Examples with UnauthorizedException - com.jeesuite.common.exception.UnauthorizedException

Example 1 with UnauthorizedException

use of com.jeesuite.common.exception.UnauthorizedException in project jeesuite-libs by vakinge.

the class SecurityDelegatingFilter method doFilter.

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    // 忽略静态资源
    if (request.getRequestURI().contains(DOT) && (apiUriSuffix == null || !request.getRequestURI().endsWith(apiUriSuffix))) {
        chain.doFilter(req, res);
        return;
    }
    if (request.getMethod().equals(HttpMethod.OPTIONS.name())) {
        chain.doFilter(req, res);
        return;
    }
    if (additionHandler != null) {
        additionHandler.beforeAuthorization(request, response);
    }
    CurrentRuntimeContext.init(request, response);
    UserSession userSession = null;
    try {
        userSession = SecurityDelegating.doAuthorization();
    } catch (UnauthorizedException e) {
        if (WebUtils.isAjax(request)) {
            WebUtils.responseOutJson(response, MSG_401_UNAUTHORIZED);
        } else {
            if (SecurityDelegating.getConfigurerProvider().error401Page() == null) {
                response.setStatus(401);
                WebUtils.responseOutHtml(response, "401 Unauthorized");
            } else {
                String loginPage = WebUtils.getBaseUrl(request) + SecurityDelegating.getConfigurerProvider().error401Page();
                response.sendRedirect(loginPage);
            }
        }
        return;
    } catch (ForbiddenAccessException e) {
        if (WebUtils.isAjax(request)) {
            WebUtils.responseOutJson(response, MSG_403_FORBIDDEN);
        } else {
            if (SecurityDelegating.getConfigurerProvider().error403Page() == null) {
                response.setStatus(403);
                WebUtils.responseOutHtml(response, "403 Forbidden");
            } else {
                String loginPage = WebUtils.getBaseUrl(request) + SecurityDelegating.getConfigurerProvider().error403Page();
                response.sendRedirect(loginPage);
            }
        }
        return;
    }
    // 
    if (additionHandler != null) {
        additionHandler.afterAuthorization(userSession);
    }
    chain.doFilter(req, res);
}

Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) UserSession(com.jeesuite.security.model.UserSession) UnauthorizedException(com.jeesuite.common.exception.UnauthorizedException) HttpServletResponse(javax.servlet.http.HttpServletResponse) ForbiddenAccessException(com.jeesuite.common.exception.ForbiddenAccessException)

Example 2 with UnauthorizedException

use of com.jeesuite.common.exception.UnauthorizedException in project jeesuite-libs by vakinge.

the class SecurityDelegating method doAuthorization.

/**
 * 鉴权
 * @param userId
 * @param uri
 */
public static UserSession doAuthorization() throws UnauthorizedException, ForbiddenAccessException {
    UserSession session = getCurrentSession();
    String uri = CurrentRuntimeContext.getRequest().getRequestURI();
    boolean isAdmin = session != null && session.getUser() != null && session.getUser().isAdmin();
    if (!isAdmin && !getInstance().resourceManager.isAnonymous(uri)) {
        if (session == null || session.isAnonymous()) {
            throw new UnauthorizedException();
        }
        String permissionKey = ApiPermssionCheckHelper.buildPermissionKey(CurrentRuntimeContext.getRequest().getMethod(), uri);
        PermissionLevel permissionLevel = ApiPermssionCheckHelper.matchPermissionLevel(getInstance().resourceManager, permissionKey);
        // 如果需鉴权
        if (permissionLevel == PermissionLevel.PermissionRequired) {
            List<String> permissions = getInstance().resourceManager.getUserPermissions(session);
            if (!ApiPermssionCheckHelper.checkPermissions(getInstance().resourceManager, permissionKey, permissions)) {
                throw new ForbiddenAccessException();
            }
        }
    }
    // 
    if (session != null) {
        CurrentRuntimeContext.setAuthUser(session.getUser());
        if (StringUtils.isNotBlank(session.getTenantId())) {
            CurrentRuntimeContext.setTenantId(session.getTenantId());
        }
        // 续租
        if (session.getExpiredAt() - System.currentTimeMillis() < SESSION_RNEWAL_BEFORE_MILLS) {
            getInstance().sessionManager.storageLoginSession(session);
        }
    }
    return session;
}

Also used : UserSession(com.jeesuite.security.model.UserSession) UnauthorizedException(com.jeesuite.common.exception.UnauthorizedException) PermissionLevel(com.jeesuite.common.constants.PermissionLevel) ForbiddenAccessException(com.jeesuite.common.exception.ForbiddenAccessException)

Aggregations

ForbiddenAccessException (com.jeesuite.common.exception.ForbiddenAccessException)2 UnauthorizedException (com.jeesuite.common.exception.UnauthorizedException)2 UserSession (com.jeesuite.security.model.UserSession)2 PermissionLevel (com.jeesuite.common.constants.PermissionLevel)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1