Example 6 with UserSession
use of com.mendmix.security.model.UserSession in project jeesuite-libs by vakinge.
the class SecurityDelegatingFilter method doFilter.
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
// 忽略静态资源
if (request.getRequestURI().contains(DOT) && (apiUriSuffix == null || !request.getRequestURI().endsWith(apiUriSuffix))) {
chain.doFilter(req, res);
return;
}
if (request.getMethod().equals(HttpMethod.OPTIONS.name())) {
chain.doFilter(req, res);
return;
}
//
ServletRequestContextAdapter.init(request, response);
if (customAuthnHandler != null) {
customAuthnHandler.beforeAuthentication(request);
}
UserSession userSession = null;
try {
if (customAuthnHandler == null || !customAuthnHandler.customAuthentication(request)) {
userSession = SecurityDelegating.doAuthorization(request.getMethod(), request.getRequestURI());
}
} catch (UnauthorizedException e) {
if (WebUtils.isAjax(request)) {
WebUtils.responseOutJson(response, MSG_401_UNAUTHORIZED);
} else {
if (SecurityDelegating.getConfigurerProvider().error401Page() == null) {
response.setStatus(401);
WebUtils.responseOutHtml(response, "401 Unauthorized");
} else {
String loginPage = WebUtils.getBaseUrl(request) + SecurityDelegating.getConfigurerProvider().error401Page();
response.sendRedirect(loginPage);
}
}
return;
} catch (ForbiddenAccessException e) {
if (WebUtils.isAjax(request)) {
WebUtils.responseOutJson(response, MSG_403_FORBIDDEN);
} else {
if (SecurityDelegating.getConfigurerProvider().error403Page() == null) {
response.setStatus(403);
WebUtils.responseOutHtml(response, "403 Forbidden");
} else {
String loginPage = WebUtils.getBaseUrl(request) + SecurityDelegating.getConfigurerProvider().error403Page();
response.sendRedirect(loginPage);
}
}
return;
}
//
if (customAuthnHandler != null) {
customAuthnHandler.afterAuthentication(request, userSession);
}
chain.doFilter(req, res);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UserSession(com.mendmix.security.model.UserSession)
UnauthorizedException(com.mendmix.common.exception.UnauthorizedException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ForbiddenAccessException(com.mendmix.common.exception.ForbiddenAccessException)
Example 7 with UserSession
use of com.mendmix.security.model.UserSession in project jeesuite-libs by vakinge.
the class SecuritySessionManager method getSession.
public UserSession getSession(boolean createIfAbsent) {
String sessionId = getSessionId();
UserSession session = null;
if (StringUtils.isNotBlank(sessionId)) {
session = getLoginSession(sessionId);
}
if (createIfAbsent && session == null) {
session = UserSession.create();
if (sessionId != null && GlobalRuntimeContext.isDevEnv()) {
session.setSessionId(sessionId);
}
int expire = keepCookie ? sessionExpireIn : -1;
requestContextAdapter.addCookie(cookieDomain, cookieDomain, session.getSessionId(), expire);
//
storageLoginSession(session);
}
return session;
}
Also used :
UserSession(com.mendmix.security.model.UserSession)
Aggregations
UserSession (com.mendmix.security.model.UserSession)7
ForbiddenAccessException (com.mendmix.common.exception.ForbiddenAccessException)3
UnauthorizedException (com.mendmix.common.exception.UnauthorizedException)3
PermissionLevel (com.mendmix.common.constants.PermissionLevel)1
AccessToken (com.mendmix.security.model.AccessToken)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
ServerHttpRequest (org.springframework.http.server.reactive.ServerHttpRequest)1
ServerHttpResponse (org.springframework.http.server.reactive.ServerHttpResponse)1
