Spring Security3源码分析(9)-SecurityContextHolderAwareRequestFilter分析
2014-09-11 11:56
399 查看
SecurityContextHolderAwareRequestFilter过滤器对应的类路径为
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
从类名称可以猜出这个过滤器主要是包装请求对象request的,看源码
Java代码
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
chain.doFilter(new SecurityContextHolderAwareRequestWrapper((HttpServletRequest) req, rolePrefix), res);
}
SecurityContextHolderAwareRequestWrapper类对request包装的目的主要是实现servlet api的一些接口方法isUserInRole、getRemoteUser
Java代码
//从SecurityContext中获取认证实体Authentication
private Authentication getAuthentication() {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (!authenticationTrustResolver.isAnonymous(auth)) {
return auth;
}
return null;
}
//实现getRemoteUser方法。首先获取认证实体,再从认证实体中获取登录账号
@Override
public String getRemoteUser() {
Authentication auth = getAuthentication();
if ((auth == null) || (auth.getPrincipal() == null)) {
return null;
}
if (auth.getPrincipal() instanceof UserDetails) {
return ((UserDetails) auth.getPrincipal()).getUsername();
}
return auth.getPrincipal().toString();
}
//实现getUserPrincipal方法
@Override
public Principal getUserPrincipal() {
Authentication auth = getAuthentication();
if ((auth == null) || (auth.getPrincipal() == null)) {
return null;
}
return auth;
}
//判断是否授权。这里注意一下rolePrefix,就是角色的前缀
private boolean isGranted(String role) {
Authentication auth = getAuthentication();
if( rolePrefix != null ) {
role = rolePrefix + role;
}
if ((auth == null) || (auth.getPrincipal() == null)) {
return false;
}
Collection<GrantedAuthority> authorities = auth.getAuthorities();
if (authorities == null) {
return false;
}
for (GrantedAuthority grantedAuthority : authorities) {
if (role.equals(grantedAuthority.getAuthority())) {
return true;
}
}
return false;
}
//实现isUserInRole
@Override
public boolean isUserInRole(String role) {
return isGranted(role);
}
这个过滤器看起来很简单。目的仅仅是实现java ee中servlet api一些接口方法。
一些应用中直接使用getRemoteUser方法、isUserInRole方法,在使用spring security时其实就是通过这个过滤器来实现的。
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
从类名称可以猜出这个过滤器主要是包装请求对象request的,看源码
Java代码
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
chain.doFilter(new SecurityContextHolderAwareRequestWrapper((HttpServletRequest) req, rolePrefix), res);
}
SecurityContextHolderAwareRequestWrapper类对request包装的目的主要是实现servlet api的一些接口方法isUserInRole、getRemoteUser
Java代码
//从SecurityContext中获取认证实体Authentication
private Authentication getAuthentication() {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (!authenticationTrustResolver.isAnonymous(auth)) {
return auth;
}
return null;
}
//实现getRemoteUser方法。首先获取认证实体,再从认证实体中获取登录账号
@Override
public String getRemoteUser() {
Authentication auth = getAuthentication();
if ((auth == null) || (auth.getPrincipal() == null)) {
return null;
}
if (auth.getPrincipal() instanceof UserDetails) {
return ((UserDetails) auth.getPrincipal()).getUsername();
}
return auth.getPrincipal().toString();
}
//实现getUserPrincipal方法
@Override
public Principal getUserPrincipal() {
Authentication auth = getAuthentication();
if ((auth == null) || (auth.getPrincipal() == null)) {
return null;
}
return auth;
}
//判断是否授权。这里注意一下rolePrefix,就是角色的前缀
private boolean isGranted(String role) {
Authentication auth = getAuthentication();
if( rolePrefix != null ) {
role = rolePrefix + role;
}
if ((auth == null) || (auth.getPrincipal() == null)) {
return false;
}
Collection<GrantedAuthority> authorities = auth.getAuthorities();
if (authorities == null) {
return false;
}
for (GrantedAuthority grantedAuthority : authorities) {
if (role.equals(grantedAuthority.getAuthority())) {
return true;
}
}
return false;
}
//实现isUserInRole
@Override
public boolean isUserInRole(String role) {
return isGranted(role);
}
这个过滤器看起来很简单。目的仅仅是实现java ee中servlet api一些接口方法。
一些应用中直接使用getRemoteUser方法、isUserInRole方法,在使用spring security时其实就是通过这个过滤器来实现的。
相关文章推荐
- spring security 源码分析: 过滤器
- Spring Security3源码分析-SSL支持
- Spring Security3源码分析(12)-AnonymousAuthenticationFilter分析
- Spring Security3源码分析(16)-RequestCacheAwareFilter分析
- Spring Security3源码分析(15)-ExceptionTranslationFilter分析
- Spring Security3源码分析-SecurityContextPersistenceFilter分
- Spring Security3源码分析(17)-Filter链排序分析
- Spring Security3源码分析-Filter链排序分析
- Spring Security3源码分析(8)-RememberMeAuthenticationFilter分析
- Spring Security3源码分析(19)-SSL支持
- Spring Security3源码分析-SessionManagementFilter分析-上
- Spring Security3源码分析(1)-FilterChainProxy初始化
- Spring Security3源码分析(2)-http标签解析
- Spring Security3源码分析-认证授权分析
- Spring Security3源码分析(6)-LogoutFilter分析
- Spring Security3源码分析-FilterChainProxy初始化
- Spring Security3源码分析-CAS支持
- Spring Security3源码分析-Filter链排序分析
- Spring Security3源码分析(14)-SessionManagementFilter分析-下
- Spring Security3源码分析-SessionManagementFilter分析--下