本地新币代码
blame | history | raw
zj
2024-06-03 3603ecb207f7e712c635f19531e05fac4d19e53f 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

package security.filter;


 


import java.io.IOException;


import java.util.ArrayList;


import java.util.List;


 


import javax.servlet.Filter;


import javax.servlet.FilterChain;


import javax.servlet.FilterConfig;


import javax.servlet.ServletException;


import javax.servlet.ServletRequest;


import javax.servlet.ServletResponse;


import javax.servlet.http.HttpServletRequest;


import javax.servlet.http.HttpServletResponse;


import javax.servlet.http.HttpSession;


 


import org.springframework.web.context.ContextLoader;


import org.springframework.web.context.WebApplicationContext;


 


import security.SecurityContext;


import security.internal.SecurityAuthoritiesHolder;


import security.internal.SecurityResourceProcessor;


import security.util.AuthenticationUtil;


 


/**


 * 登录接口过滤器


 *


 */


public class UrlResourceFilterInvocation implements Filter {


    /**


     * url 白名单


     */


    private List<String> urls = new ArrayList<String>();


 


    private SecurityAuthoritiesHolder securityAuthoritiesHolder;


 


    private SecurityResourceProcessor securityResourceProcessor;


 


    private String redirectUrl = "../login.jsp";


 


    @Override


    public void init(FilterConfig arg0) throws ServletException {


        urls.add("/public/**");// 登录时


 


        WebApplicationContext webApplicationContext = ContextLoader.getCurrentWebApplicationContext();


        securityAuthoritiesHolder = (SecurityAuthoritiesHolder) webApplicationContext


                .getBean("securityAuthoritiesHolder");


 


        securityResourceProcessor = (SecurityResourceProcessor) webApplicationContext


                .getBean("securityResourceProcessor");


    }


 


    @Override


    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)


            throws IOException, ServletException {


 


        HttpServletRequest httpServletRequest = (HttpServletRequest) request;


 


        HttpServletResponse httpServleResponse = (HttpServletResponse) response;


 


        String servletPath = httpServletRequest.getServletPath();


 


        if (!".action".equals(servletPath.substring(servletPath.length() - 7))) {// 白名单直接过滤,非action请求直接过滤


            filterChain.doFilter(request, response);


            return;


        }


 


        for (int i = 0; i < urls.size(); i++) {


            if (AuthenticationUtil.isUrlMatch(urls.get(i), servletPath)) {


                filterChain.doFilter(request, response);


                return;


            }


        }


 


        HttpSession session = httpServletRequest.getSession();


        Object contextFromSessionObject = session.getAttribute("SPRING_SECURITY_CONTEXT");


 


        if (contextFromSessionObject == null) {


            httpServleResponse.sendRedirect(httpServleResponse.encodeRedirectURL(redirectUrl));


            return;


        }


 


        if (!(contextFromSessionObject instanceof SecurityContext)) {


            httpServleResponse.sendRedirect(httpServleResponse.encodeRedirectURL(redirectUrl));


            return;


        }


 


        SecurityContext securityContext = (SecurityContext) contextFromSessionObject;


        if (securityResourceProcessor.isUrlAccessible(servletPath, securityContext.getRoles())) {


            filterChain.doFilter(request, response);


        }


 


    }


 


    @Override


    public void destroy() {


 


    }


}