Java 类org.springframework.security.web.FilterInvocation 实例源码

项目：busi-support 文件：CustomerSecurityMetadataSource.java

@Override
public Collection<ConfigAttribute> getAttributes(Object o) throws IllegalArgumentException {
    String url = ((FilterInvocation) o).getRequestUrl();

    logger.debug("request url is  " + url);

    if (resourceMap == null) {
        resourceMap = loadResourceMatchAuthority();
    }

    for (String resURL : resourceMap.keySet()) {
        if (pathMatcher.match(resURL, url)) {
            return resourceMap.get(resURL);
        }
    }
    return resourceMap.get(url);
}

项目：springbootWeb 文件：CustomerSecurityMetadataSource.java

@Override
public Collection<ConfigAttribute> getAttributes(Object o) throws IllegalArgumentException {
    String url = ((FilterInvocation) o).getRequestUrl();

    if (!url.contains("/js/") && !url.contains("/html/") && !url.contains("/css/") && !url.contains("/images/")) {
        logger.debug("request url is  " + url);
    }

    if (resourceMap == null) {
        resourceMap = loadResourceMatchAuthority();
    }

    for (String resURL : resourceMap.keySet()) {
        if (pathMatcher.match(resURL, url)) {
            return resourceMap.get(resURL);
        }
    }
    return resourceMap.get(url);
}

项目：Shop 文件：MyInvocationSecurityMetadataSourceService.java

@Override
public Collection<ConfigAttribute> getAttributes(Object object)
        throws IllegalArgumentException {
    // ObjectΪһ��URL,���û������URL
    String url = ((FilterInvocation)object).getRequestUrl();
    //����
    System.out.println("该用户请求的url为：" + url);
    int firstQuestionMarkIndex = url.indexOf("?");
    if(firstQuestionMarkIndex != -1){
        url = url.substring(0, firstQuestionMarkIndex);
    }
    Iterator<String> ite =  resourceMap.keySet().iterator();
    while(ite.hasNext()){
        String resultURL = ite.next();
        if(urlMatcher.pathMatchesUrl(url, resultURL)){
            //����
        System.out.println("该url匹配的权限为："+ resourceMap.get(resultURL));
            return resourceMap.get(resultURL);
        }
    }
    //����
    //System.out.println("该url没有匹配的权限");
    return null;
}

项目：engerek 文件：MidPointGuiAuthorizationEvaluator.java

private void addSecurityConfig(FilterInvocation filterInvocation, Collection<ConfigAttribute> guiConfigAttr,
                   String url, DisplayableValue<String>[] actions) {

     AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
     if (!matcher.matches(filterInvocation.getRequest()) || actions == null) {
         return;
     }

     for (DisplayableValue<String> action : actions) {
         String actionUri = action.getValue();
         if (StringUtils.isBlank(actionUri)) {
             continue;
         }

         //all users has permission to access these resources
         if (action.equals(AuthorizationConstants.AUTZ_UI_PERMIT_ALL_URL)) {
             return;
         }

         SecurityConfig config = new SecurityConfig(actionUri);
if (!guiConfigAttr.contains(config)) {
    guiConfigAttr.add(config);
}
     }
 }

项目：microbbs 文件：MyInvocationSecurityMetadataSource.java

/**
 * 根据路径获取访问权限的集合接口
 *
 * @param object
 * @return
 * @throws IllegalArgumentException
 */
@Override
public Collection<ConfigAttribute> getAttributes(Object object)
        throws IllegalArgumentException {
    HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
    List<ConfigAttribute> attrs = new ArrayList<>();
    try {
        List<Permission> permissions = permissionService.findAll();
        for (Permission p : permissions) {
            AntPathRequestMatcher matcher = new AntPathRequestMatcher(p.getUrl());
            if (matcher.matches(request)) {
                attrs.add(new SecurityConfig(p.getCode()));
            }
        }
    } catch (ExecutionException e) {
        e.printStackTrace();
    }

    return attrs;
}

项目：metaworks_framework 文件：ProtoInsecureChannelProcessor.java

@Override
public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException {
    if ((invocation == null) || (config == null)) {
        throw new IllegalArgumentException("Nulls cannot be provided");
    }

