Example usage for org.springframework.security.web.servletapi SecurityContextHolderAwareRequestWrapper getMethod

List of usage examples for org.springframework.security.web.servletapi SecurityContextHolderAwareRequestWrapper getMethod

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.web.servletapi.*
  5. SecurityContextHolderAwareRequestWrapper
  6. getMethod

Introduction

In this page you can find the example usage for org.springframework.security.web.servletapi SecurityContextHolderAwareRequestWrapper getMethod.

Prototype

@Override
public String getMethod()

Source Link

Document

The default behavior of this method is to return getMethod() on the wrapped request object.

Usage

From source file:org.apache.syncope.core.misc.security.MustChangePasswordFilter.java

@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
        throws IOException, ServletException {

    if (request instanceof SecurityContextHolderAwareRequestWrapper) {
        boolean isMustChangePassword = IterableUtils.matchesAny(
                SecurityContextHolder.getContext().getAuthentication().getAuthorities(),
                new Predicate<GrantedAuthority>() {

                    @Override//from www  .  ja  va 2  s.  c o  m
                    public boolean evaluate(final GrantedAuthority authority) {
                        return StandardEntitlement.MUST_CHANGE_PASSWORD.equals(authority.getAuthority());
                    }
                });

        SecurityContextHolderAwareRequestWrapper wrapper = SecurityContextHolderAwareRequestWrapper.class
                .cast(request);
        if (isMustChangePassword && "GET".equalsIgnoreCase(wrapper.getMethod())
                && !ArrayUtils.contains(ALLOWED, wrapper.getPathInfo())) {

            throw new AccessDeniedException("Please change your password first");
        }
    }

    chain.doFilter(request, response);
}

From source file:org.apache.syncope.core.spring.security.MustChangePasswordFilter.java

@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
        throws IOException, ServletException {

    if (request instanceof SecurityContextHolderAwareRequestWrapper) {
        boolean isMustChangePassword = SecurityContextHolder.getContext().getAuthentication().getAuthorities()
                .stream().anyMatch(//from ww w .  ja  v  a 2s  .  co  m
                        authority -> StandardEntitlement.MUST_CHANGE_PASSWORD.equals(authority.getAuthority()));

        SecurityContextHolderAwareRequestWrapper wrapper = SecurityContextHolderAwareRequestWrapper.class
                .cast(request);
        if (isMustChangePassword && "GET".equalsIgnoreCase(wrapper.getMethod())
                && !ArrayUtils.contains(ALLOWED, wrapper.getPathInfo())) {

            throw new AccessDeniedException("Please change your password first");
        }
    }

    chain.doFilter(request, response);
}