cas HttpServletRequestWrapperFilter
HttpServletRequestWrapperFilter
做用其實很簡單就是 在HttpServletRequest對象在包裝一次,讓其支持getUserPrincipal,getRemoteUser方法來獲取登陸的用戶信息。session
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//從session或者request中取得AttributePrincipal,其實Assertion的一個principal屬性
AttributePrincipal principal = this.retrievePrincipalFromSessionOrRequest(servletRequest);
//對request進行包裝,並處理後面的過濾器,使其後面的過濾器或者servlert可以在reqeust可以在request.getRemoteUser()或者request.getUserPrincipal
filterChain.doFilter(new HttpServletRequestWrapperFilter.CasHttpServletRequestWrapper((HttpServletRequest)servletRequest, principal), servletResponse);
}
protected AttributePrincipal retrievePrincipalFromSessionOrRequest(ServletRequest servletRequest) {
HttpServletRequest request = (HttpServletRequest)servletRequest;
HttpSession session = request.getSession(false);
Assertion assertion = (Assertion)((Assertion)(session == null?request.getAttribute("_const_cas_assertion_"):session.getAttribute("_const_cas_assertion_")));
return assertion == null?null:assertion.getPrincipal();
}
實現起來也比較簡單,這個裏面使用一個內部類CasHttpServletRequestWrapper,其繼承HttpServletRequestWrapper,
經過給定Assertion對象中取得AttributePrincipal對象來組裝CasHttpServletRequestWrapper。
final class CasHttpServletRequestWrapper extends HttpServletRequestWrapper {
private final AttributePrincipal principal;
CasHttpServletRequestWrapper(HttpServletRequest request, AttributePrincipal principal) {
super(request);
this.principal = principal;
}
public Principal getUserPrincipal() {
return this.principal;
}
public String getRemoteUser() {
return this.principal != null?this.principal.getName():null;
}
public boolean isUserInRole(String role) {
if(CommonUtils.isBlank(role)) {
HttpServletRequestWrapperFilter.this.logger.debug("No valid role provided. Returning false.");
return false;
} else if(this.principal == null) {
HttpServletRequestWrapperFilter.this.logger.debug("No Principal in Request. Returning false.");
return false;
} else if(CommonUtils.isBlank(HttpServletRequestWrapperFilter.this.roleAttribute)) {
HttpServletRequestWrapperFilter.this.logger.debug("No Role Attribute Configured. Returning false.");
return false;
} else {
Object value = this.principal.getAttributes().get(HttpServletRequestWrapperFilter.this.roleAttribute);
if(value instanceof Collection) {
Iterator isMember = ((Collection)value).iterator();
while(isMember.hasNext()) {
Object o = isMember.next();
if(this.rolesEqual(role, o)) {
HttpServletRequestWrapperFilter.this.logger.debug("User [{}] is in role [{}]: true", this.getRemoteUser(), role);
return true;
}
}
}
boolean isMember1 = this.rolesEqual(role, value);
HttpServletRequestWrapperFilter.this.logger.debug("User [{}] is in role [{}]: {}", new Object[]{this.getRemoteUser(), role, Boolean.valueOf(isMember1)});
return isMember1;
}
}
private boolean rolesEqual(String given, Object candidate) {
return HttpServletRequestWrapperFilter.this.ignoreCase?given.equalsIgnoreCase(candidate.toString()):given.equals(candidate);
}
}
相關文章
- 1. CAS學習筆記
- 2. cas client spring boot 配置
- 3. Cas(07)——建立使用Cas進行單點登錄的應用
- 4. Springboot集成CAS 5.2.x
- 5. cas 與 shiro 集合
- 6. CAS單點登陸
- 7. spring boot整合CAS配置詳解
- 8. JAVA CAS單點登陸之二:CAS普通模式1演練
- 9. JAVA CAS單點登錄之二:CAS普通模式1演練
- 10. CAS protocol(CAS協議)
- 更多相關文章...
- • Redis watch命令——監控事務 - Redis教程
- • Redis樂觀鎖解決高併發搶紅包的問題 - 紅包項目實戰
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
