📄 securityrequest.java
字号:
package dev.trade.common.securityfilter.filter;
import java.io.*;
import java.security.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
import dev.trade.common.securityfilter.authenticator.*;
/**
* <p>Title: 权限过滤器</p>
*
* <p>Description: 安全请求包装类</p>
*
* <p>Copyright: Copyright (c) 2006</p>
*
* <p>Company: </p>
*
* @author Zheng YanNan
* @version 1.0
*/
public class SecurityRequest extends HttpServletRequestWrapper{
public static final String PRINCIPAL_SESSION_KEY = SecurityRequest.class.getName()
+ ".PRINCIPAL";
private Authenticator authenticator;
private HttpServletRequest currentRequest;
private SavedRequest savedRequest;
private String matchableURL;
public SecurityRequest(HttpServletRequest request, SavedRequest savedRequest,
Authenticator authenticator){
super(request);
this.currentRequest = request;
this.savedRequest = savedRequest;
this.authenticator = authenticator;
initMatchableURL();
}
/**
* Get the original HttpServletRequest object.
*/
public HttpServletRequest getCurrentRequest(){
return currentRequest;
}
/**
* Get a parameter value by name. If multiple values are available, the first value is returned.
*
* @param s parameter name
*/
public String getParameter(String s){
if(savedRequest == null){
return currentRequest.getParameter(s);
} else{
String value = currentRequest.getParameter(s);
if(value == null){
String[] valueArray = (String[])savedRequest.getParameterMap().get(s);
if(valueArray != null){
value = valueArray[0];
}
}
return value;
}
}
/**
* Get a map of parameter values for this request.
*/
public Map getParameterMap(){
if(savedRequest == null){
return currentRequest.getParameterMap();
} else{
Map map = new HashMap(savedRequest.getParameterMap());
map.putAll(currentRequest.getParameterMap());
return Collections.unmodifiableMap(map);
}
}
/**
* Get an enumeration of paramaeter names for this request.
*/
public Enumeration getParameterNames(){
if(savedRequest == null){
return currentRequest.getParameterNames();
} else{
return Collections.enumeration(getParameterMap().keySet());
}
}
/**
* Get an array of values for a parameter.
*
* @param s parameter name
*/
public String[] getParameterValues(String s){
if(savedRequest == null){
return currentRequest.getParameterValues(s);
} else{
String[] values = currentRequest.getParameterValues(s);
if(values == null){
values = (String[])savedRequest.getParameterMap().get(s);
}
return values;
}
}
/**
* Set the request that is to be wrapped.
*
* @param request wrap this request
*/
public void setRequest(ServletRequest request){
super.setRequest(request);
this.currentRequest = (HttpServletRequest)request;
}
/**
* Check if a user is in a role.
*
* @param role name of role to check
*/
public boolean isUserInRole(String role){
return authenticator.isUserInRole(getUserPrincipal(), role);
}
public boolean isResourceAuthorized(String resName){
return this.authenticator.isResourceAuthorized(getUserPrincipal(), resName);
}
/**
* Get the remote user's login name
*/
public String getRemoteUser(){
String username = null;
Principal principal = getUserPrincipal();
if(principal != null){
username = principal.getName();
}
return username;
}
/**
* Get a Principal object for the current user.
*/
public Principal getUserPrincipal(){
return(Principal)currentRequest.getSession().getAttribute(PRINCIPAL_SESSION_KEY);
}
/**
* This method is provided to restore functionality of this method in case the wrapper class we are extending
* has disabled it. This method is needed to process multi-part requests downstream, and it appears that some
* wrapper implementations just return null. WebLogic 6.1.2.0 is one such implementation.
*
* @exception IOException
*/
public ServletInputStream getInputStream() throws IOException{
ServletInputStream stream = super.getInputStream();
if(stream == null){
stream = currentRequest.getInputStream();
}
return stream;
}
/**
* Set the username of the current user.
* WARNING: Calling this method will set the user for this session -- authenticate the user before calling
* this method.
*
* @param principal the user Principal object
*/
public void setUserPrincipal(Principal principal){
currentRequest.getSession().setAttribute(PRINCIPAL_SESSION_KEY, principal);
}
/**
* Returns the auth type (e.g. FORM, BASIC, etc.).
*/
public String getAuthType(){
if(getUserPrincipal() != null && authenticator!=null){
return authenticator.getAuthMethod();
} else{
return null;
}
}
/**
* Returns the HTTP method used to make this request. If the savedRequest is non-null,
* the HTTP method of the saved request will be returned.
*/
public String getMethod(){
if(savedRequest != null){
return savedRequest.getMethod();
} else{
return super.getMethod();
}
}
public Authenticator getAuthenticator(){
return this.authenticator;
}
/**
* Get a URL that can be matched against security URL patterns.
*
* This is the part after the contextPath, with the pathInfo, but without the query string.
* http://server:8080/contextPath/someURL.jsp?param=value becomes /someURL.jsp
*/
public String getMatchableURL(){
return matchableURL;
}
/**
* Initilize the matchableURL.
*/
private void initMatchableURL(){
// extract the servlet path portion that needs to be checked
matchableURL = currentRequest.getServletPath();
// add the pathInfo, as it needs to be part of the URL we check
String pathInfo = currentRequest.getPathInfo();
if(pathInfo != null){
matchableURL = matchableURL + pathInfo;
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -