Example 1 with ForbiddenAccessException
use of com.mendmix.common.exception.ForbiddenAccessException in project jeesuite-libs by vakinge.
the class GlobalDefaultInterceptor method preHandle.
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
ThreadLocalContext.unset();
Enumeration<String> headerNames = request.getHeaderNames();
String headerName;
while (headerNames.hasMoreElements()) {
headerName = headerNames.nextElement();
CurrentRuntimeContext.addContextHeader(headerName, request.getHeader(headerName));
}
//
if (AppConfigs.invokeTokenCheckEnabled) {
String uri = request.getRequestURI();
if (!invoketokenCheckIgnoreUriMather.match(uri)) {
String authCode = request.getHeader(CustomRequestHeaders.HEADER_INVOKE_TOKEN);
TokenGenerator.validate(authCode, true);
}
}
if (handler instanceof HandlerMethod) {
HandlerMethod method = (HandlerMethod) handler;
ApiMetadata config = method.getMethod().getAnnotation(ApiMetadata.class);
if (config != null) {
if (config.IntranetAccessOnly() && !WebUtils.isInternalRequest(request)) {
response.setStatus(403);
if (log.isDebugEnabled()) {
WebUtils.printRequest(request);
}
throw new ForbiddenAccessException();
}
// @ResponseBody and ResponseEntity的接口在postHandle addHeader不生效,因为会经过HttpMessageConverter
if (config.responseKeep()) {
response.addHeader(CustomRequestHeaders.HEADER_RESP_KEEP, Boolean.TRUE.toString());
}
}
}
return true;
}
Also used :
ApiMetadata(com.mendmix.common.annotation.ApiMetadata)
ForbiddenAccessException(com.mendmix.common.exception.ForbiddenAccessException)
HandlerMethod(org.springframework.web.method.HandlerMethod)
Example 2 with ForbiddenAccessException
use of com.mendmix.common.exception.ForbiddenAccessException in project jeesuite-libs by vakinge.
the class ReactiveSecurityDelegatingFilter method filter.
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
ServerHttpRequest request = exchange.getRequest();
try {
if ((matchUriPrefix != null && !request.getPath().value().startsWith(matchUriPrefix)) || (matchUriPrefixs != null && !matchUriPrefixs.stream().anyMatch(o -> request.getPath().value().startsWith(o)))) {
return chain.filter(exchange);
}
if (request.getMethod().equals(HttpMethod.OPTIONS)) {
return chain.filter(exchange);
}
exchange.getAttributes().clear();
ReactiveRequestContextAdapter.init(request);
if (customAuthnHandler != null) {
customAuthnHandler.beforeAuthentication(exchange);
}
ServerHttpResponse response = exchange.getResponse();
UserSession userSession = null;
try {
if (customAuthnHandler == null || !customAuthnHandler.customAuthentication(exchange)) {
userSession = SecurityDelegating.doAuthorization(request.getMethodValue(), request.getPath().value());
}
} catch (UnauthorizedException e) {
if (isAjax(request) || SecurityDelegating.getConfigurerProvider().error401Page() == null) {
byte[] bytes = JsonUtils.toJsonBytes(WrapperResponse.fail(e));
return response.writeWith(Mono.just(response.bufferFactory().wrap(bytes)));
} else {
response.getHeaders().setLocation(URI.create(SecurityDelegating.getConfigurerProvider().error401Page()));
return chain.filter(exchange);
}
} catch (ForbiddenAccessException e) {
if (isAjax(request) || SecurityDelegating.getConfigurerProvider().error403Page() == null) {
byte[] bytes = JsonUtils.toJsonBytes(WrapperResponse.fail(e));
return response.writeWith(Mono.just(response.bufferFactory().wrap(bytes)));
} else {
response.getHeaders().setLocation(URI.create(SecurityDelegating.getConfigurerProvider().error403Page()));
return chain.filter(exchange);
}
}
//
if (customAuthnHandler != null) {
customAuthnHandler.afterAuthentication(exchange, userSession);
}
return //
chain.filter(exchange).doFinally(s -> {
exchange.getAttributes().clear();
});
} catch (Exception e) {
logger.error("_global_filter_error", e);
ThreadLocalContext.unset();
exchange.getAttributes().clear();
byte[] bytes = JsonUtils.toJsonBytes(WrapperResponse.fail(e));
return exchange.getResponse().writeWith(Mono.just(exchange.getResponse().bufferFactory().wrap(bytes)));
}
}
Also used :
ServerHttpRequest(org.springframework.http.server.reactive.ServerHttpRequest)
UserSession(com.mendmix.security.model.UserSession)
UnauthorizedException(com.mendmix.common.exception.UnauthorizedException)
ForbiddenAccessException(com.mendmix.common.exception.ForbiddenAccessException)
ServerHttpResponse(org.springframework.http.server.reactive.ServerHttpResponse)
ForbiddenAccessException(com.mendmix.common.exception.ForbiddenAccessException)
UnauthorizedException(com.mendmix.common.exception.UnauthorizedException)
Example 3 with ForbiddenAccessException
use of com.mendmix.common.exception.ForbiddenAccessException in project jeesuite-libs by vakinge.
the class SecurityDelegating method doAuthorization.
