Example usage for org.springframework.security.web FilterInvocation getRequestUrl

List of usage examples for org.springframework.security.web FilterInvocation getRequestUrl

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.web.*
  5. FilterInvocation
  6. getRequestUrl

Introduction

In this page you can find the example usage for org.springframework.security.web FilterInvocation getRequestUrl.

Prototype

public String getRequestUrl()

Source Link

Document

Obtains the web application-specific fragment of the URL.

Usage

From source file:reconf.server.services.security.SecurityAccessDecisionManager.java

@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
        throws AccessDeniedException, InsufficientAuthenticationException {
    if (!(object instanceof FilterInvocation)) {
        return;//from  ww  w  .j a va  2 s . c  o  m
    }
    if (authentication == null) {
        return;
    }
    FilterInvocation filterInvocation = (FilterInvocation) object;

    String url = filterInvocation.getRequestUrl();
    if (url.endsWith("/")) {
        url = StringUtils.substringBeforeLast(url, "/");
    }

    AntPathMatcher antMatcher = new AntPathMatcher();
    if (antMatcher.match("/crud/product", url)) {
        if (userDetailsManager.userExists(authentication.getName())) {
            return;
        }
    }
    if (antMatcher.match("/crud/product/{product}", url)) {
        if (continueToProduct(authentication, antMatcher, "/crud/product/{product}", url)) {
            return;
        }
    }
    if (antMatcher.match("/crud/product/{product}/**", url)) {
        if (continueToProduct(authentication, antMatcher, "/crud/product/{product}/**", url)) {
            return;
        }
    }
    if (antMatcher.match("/crud/user", url)) {
        if (userDetailsManager.userExists(authentication.getName())) {
            return;
        }
    }
    if (antMatcher.match("/crud/user/**", url)) {
        if (ApplicationSecurity.isRoot(authentication)) {
            return;
        }
    }
    throw new AccessDeniedException("Forbidden");
}

From source file:org.mitre.openid.connect.web.SAMLEntryPoint.java

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException {
    FilterInvocation fi = new FilterInvocation(request, response, chain);

    if (processFilter(fi.getRequest())) {
        logger.debug("une requte EIDAS=" + fi.getRequestUrl());
    }//  w w w. j  a  v  a 2 s  .  co  m
    chain.doFilter(request, response);
}

From source file:cn.net.withub.demo.bootsec.hello.security.CustomFilterInvocationSecurityMetadataSource.java

@Override
public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
    FilterInvocation fi = (FilterInvocation) object;

    HttpServletRequest request = fi.getRequest();

    System.out.println("requestUrl is " + fi.getRequestUrl());

    if (resourceMap == null || databaseChanged) {
        loadResourceMatchAuthority();/*w  w w.  j  av a2s.  co  m*/
    }

    Collection<ConfigAttribute> attrs = new ArrayList<ConfigAttribute>();
    for (String urlPattern : resourceMap.keySet()) {
        //?
        AntPathRequestMatcher matcher = new AntPathRequestMatcher(urlPattern);
        if (matcher.matches(request)) {
            System.out.println("matched resource url patterns: " + urlPattern);
            attrs.addAll(resourceMap.get(urlPattern));
        }
    }

    return attrs;
}

From source file:com.beto.test.securityinterceptor.security.CustomFilterInvocationSecurityMetadataSource.java

@Override
public Collection<ConfigAttribute> getAttributes(Object object) {
    LOOGER.debug("CustomFilterInvocationSecurityMetadataSource.getAttributes() method called...");
    FilterInvocation fi = (FilterInvocation) object;

    String url = fi.getRequestUrl();

    String urlPropsValue = null;//from w w  w .j a va2 s . c  o  m

    if (url.contains(".jsf")) {
        int lastSlashIndex = url.lastIndexOf(".jsf");
        url = url.substring(0, lastSlashIndex);
    }

    if (!StringUtils.isEmpty(url) && (url.startsWith("/css/") || url.startsWith("/img/")
            || url.startsWith("/assets/") || url.startsWith("/js/") || url.startsWith("/resources/"))) {
        return null;
    }

    urlPropsValue = getRole(url);

    String attr = "";
    if (urlPropsValue != null) {
        attr = addAttr(urlPropsValue, attr);
    }

    if (!url.endsWith("/")) {
        int lastSlashIndex = url.lastIndexOf("/");
        url = url.substring(0, lastSlashIndex + 1);
    }

    /**
     * Dorudan url'e atanm bir role tanm yoksa dizin role
     * atamalar var m diye kontrol et
     */
    if (attr == null || attr.equals("")) {
        attr = getUrlHigherDirectoryRoles(url, attr, urlPropsValue);
    }

    LOOGER.debug("getAttributes [Tespit Edilen Roller : " + attr + "]");

    if (attr.length() == 0) {
        // throw new
        // org.springframework.security.access.AccessDeniedException("Eriim Hatas");
        return null;
    }
    return SecurityConfig.createListFromCommaDelimitedString(attr);
}

From source file:org.egov.infra.config.security.authorization.ApplicationAuthorizationMetadataSource.java

@Override
public Collection<ConfigAttribute> getAttributes(Object object) {
    FilterInvocation invocation = (FilterInvocation) object;
    String contextRoot = invocation.getHttpRequest().getContextPath().replace(SLASH, EMPTY);
    return lookupAttributes(contextRoot, invocation.getRequestUrl());
}