List of usage examples for org.springframework.security.web FilterInvocation FilterInvocation
public FilterInvocation(String contextPath, String servletPath, String method)
From source file:org.mitre.openid.connect.web.SAMLEntryPoint.java
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { FilterInvocation fi = new FilterInvocation(request, response, chain); if (processFilter(fi.getRequest())) { logger.debug("une requte EIDAS=" + fi.getRequestUrl()); }/*from w ww . j a v a 2 s. com*/ chain.doFilter(request, response); }
From source file:eu.eidas.sp.metadata.MetadataDisplayFilter.java
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { FilterInvocation fi = new FilterInvocation(request, response, chain); processMetadataDisplay(fi.getHttpRequest(), fi.getHttpResponse()); }
From source file:com.gcrm.security.SecurityFilter.java
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { FilterInvocation fi = new FilterInvocation(request, response, chain); invoke(fi);/* w ww . j a v a 2 s. c o m*/ }
From source file:com.jeanchampemont.notedown.utils.SecurityInterceptor.java
@Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { if (modelAndView != null) { FilterInvocation filterInvocation = new FilterInvocation(request, response, new FilterChain() { public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { throw new UnsupportedOperationException(); }/*from w ww .ja v a 2 s. com*/ }); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication != null) { WebSecurityExpressionRoot sec = new WebSecurityExpressionRoot(authentication, filterInvocation); sec.setTrustResolver(new AuthenticationTrustResolverImpl()); modelAndView.getModel().put("sec", sec); } } }
From source file:com.github.carlomicieli.nerdmovies.config.ImplicitObjectsInterceptor.java
@Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { if (modelAndView != null && !modelAndView.getViewName().startsWith("redirect:")) { FilterInvocation filterInvocation = new FilterInvocation(request, response, new FilterChain() { public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { throw new UnsupportedOperationException(); }/*from w ww .j a va 2s . c o m*/ }); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); WebSecurityExpressionRoot sec = new WebSecurityExpressionRoot(authentication, filterInvocation); sec.setTrustResolver(new AuthenticationTrustResolverImpl()); modelAndView.getModel().put("sec", sec); } }
From source file:br.com.suricattus.surispring.spring.security.util.SecurityUtil.java
/** * Method that checks if the user has the given access expression. * //from w ww .ja v a2 s . com * @see Spring Security Expression-Based Access Control * @param access * @return */ @SuppressWarnings({ "rawtypes", "unchecked" }) public static boolean isAuthorized(String access) { Map<String, SecurityExpressionHandler> expressionHandlres = ApplicationContextUtil.getContext() .getBeansOfType(SecurityExpressionHandler.class); SecurityExpressionHandler handler = (SecurityExpressionHandler) expressionHandlres.values().toArray()[0]; Expression accessExpression = handler.getExpressionParser().parseExpression(access); FilterInvocation f = new FilterInvocation(FacesUtils.getRequest(), FacesUtils.getResponse(), new FilterChain() { public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { throw new UnsupportedOperationException(); } }); return ExpressionUtils.evaluateAsBoolean(accessExpression, handler.createEvaluationContext(SecurityContextHolder.getContext().getAuthentication(), f)); }
From source file:cn.net.withub.demo.bootsec.hello.security.CustomSecurityFilter.java
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { FilterInvocation fi = new FilterInvocation(request, response, chain); invoke(fi);//from w w w . j a v a 2 s . co m }
From source file:it.scoppelletti.programmerpower.web.view.AuthorizeComponent.java
/** * Emette l’apertura del tag e verifica se deve essere emesso il * contenuto del tag stesso./*ww w. java 2 s . c o m*/ * * @param writer Flusso di scrittura. * @return Esito della verifica. */ @Override public boolean start(Writer writer) { Authentication currentUser; FilterInvocation filter; Expression accessExpr; DefaultWebSecurityExpressionHandler exprHandler; if (Strings.isNullOrEmpty(myAccess)) { throw new PropertyNotSetException(toString(), "access"); } currentUser = SecurityContextHolder.getContext().getAuthentication(); if (currentUser == null) { throw new ObjectNotFoundException(Authentication.class.getName()); } exprHandler = getExpressionHandler(); accessExpr = exprHandler.getExpressionParser().parseExpression(myAccess); filter = new FilterInvocation(ServletActionContext.getRequest(), ServletActionContext.getResponse(), new AuthorizeComponent.DummyChain()); if (ExpressionUtils.evaluateAsBoolean(accessExpr, exprHandler.createEvaluationContext(currentUser, filter))) { return true; } return false; }
From source file:grails.plugin.springsecurity.web.access.GrailsWebInvocationPrivilegeEvaluator.java
protected FilterInvocation createFilterInvocation(final String contextPath, final String uri, final String method) { Assert.hasText(uri, "URI required"); return new FilterInvocation(DummyRequestCreator.createInstance(contextPath, method, contextPath + uri), DUMMY_RESPONSE, DUMMY_CHAIN); }
From source file:fragment.web.AccessDecisionTest.java
private void verifyAccess(Authentication auth, HttpMethod method, String uri, boolean valid) { request.setMethod(method.name());/*from w ww . ja v a2 s .c o m*/ request.setRequestURI(uri); FilterInvocation invocation = new FilterInvocation(request, response, DUMMY_CHAIN); Collection<ConfigAttribute> attrs = interceptor.getSecurityMetadataSource().getAttributes(invocation); try { manager.decide(auth, invocation, attrs); if (!valid) { Assert.fail("Access granted for " + uri + " [" + method.name() + "] for user " + auth.getName()); } } catch (AccessDeniedException ex) { if (valid) { Assert.fail("Access denied for " + uri + " [" + method.name() + "] for " + auth.getName()); } } catch (InsufficientAuthenticationException ex) { Assert.fail( "Insufficient authentication for " + uri + " [" + method.name() + "] for " + auth.getName()); } }