/**
* 鉴权
* @param userId
* @param uri
*/
public static UserSession doAuthorization(String method, String uri) throws UnauthorizedException, ForbiddenAccessException {
UserSession session = getCurrentSession();
// 续租
if (session != null) {
long interval = System.currentTimeMillis() - getInstance().sessionManager.getUpdateTime(session);
if (interval > SESSION_INTERVAL_MILLS) {
getInstance().sessionManager.storageLoginSession(session);
}
}
boolean isAdmin = session != null && session.getUser() != null && session.getUser().isAdmin();
if (!isAdmin && !getInstance().resourceManager.isAnonymous(uri)) {
if (session == null || session.isAnonymous()) {
throw new UnauthorizedException();
}
if (getInstance().decisionProvider.apiAuthzEnabled()) {
String permissionKey = ApiPermssionCheckHelper.buildPermissionKey(method, uri);
PermissionLevel permissionLevel = ApiPermssionCheckHelper.matchPermissionLevel(getInstance().resourceManager, permissionKey);
// 如果需鉴权
if (permissionLevel == PermissionLevel.PermissionRequired) {
List<String> permissions = getInstance().resourceManager.getUserPermissions(session);
if (!ApiPermssionCheckHelper.checkPermissions(getInstance().resourceManager, permissionKey, permissions)) {
throw new ForbiddenAccessException();
}
}
}
}
//
if (session != null) {
CurrentRuntimeContext.setAuthUser(session.getUser());
if (StringUtils.isNotBlank(session.getTenantId())) {
CurrentRuntimeContext.setTenantId(session.getTenantId());
}
}
return session;
}
Also used :
UserSession(com.mendmix.security.model.UserSession)
UnauthorizedException(com.mendmix.common.exception.UnauthorizedException)
PermissionLevel(com.mendmix.common.constants.PermissionLevel)
ForbiddenAccessException(com.mendmix.common.exception.ForbiddenAccessException)
Example 4 with ForbiddenAccessException
use of com.mendmix.common.exception.ForbiddenAccessException in project jeesuite-libs by vakinge.
the class SecurityDelegatingFilter method doFilter.
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
// 忽略静态资源
if (request.getRequestURI().contains(DOT) && (apiUriSuffix == null || !request.getRequestURI().endsWith(apiUriSuffix))) {
chain.doFilter(req, res);
return;
}
if (request.getMethod().equals(HttpMethod.OPTIONS.name())) {
chain.doFilter(req, res);
return;
}
//
ServletRequestContextAdapter.init(request, response);
if (customAuthnHandler != null) {
customAuthnHandler.beforeAuthentication(request);
}
UserSession userSession = null;
try {
if (customAuthnHandler == null || !customAuthnHandler.customAuthentication(request)) {
userSession = SecurityDelegating.doAuthorization(request.getMethod(), request.getRequestURI());
}
} catch (UnauthorizedException e) {
if (WebUtils.isAjax(request)) {
WebUtils.responseOutJson(response, MSG_401_UNAUTHORIZED);
} else {
if (SecurityDelegating.getConfigurerProvider().error401Page() == null) {
response.setStatus(401);
WebUtils.responseOutHtml(response, "401 Unauthorized");
} else {
String loginPage = WebUtils.getBaseUrl(request) + SecurityDelegating.getConfigurerProvider().error401Page();
response.sendRedirect(loginPage);
}
}
return;
} catch (ForbiddenAccessException e) {
if (WebUtils.isAjax(request)) {
WebUtils.responseOutJson(response, MSG_403_FORBIDDEN);
} else {
if (SecurityDelegating.getConfigurerProvider().error403Page() == null) {
response.setStatus(403);
WebUtils.responseOutHtml(response, "403 Forbidden");
} else {
String loginPage = WebUtils.getBaseUrl(request) + SecurityDelegating.getConfigurerProvider().error403Page();
response.sendRedirect(loginPage);
}
}
return;
}
//
if (customAuthnHandler != null) {
customAuthnHandler.afterAuthentication(request, userSession);
}
chain.doFilter(req, res);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UserSession(com.mendmix.security.model.UserSession)
UnauthorizedException(com.mendmix.common.exception.UnauthorizedException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ForbiddenAccessException(com.mendmix.common.exception.ForbiddenAccessException)
Aggregations
ForbiddenAccessException (com.mendmix.common.exception.ForbiddenAccessException)4
UnauthorizedException (com.mendmix.common.exception.UnauthorizedException)3
UserSession (com.mendmix.security.model.UserSession)3
ApiMetadata (com.mendmix.common.annotation.ApiMetadata)1
PermissionLevel (com.mendmix.common.constants.PermissionLevel)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
ServerHttpRequest (org.springframework.http.server.reactive.ServerHttpRequest)1
ServerHttpResponse (org.springframework.http.server.reactive.ServerHttpResponse)1
HandlerMethod (org.springframework.web.method.HandlerMethod)1
