Java tutorial
/* * To change this license header, choose License Headers in Project Properties. * To change this template file, choose Tools | Templates * and open the template in the editor. */ package cn.net.withub.demo.bootsec.hello.security; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.access.AccessDecisionManager; import org.springframework.security.access.SecurityMetadataSource; import org.springframework.security.access.intercept.AbstractSecurityInterceptor; import org.springframework.security.access.intercept.InterceptorStatusToken; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.web.FilterInvocation; /** * ? * * @author Diluka */ public class CustomSecurityFilter extends AbstractSecurityInterceptor implements Filter { @Autowired @Override public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) { super.setAccessDecisionManager(accessDecisionManager); //To change body of generated methods, choose Tools | Templates. } @Autowired @Override public void setAuthenticationManager(AuthenticationManager newManager) { super.setAuthenticationManager(newManager); //To change body of generated methods, choose Tools | Templates. } @Autowired private SecurityMetadataSource securityMetadataSource; @Override public Class<?> getSecureObjectClass() { return FilterInvocation.class; } @Override public SecurityMetadataSource obtainSecurityMetadataSource() { return this.securityMetadataSource; } @Override public void init(FilterConfig fc) throws ServletException { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { FilterInvocation fi = new FilterInvocation(request, response, chain); invoke(fi); } @Override public void destroy() { } private void invoke(FilterInvocation fi) throws IOException, ServletException { // objectFilterInvocation //1.???? //Collection<ConfigAttribute> attributes = SecurityMetadataSource.getAttributes(object); //2.??? //???UserDetails //1) UserDetails // Authentication authenticated = authenticateIfRequired(); //this.accessDecisionManager.decide(authenticated, object, attributes); //?? //2) GrantedAuthority //Collection<GrantedAuthority> authenticated.getAuthorities() System.out.println("??? "); InterceptorStatusToken token = null; token = super.beforeInvocation(fi); try { fi.getChain().doFilter(fi.getRequest(), fi.getResponse()); } finally { super.afterInvocation(token, null); } } }