List of usage examples for org.springframework.security.web FilterInvocation getRequestUrl
public String getRequestUrl()
From source file:reconf.server.services.security.SecurityAccessDecisionManager.java
@Override public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException { if (!(object instanceof FilterInvocation)) { return;//from ww w .j a va 2 s . c o m } if (authentication == null) { return; } FilterInvocation filterInvocation = (FilterInvocation) object; String url = filterInvocation.getRequestUrl(); if (url.endsWith("/")) { url = StringUtils.substringBeforeLast(url, "/"); } AntPathMatcher antMatcher = new AntPathMatcher(); if (antMatcher.match("/crud/product", url)) { if (userDetailsManager.userExists(authentication.getName())) { return; } } if (antMatcher.match("/crud/product/{product}", url)) { if (continueToProduct(authentication, antMatcher, "/crud/product/{product}", url)) { return; } } if (antMatcher.match("/crud/product/{product}/**", url)) { if (continueToProduct(authentication, antMatcher, "/crud/product/{product}/**", url)) { return; } } if (antMatcher.match("/crud/user", url)) { if (userDetailsManager.userExists(authentication.getName())) { return; } } if (antMatcher.match("/crud/user/**", url)) { if (ApplicationSecurity.isRoot(authentication)) { return; } } throw new AccessDeniedException("Forbidden"); }
From source file:org.mitre.openid.connect.web.SAMLEntryPoint.java
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { FilterInvocation fi = new FilterInvocation(request, response, chain); if (processFilter(fi.getRequest())) { logger.debug("une requte EIDAS=" + fi.getRequestUrl()); }// w w w. j a v a 2 s . co m chain.doFilter(request, response); }
From source file:cn.net.withub.demo.bootsec.hello.security.CustomFilterInvocationSecurityMetadataSource.java
@Override public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException { FilterInvocation fi = (FilterInvocation) object; HttpServletRequest request = fi.getRequest(); System.out.println("requestUrl is " + fi.getRequestUrl()); if (resourceMap == null || databaseChanged) { loadResourceMatchAuthority();/*w w w. j av a2s. co m*/ } Collection<ConfigAttribute> attrs = new ArrayList<ConfigAttribute>(); for (String urlPattern : resourceMap.keySet()) { //? AntPathRequestMatcher matcher = new AntPathRequestMatcher(urlPattern); if (matcher.matches(request)) { System.out.println("matched resource url patterns: " + urlPattern); attrs.addAll(resourceMap.get(urlPattern)); } } return attrs; }
From source file:com.beto.test.securityinterceptor.security.CustomFilterInvocationSecurityMetadataSource.java
@Override public Collection<ConfigAttribute> getAttributes(Object object) { LOOGER.debug("CustomFilterInvocationSecurityMetadataSource.getAttributes() method called..."); FilterInvocation fi = (FilterInvocation) object; String url = fi.getRequestUrl(); String urlPropsValue = null;//from w w w .j a va2 s . c o m if (url.contains(".jsf")) { int lastSlashIndex = url.lastIndexOf(".jsf"); url = url.substring(0, lastSlashIndex); } if (!StringUtils.isEmpty(url) && (url.startsWith("/css/") || url.startsWith("/img/") || url.startsWith("/assets/") || url.startsWith("/js/") || url.startsWith("/resources/"))) { return null; } urlPropsValue = getRole(url); String attr = ""; if (urlPropsValue != null) { attr = addAttr(urlPropsValue, attr); } if (!url.endsWith("/")) { int lastSlashIndex = url.lastIndexOf("/"); url = url.substring(0, lastSlashIndex + 1); } /** * Dorudan url'e atanm bir role tanm yoksa dizin role * atamalar var m diye kontrol et */ if (attr == null || attr.equals("")) { attr = getUrlHigherDirectoryRoles(url, attr, urlPropsValue); } LOOGER.debug("getAttributes [Tespit Edilen Roller : " + attr + "]"); if (attr.length() == 0) { // throw new // org.springframework.security.access.AccessDeniedException("Eriim Hatas"); return null; } return SecurityConfig.createListFromCommaDelimitedString(attr); }
From source file:org.egov.infra.config.security.authorization.ApplicationAuthorizationMetadataSource.java
@Override public Collection<ConfigAttribute> getAttributes(Object object) { FilterInvocation invocation = (FilterInvocation) object; String contextRoot = invocation.getHttpRequest().getContextPath().replace(SLASH, EMPTY); return lookupAttributes(contextRoot, invocation.getRequestUrl()); }