    for (ConfigAttribute attribute : config) {
        if (supports(attribute)) {
            if (invocation.getHttpRequest().getHeader("X-Forwarded-Proto") != null
                    && "https".equalsIgnoreCase(invocation.getHttpRequest().getHeader("X-Forwarded-Proto"))) {
                //We can't rely entirely on "!invocation.getHttpRequest().isSecure()" because many times, 
                //when SSL terminates somewhere else, the proxied request will not be secure.
                //In this case, someone may have gone to a secured page, and then tried to go back to an unsecured page.
                getEntryPoint().commence(invocation.getRequest(), invocation.getResponse());
            } else if (invocation.getHttpRequest().getHeader("X-Forwarded-Proto") != null
                    && "http".equalsIgnoreCase(invocation.getHttpRequest().getHeader("X-Forwarded-Proto"))) {
                return;
            } else if (!invocation.getHttpRequest().isSecure()) {
                return;
            } else {
                getEntryPoint().commence(invocation.getRequest(), invocation.getResponse());
            }
        }
    }
}

项目：metaworks_framework 文件：ProtoSecureChannelProcessor.java

@Override
public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException {
    Assert.isTrue((invocation != null) && (config != null), "Nulls cannot be provided");

    for (ConfigAttribute attribute : config) {
        if (supports(attribute)) {
            if (invocation.getHttpRequest().getHeader("X-Forwarded-Proto") != null
                    && "https".equalsIgnoreCase(invocation.getHttpRequest().getHeader("X-Forwarded-Proto"))) {
                return;
            } else if (invocation.getHttpRequest().isSecure()) {
                return;
            } else {
                getEntryPoint().commence(invocation.getRequest(), invocation.getResponse());
            }
        }
    }
}

项目：SparkCommerce 文件：ProtoInsecureChannelProcessor.java

@Override
public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException {
    if ((invocation == null) || (config == null)) {
        throw new IllegalArgumentException("Nulls cannot be provided");
    }

    for (ConfigAttribute attribute : config) {
        if (supports(attribute)) {
            if (invocation.getHttpRequest().getHeader("X-Forwarded-Proto") != null
                    && "https".equalsIgnoreCase(invocation.getHttpRequest().getHeader("X-Forwarded-Proto"))) {
                //We can't rely entirely on "!invocation.getHttpRequest().isSecure()" because many times, 
                //when SSL terminates somewhere else, the proxied request will not be secure.
                //In this case, someone may have gone to a secured page, and then tried to go back to an unsecured page.
                getEntryPoint().commence(invocation.getRequest(), invocation.getResponse());
            } else if (invocation.getHttpRequest().getHeader("X-Forwarded-Proto") != null
                    && "http".equalsIgnoreCase(invocation.getHttpRequest().getHeader("X-Forwarded-Proto"))) {
                return;
            } else if (!invocation.getHttpRequest().isSecure()) {
                return;
            } else {
                getEntryPoint().commence(invocation.getRequest(), invocation.getResponse());
            }
        }
    }
}

项目：SparkCommerce 文件：ProtoSecureChannelProcessor.java

@Override
public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException {
    Assert.isTrue((invocation != null) && (config != null), "Nulls cannot be provided");

    for (ConfigAttribute attribute : config) {
        if (supports(attribute)) {
            if (invocation.getHttpRequest().getHeader("X-Forwarded-Proto") != null
                    && "https".equalsIgnoreCase(invocation.getHttpRequest().getHeader("X-Forwarded-Proto"))) {
                return;
            } else if (invocation.getHttpRequest().isSecure()) {
                return;
            } else {
                getEntryPoint().commence(invocation.getRequest(), invocation.getResponse());
            }
        }
    }
}

项目：onetwo 文件：MultiWebExpressionVoter.java

public int vote(Authentication authentication, FilterInvocation fi,
        Collection<ConfigAttribute> attributes) {
    assert authentication != null;
    assert fi != null;
    assert attributes != null;

    CodeSecurityConfig codeConfig = findConfigAttribute(attributes);

    if (codeConfig == null) {
        return ACCESS_ABSTAIN;
    }

    EvaluationContext ctx = expressionHandler.createEvaluationContext(authentication,
            fi);

    return ExpressionUtils.evaluateAsBoolean(codeConfig.getAuthorizeExpression(), ctx) ? ACCESS_GRANTED
            : ACCESS_DENIED;
}

