Example 1 with SecurityContextHolderAwareRequestWrapper
use of org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper in project syncope by apache.
the class MustChangePasswordFilter method doFilter.
@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
if (request instanceof SecurityContextHolderAwareRequestWrapper) {
boolean isMustChangePassword = SecurityContextHolder.getContext().getAuthentication().getAuthorities().stream().anyMatch(authority -> StandardEntitlement.MUST_CHANGE_PASSWORD.equals(authority.getAuthority()));
SecurityContextHolderAwareRequestWrapper wrapper = SecurityContextHolderAwareRequestWrapper.class.cast(request);
if (isMustChangePassword && "GET".equalsIgnoreCase(wrapper.getMethod()) && !ArrayUtils.contains(ALLOWED, wrapper.getPathInfo())) {
throw new AccessDeniedException("Please change your password first");
}
}
chain.doFilter(request, response);
}
Also used :
SecurityContextHolderAwareRequestWrapper(org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
Aggregations
AccessDeniedException (org.springframework.security.access.AccessDeniedException)1
SecurityContextHolderAwareRequestWrapper (org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper)1
