Object object)这个方法获取fi对应的所有权限
	// 再调用AuthorityManager的decide方法来校验用户的权限是否足够
	FilterInvocation invocation = new FilterInvocation(request, response, chain);
	InterceptorStatusToken token = super.beforeInvocation(invocation);
	try {
		// 执行下一个拦截器
		invocation.getChain().doFilter(invocation.getRequest(), invocation.getResponse());
	} finally {
		super.afterInvocation(token, null);
	}
}
 
Example #16
Source File: CustomFilterSecurityInterceptor.java    From bbs with GNU Affero General Public License v3.0 5 votes vote down vote up
public void invoke( FilterInvocation fi ) throws IOException, ServletException{
	InterceptorStatusToken  token = super.beforeInvocation(fi);
	try{
		fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
	}finally{
		super.afterInvocation(token, null);
	}
	
}
 
Example #17
Source File: DynamicallyUrlInterceptor.java    From base-admin with MIT License 5 votes vote down vote up
public void invoke(FilterInvocation fi) throws IOException, ServletException {

        if ((fi.getRequest() != null)
                && (fi.getRequest().getAttribute(FILTER_APPLIED) != null)
                && observeOncePerRequest) {
            // filter already applied to this request and user wants us to observe
            // once-per-request handling, so don't re-do security checking
            fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
        }
        else {
            // first time this request being called, so perform security checking
            if (fi.getRequest() != null) {
                fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
            }

            InterceptorStatusToken token = super.beforeInvocation(fi);

            try {
                fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
            }
            finally {
                super.finallyInvocation(token);
            }

            super.afterInvocation(token, null);
        }
    }
 
Example #18
Source File: CustomFilterSecurityInterceptor.java    From spring-security with Apache License 2.0 5 votes vote down vote up
public void invoke(FilterInvocation fi) throws IOException, ServletException {
    //fi里面有一个被拦截的url
    //里面调用CustomFilterInvocationSecurityMetadataSource的getAttributes(Object object)这个方法判断该请求是否需要进行角色判断
    //也就是CustomAccessDecisionManager类的decide方法
    InterceptorStatusToken token = super.beforeInvocation(fi);
    try {
        //执行下一个拦截器
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
    } finally {
        super.afterInvocation(token, null);
    }
}
 
Example #19
Source File: CustomFilterSecurityInterceptor.java    From spring-security with Apache License 2.0 5 votes vote down vote up
public void invoke(FilterInvocation fi) throws IOException, ServletException {
    //fi里面有一个被拦截的url
    //里面调用CustomFilterInvocationSecurityMetadataSource的getAttributes(Object object)这个方法判断该请求是否需要进行角色判断
    //也就是CustomAccessDecisionManager类的decide方法
    InterceptorStatusToken token = super.beforeInvocation(fi);
    try {
        //执行下一个拦截器
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
    } finally {
        super.afterInvocation(token, null);
    }
}
 
Example #20
Source File: CustomFilterSecurityInterceptor.java    From spring-security with Apache License 2.0 5 votes vote down vote up
public void invoke(FilterInvocation fi) throws IOException, ServletException {
    //fi里面有一个被拦截的url
    //里面调用CustomFilterInvocationSecurityMetadataSource的getAttributes(Object object)这个方法判断该请求是否需要进行角色判断
    //也就是CustomAccessDecisionManager类的decide方法
    InterceptorStatusToken token = super.beforeInvocation(fi);
    try {
        //执行下一个拦截器
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
    } finally {
        super.afterInvocation(token, null);
    }
}
 
Example #21
Source File: MyFilterSecurityInterceptor.java    From spring-boot-demo with MIT License 5 votes vote down vote up
public void invoke(FilterInvocation fi) throws IOException, ServletException {

        InterceptorStatusToken token = super.beforeInvocation(fi);
        try {
            //执行下一个拦截器
            fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
        } finally {
            super.afterInvocation(token, null);
        }
    }
 
Example #22
Source File: SecurityFilter.java    From hermes with Apache License 2.0 4 votes vote down vote up
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
	InterceptorStatusToken token = beforeInvocation(req);
	chain.doFilter(req, resp);
	afterInvocation(token, null);
}