项目：blcdemo 文件：ProtoInsecureChannelProcessor.java

@Override
public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException {
    if ((invocation == null) || (config == null)) {
        throw new IllegalArgumentException("Nulls cannot be provided");
    }

    for (ConfigAttribute attribute : config) {
        if (supports(attribute)) {
            if (invocation.getHttpRequest().getHeader("X-Forwarded-Proto") != null
                    && "https".equalsIgnoreCase(invocation.getHttpRequest().getHeader("X-Forwarded-Proto"))) {
                //We can't rely entirely on "!invocation.getHttpRequest().isSecure()" because many times, 
                //when SSL terminates somewhere else, the proxied request will not be secure.
                //In this case, someone may have gone to a secured page, and then tried to go back to an unsecured page.
                getEntryPoint().commence(invocation.getRequest(), invocation.getResponse());
            } else if (invocation.getHttpRequest().getHeader("X-Forwarded-Proto") != null
                    && "http".equalsIgnoreCase(invocation.getHttpRequest().getHeader("X-Forwarded-Proto"))) {
                return;
            } else if (!invocation.getHttpRequest().isSecure()) {
                return;
            } else {
                getEntryPoint().commence(invocation.getRequest(), invocation.getResponse());
            }
        }
    }
}

项目：blcdemo 文件：ProtoSecureChannelProcessor.java

@Override
public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException {
    Assert.isTrue((invocation != null) && (config != null), "Nulls cannot be provided");

    for (ConfigAttribute attribute : config) {
        if (supports(attribute)) {
            if (invocation.getHttpRequest().getHeader("X-Forwarded-Proto") != null
                    && "https".equalsIgnoreCase(invocation.getHttpRequest().getHeader("X-Forwarded-Proto"))) {
                return;
            } else if (invocation.getHttpRequest().isSecure()) {
                return;
            } else {
                getEntryPoint().commence(invocation.getRequest(), invocation.getResponse());
            }
        }
    }
}

项目：gomall.la 文件：InvocationSecurityMetadataSourceService.java

public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
    // object是一个URL，被用户请求的url
    String requestUrl = ((FilterInvocation) object).getRequestUrl();
    System.out.println("requestUrl is " + requestUrl);

    int firstQuestionMarkIndex = requestUrl.indexOf("?");

    if (firstQuestionMarkIndex != -1) {
        requestUrl = requestUrl.substring(0, firstQuestionMarkIndex);
    }

    if (resourceMap == null) {
        loadResourceDefine();
    }
    //
    Iterator<String> ite = resourceMap.keySet().iterator();

    while (ite.hasNext()) {
        String resURL = ite.next();

        if (resURL.equals(requestUrl)) {
            return resourceMap.get(resURL);
        }
    }
    return null;
}

项目：springfield 文件：AccessDecisionManager.java

private String createConfigAttribute(Authentication authentication, Object object) {

    try{
        FilterInvocation fi = (FilterInvocation)object;
        if(fi.getHttpRequest() == null || fi.getHttpResponse() == null){
            return NavigationAccessor.DEFAULT_ACCESS;
        }

        Navigation navigation = navigationFactory.resolveNavigation(fi.getHttpRequest());
        NavigationAccessor accessor = new NavigationAccessor(authentication, fi);
        navigation.travel(accessor);
        fi.getHttpRequest().setAttribute(Navigation.OBJECT_NAME, navigation);

        return accessor.getAttribute();
    }catch(Exception e){
        logger.warn("createConfigAttribute : ", e);
        return NavigationAccessor.DEFAULT_ACCESS;
    }
}

项目：springfield 文件：AuthorityAttributeVoter.java

public int vote(Authentication authentication, FilterInvocation fi, Collection<ConfigAttribute> attributes) {
    assert authentication != null;
    assert fi != null;
    assert attributes != null;

    AuthorityAttribute attr = findAccessAttribute(attributes);

    if (attr == null) {
        return ACCESS_ABSTAIN;
    }

    AuthorityExpressionRoot sec = new AuthorityExpressionRoot(authentication, fi);
    int vote = sec.evaluateAsBoolean(attr) ? ACCESS_GRANTED : ACCESS_DENIED;


    return vote;
}

项目：midpoint 文件：MidPointGuiAuthorizationEvaluator.java

private void addSecurityConfig(FilterInvocation filterInvocation, List<String> requiredActions,
                   String url, DisplayableValue<String>[] actions) {

     AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
     if (!matcher.matches(filterInvocation.getRequest()) || actions == null) {
         return;
     }

     for (DisplayableValue<String> action : actions) {
         String actionUri = action.getValue();
         if (StringUtils.isBlank(actionUri)) {
             continue;
         }

if (!requiredActions.contains(actionUri)) {
    requiredActions.add(actionUri);
}
     }
 }

