Example usage for org.springframework.security.web.servletapi SecurityContextHolderAwareRequestWrapper getPathInfo

List of usage examples for org.springframework.security.web.servletapi SecurityContextHolderAwareRequestWrapper getPathInfo

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.web.servletapi.*
  5. SecurityContextHolderAwareRequestWrapper
  6. getPathInfo

Introduction

In this page you can find the example usage for org.springframework.security.web.servletapi SecurityContextHolderAwareRequestWrapper getPathInfo.

Prototype

@Override
public String getPathInfo()

Source Link

Document

The default behavior of this method is to return getPathInfo() on the wrapped request object.

Usage

From source file:org.apache.syncope.core.misc.security.MustChangePasswordFilter.java

@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
        throws IOException, ServletException {

    if (request instanceof SecurityContextHolderAwareRequestWrapper) {
        boolean isMustChangePassword = IterableUtils.matchesAny(
                SecurityContextHolder.getContext().getAuthentication().getAuthorities(),
                new Predicate<GrantedAuthority>() {

                    @Override//from   w  ww . j a  va  2  s .c o  m
                    public boolean evaluate(final GrantedAuthority authority) {
                        return StandardEntitlement.MUST_CHANGE_PASSWORD.equals(authority.getAuthority());
                    }
                });

        SecurityContextHolderAwareRequestWrapper wrapper = SecurityContextHolderAwareRequestWrapper.class
                .cast(request);
        if (isMustChangePassword && "GET".equalsIgnoreCase(wrapper.getMethod())
                && !ArrayUtils.contains(ALLOWED, wrapper.getPathInfo())) {

            throw new AccessDeniedException("Please change your password first");
        }
    }

    chain.doFilter(request, response);
}

From source file:org.apache.syncope.core.spring.security.MustChangePasswordFilter.java

@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
        throws IOException, ServletException {

    if (request instanceof SecurityContextHolderAwareRequestWrapper) {
        boolean isMustChangePassword = SecurityContextHolder.getContext().getAuthentication().getAuthorities()
                .stream().anyMatch(//from www . java  2  s .  co m
                        authority -> StandardEntitlement.MUST_CHANGE_PASSWORD.equals(authority.getAuthority()));

        SecurityContextHolderAwareRequestWrapper wrapper = SecurityContextHolderAwareRequestWrapper.class
                .cast(request);
        if (isMustChangePassword && "GET".equalsIgnoreCase(wrapper.getMethod())
                && !ArrayUtils.contains(ALLOWED, wrapper.getPathInfo())) {

            throw new AccessDeniedException("Please change your password first");
        }
    }

    chain.doFilter(request, response);
}