📄 switchuserprocessingfilter.java
字号:
logger.debug("Switch User Token [" + targetUserRequest + "]"); } // publish event if (this.eventPublisher != null) { eventPublisher.publishEvent(new AuthenticationSwitchUserEvent( SecurityContextHolder.getContext().getAuthentication(), targetUser)); } return targetUserRequest; } /** * Create a switch user token that contains an additional <tt>GrantedAuthority</tt> that contains the * original <code>Authentication</code> object. * * @param request The http servlet request. * @param username The username of target user * @param targetUser The target user * * @return The authentication token * * @see SwitchUserGrantedAuthority */ private UsernamePasswordAuthenticationToken createSwitchUserToken(HttpServletRequest request, String username, UserDetails targetUser) { UsernamePasswordAuthenticationToken targetUserRequest; // grant an additional authority that contains the original Authentication object // which will be used to 'exit' from the current switched user. Authentication currentAuth = SecurityContextHolder.getContext().getAuthentication(); GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(ROLE_PREVIOUS_ADMINISTRATOR, currentAuth); // get the original authorities ArrayList orig = new ArrayList(); for (int i = 0; i < targetUser.getAuthorities().length; i++) { orig.add(targetUser.getAuthorities()[i]); } // Allow subclasses to change the authorities to be granted if (switchUserAuthorityChanger != null) { switchUserAuthorityChanger.modifyGrantedAuthorities(targetUser, currentAuth, orig); } // add the new switch user authority List newAuths = new ArrayList(orig); newAuths.add(switchAuthority); GrantedAuthority[] authorities = {}; authorities = (GrantedAuthority[]) newAuths.toArray(authorities); // create the new authentication token targetUserRequest = new UsernamePasswordAuthenticationToken(targetUser, targetUser.getPassword(), authorities); // set details targetUserRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request)); return targetUserRequest; } public void destroy() {} /** * * @see javax.servlet.Filter#doFilter */ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { Assert.isInstanceOf(HttpServletRequest.class, request); Assert.isInstanceOf(HttpServletResponse.class, response); HttpServletRequest httpRequest = (HttpServletRequest) request; HttpServletResponse httpResponse = (HttpServletResponse) response; // check for switch or exit request if (requiresSwitchUser(httpRequest)) { // if set, attempt switch and store original Authentication targetUser = attemptSwitchUser(httpRequest); // update the current context to the new target user SecurityContextHolder.getContext().setAuthentication(targetUser); // redirect to target url httpResponse.sendRedirect(httpResponse.encodeRedirectURL(httpRequest.getContextPath() + targetUrl)); return; } else if (requiresExitUser(httpRequest)) { // get the original authentication object (if exists) Authentication originalUser = attemptExitUser(httpRequest); // update the current context back to the original user SecurityContextHolder.getContext().setAuthentication(originalUser); // redirect to target url httpResponse.sendRedirect(httpResponse.encodeRedirectURL(httpRequest.getContextPath() + targetUrl)); return; } chain.doFilter(request, response); } /** * Find the original <code>Authentication</code> object from the current user's granted authorities. A * successfully switched user should have a <code>SwitchUserGrantedAuthority</code> that contains the original * source user <code>Authentication</code> object. * * @param current The current <code>Authentication</code> object * * @return The source user <code>Authentication</code> object or <code>null</code> otherwise. */ private Authentication getSourceAuthentication(Authentication current) { Authentication original = null; // iterate over granted authorities and find the 'switch user' authority GrantedAuthority[] authorities = current.getAuthorities(); for (int i = 0; i < authorities.length; i++) { // check for switch user type of authority if (authorities[i] instanceof SwitchUserGrantedAuthority) { original = ((SwitchUserGrantedAuthority) authorities[i]).getSource(); logger.debug("Found original switch user granted authority [" + original + "]"); } } return original; } public void init(FilterConfig ignored) throws ServletException {} /** * Checks the request URI for the presence of <tt>exitUserUrl</tt>. * * @param request The http servlet request * * @return <code>true</code> if the request requires a exit user, <code>false</code> otherwise. * * @see SwitchUserProcessingFilter#exitUserUrl */ protected boolean requiresExitUser(HttpServletRequest request) { String uri = stripUri(request); return uri.endsWith(request.getContextPath() + exitUserUrl); } /** * Checks the request URI for the presence of <tt>switchUserUrl</tt>. * * @param request The http servlet request * * @return <code>true</code> if the request requires a switch, <code>false</code> otherwise. * * @see SwitchUserProcessingFilter#switchUserUrl */ protected boolean requiresSwitchUser(HttpServletRequest request) { String uri = stripUri(request); return uri.endsWith(request.getContextPath() + switchUserUrl); } public void setApplicationEventPublisher(ApplicationEventPublisher eventPublisher) throws BeansException { this.eventPublisher = eventPublisher; } public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) { Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required"); this.authenticationDetailsSource = authenticationDetailsSource; } /** * Set the URL to respond to exit user processing. * * @param exitUserUrl The exit user URL. */ public void setExitUserUrl(String exitUserUrl) { this.exitUserUrl = exitUserUrl; } public void setMessageSource(MessageSource messageSource) { this.messages = new MessageSourceAccessor(messageSource); } /** * Set the URL to respond to switch user processing. * * @param switchUserUrl The switch user URL. */ public void setSwitchUserUrl(String switchUserUrl) { this.switchUserUrl = switchUserUrl; } /** * Sets the URL to go to after a successful switch / exit user request. * * @param targetUrl The target url. */ public void setTargetUrl(String targetUrl) { this.targetUrl = targetUrl; } /** * Sets the authentication data access object. * * @param userDetailsService The UserDetailsService to use */ public void setUserDetailsService(UserDetailsService userDetailsService) { this.userDetailsService = userDetailsService; } /** * Strips any content after the ';' in the request URI * * @param request The http request * * @return The stripped uri */ private static String stripUri(HttpServletRequest request) { String uri = request.getRequestURI(); int idx = uri.indexOf(';'); if (idx > 0) { uri = uri.substring(0, idx); } return uri; } /** * @param switchUserAuthorityChanger to use to fine-tune the authorities granted to subclasses (may be null if * SwitchUserProcessingFilter shoudl not fine-tune the authorities) */ public void setSwitchUserAuthorityChanger(SwitchUserAuthorityChanger switchUserAuthorityChanger) { this.switchUserAuthorityChanger = switchUserAuthorityChanger; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -