Examples with ForbiddenAccessException com.jeesuite.common.exception.ForbiddenAccessException used on opensource projects

Example 1 with ForbiddenAccessException

use of com.jeesuite.common.exception.ForbiddenAccessException in project jeesuite-libs by vakinge.

the class SecurityDelegatingFilter method doFilter.

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    // 忽略静态资源
    if (request.getRequestURI().contains(DOT) && (apiUriSuffix == null || !request.getRequestURI().endsWith(apiUriSuffix))) {
        chain.doFilter(req, res);
        return;
    }
    if (request.getMethod().equals(HttpMethod.OPTIONS.name())) {
        chain.doFilter(req, res);
        return;
    }
    if (additionHandler != null) {
        additionHandler.beforeAuthorization(request, response);
    }
    CurrentRuntimeContext.init(request, response);
    UserSession userSession = null;
    try {
        userSession = SecurityDelegating.doAuthorization();
    } catch (UnauthorizedException e) {
        if (WebUtils.isAjax(request)) {
            WebUtils.responseOutJson(response, MSG_401_UNAUTHORIZED);
        } else {
            if (SecurityDelegating.getConfigurerProvider().error401Page() == null) {
                response.setStatus(401);
                WebUtils.responseOutHtml(response, "401 Unauthorized");
            } else {
                String loginPage = WebUtils.getBaseUrl(request) + SecurityDelegating.getConfigurerProvider().error401Page();
                response.sendRedirect(loginPage);
            }
        }
        return;
    } catch (ForbiddenAccessException e) {
        if (WebUtils.isAjax(request)) {
            WebUtils.responseOutJson(response, MSG_403_FORBIDDEN);
        } else {
            if (SecurityDelegating.getConfigurerProvider().error403Page() == null) {
                response.setStatus(403);
                WebUtils.responseOutHtml(response, "403 Forbidden");
            } else {
                String loginPage = WebUtils.getBaseUrl(request) + SecurityDelegating.getConfigurerProvider().error403Page();
                response.sendRedirect(loginPage);
            }
        }
        return;
    }
    // 
    if (additionHandler != null) {
        additionHandler.afterAuthorization(userSession);
    }
    chain.doFilter(req, res);
}

Example 2 with ForbiddenAccessException

use of com.jeesuite.common.exception.ForbiddenAccessException in project jeesuite-libs by vakinge.

the class SecurityDelegating method doAuthorization.

/**
 * 鉴权
 * @param userId
 * @param uri
 */
public static UserSession doAuthorization() throws UnauthorizedException, ForbiddenAccessException {
    UserSession session = getCurrentSession();
    String uri = CurrentRuntimeContext.getRequest().getRequestURI();
    boolean isAdmin = session != null && session.getUser() != null && session.getUser().isAdmin();
    if (!isAdmin && !getInstance().resourceManager.isAnonymous(uri)) {
        if (session == null || session.isAnonymous()) {
            throw new UnauthorizedException();
        }
        String permissionKey = ApiPermssionCheckHelper.buildPermissionKey(CurrentRuntimeContext.getRequest().getMethod(), uri);
        PermissionLevel permissionLevel = ApiPermssionCheckHelper.matchPermissionLevel(getInstance().resourceManager, permissionKey);
        // 如果需鉴权
        if (permissionLevel == PermissionLevel.PermissionRequired) {
            List<String> permissions = getInstance().resourceManager.getUserPermissions(session);
            if (!ApiPermssionCheckHelper.checkPermissions(getInstance().resourceManager, permissionKey, permissions)) {
                throw new ForbiddenAccessException();
            }
        }
    }
    // 
    if (session != null) {
        CurrentRuntimeContext.setAuthUser(session.getUser());
        if (StringUtils.isNotBlank(session.getTenantId())) {
            CurrentRuntimeContext.setTenantId(session.getTenantId());
        }
        // 续租
        if (session.getExpiredAt() - System.currentTimeMillis() < SESSION_RNEWAL_BEFORE_MILLS) {
            getInstance().sessionManager.storageLoginSession(session);
        }
    }
    return session;
}

Example 3 with ForbiddenAccessException

use of com.jeesuite.common.exception.ForbiddenAccessException in project jeesuite-libs by vakinge.

the class GlobalDefaultInterceptor method preHandle.

@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
    if (!integratedGatewayDeploy) {
        CurrentRuntimeContext.init(request, response);
        // 
        if (invokeTokenCheckEnabled) {
            String uri = request.getRequestURI();
            if (!invoketokenCheckIgnoreUriMather.match(uri)) {
                String authCode = request.getHeader(CustomRequestHeaders.HEADER_INVOKE_TOKEN);
                TokenGenerator.validate(authCode, true);
            }
        }
    }
    if (handler instanceof HandlerMethod) {
        HandlerMethod method = (HandlerMethod) handler;
        ApiMetadata config = method.getMethod().getAnnotation(ApiMetadata.class);
        if (config != null) {
            if (!isLocalEnv && config.IntranetAccessOnly() && !WebUtils.isInternalRequest(request)) {
                response.setStatus(403);
                throw new ForbiddenAccessException();
            }
            // @ResponseBody and ResponseEntity的接口在postHandle addHeader不生效，因为会经过HttpMessageConverter
            if (config.responseKeep()) {
                response.addHeader(CustomRequestHeaders.HEADER_RESP_KEEP, Boolean.TRUE.toString());
            }
        }
        // 行为日志
        if (requestLogEnabled) {
            boolean logging = config == null ? true : config.actionLog();
            ;
            if (logging) {
                logging = !requestLogGetIngore || !request.getMethod().equals(RequestMethod.GET.name());
            }
            if (logging) {
                ActionLogCollector.onRequestStart(request).apiMeta(config);
            }
        }
    }
    return true;
}