项目：zxl 文件：ResourceSecurityFilter.java

public void invoke(FilterInvocation fi) throws IOException,
        ServletException {
    if ((fi.getRequest() != null) && (fi.getRequest().getAttribute(FILTER_APPLIED) != null) && observeOncePerRequest) {
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
    } else {
        if (fi.getRequest() != null) {
            fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
        }
        InterceptorStatusToken token = super.beforeInvocation(fi);
        try {
            fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
        } finally {
            super.finallyInvocation(token);
        }
        super.afterInvocation(token, null);
    }
}

项目：midpoint 文件：MidPointGuiAuthorizationEvaluator.java

private void addSecurityConfig(FilterInvocation filterInvocation, List<String> requiredActions,
                   String url, DisplayableValue<String>[] actions) {

     AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
     if (!matcher.matches(filterInvocation.getRequest()) || actions == null) {
         return;
     }

     for (DisplayableValue<String> action : actions) {
         String actionUri = action.getValue();
         if (StringUtils.isBlank(actionUri)) {
             continue;
         }

if (!requiredActions.contains(actionUri)) {
    requiredActions.add(actionUri);
}
     }
 }

项目：molgenis 文件：MolgenisAccessDecisionVoter.java

@Override
public int vote(Authentication authentication, FilterInvocation filterInvocation,
        Collection<ConfigAttribute> attributes)
{
    String requestUrl = filterInvocation.getRequestUrl();

    Matcher pluginMatcher = PATTERN_PLUGINID.matcher(requestUrl);
    if (pluginMatcher.matches())
    {
        String pluginId = pluginMatcher.group(1);
        return getMolgenisPermissionService().hasPermissionOnPlugin(pluginId,
                Permission.READ) ? ACCESS_GRANTED : ACCESS_DENIED;
    }

    Matcher menuMatcher = PATTERN_MENUID.matcher(requestUrl);
    if (menuMatcher.matches())
    {
        String menuId = menuMatcher.group(1);
        UiMenu menu = getMolgenisUi().getMenu(menuId);
        return menu != null ? ACCESS_GRANTED : ACCESS_DENIED;
    }

    return ACCESS_DENIED;
}

项目：busi-support 文件：CustomerFilterSecurityInterceptor.java

private void invoke(FilterInvocation fi) throws IOException, ServletException {
    InterceptorStatusToken token = super.beforeInvocation(fi);
    try {
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
    } catch (Exception e) {
        logger.error(e.getMessage());
    } finally {
        super.afterInvocation(token, null);
    }
}

项目：springboot-security-wechat 文件：MyFilterSecurityInterceptor.java

public void invoke(FilterInvocation fi) throws IOException, ServletException {
    //fi里面有一个被拦截的url
    //里面调用MyInvocationSecurityMetadataSource的getAttributes(Object object)这个方法获取fi对应的所有权限
    //再调用MyAccessDecisionManager的decide方法来校验用户的权限是否足够
    InterceptorStatusToken token = super.beforeInvocation(fi);
    try {
    //执行下一个拦截器
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
    } finally {
        super.afterInvocation(token, null);
    }
}

项目：spring-backend-boilerplate 文件：RbacWebSecurityExpressionHandler.java

@Override
public SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
                                                                 FilterInvocation fi) {
    RbacWebSecurityExpressionRoot root = new RbacWebSecurityExpressionRoot(authentication,
                                                                           fi,
                                                                           permissionService,
                                                                           resourceService);
    root.setPermissionEvaluator(getPermissionEvaluator());
    root.setRoleHierarchy(getRoleHierarchy());
    return root;
}

项目：spring-backend-boilerplate 文件：RbacWebSecurityExpressionRoot.java

public RbacWebSecurityExpressionRoot(Authentication a,
                                     FilterInvocation fi,
                                     PermissionService permissionService,
                                     ResourceService resourceService) {
    super(a, fi);
    this.filterInvocation = fi;
    this.permissionService = permissionService;
    this.resourceService = resourceService;
}

项目：itweet-boot 文件：MyFilterSecurityInterceptor.java

public void invoke(FilterInvocation fi) throws IOException, ServletException {
    //fi里面有一个被拦截的url
    //里面调用MyInvocationSecurityMetadataSource的getAttributes(Object object)这个方法获取fi对应的所有权限
    //再调用MyAccessDecisionManager的decide方法来校验用户的权限是否足够
    InterceptorStatusToken token = super.beforeInvocation(fi);
    try {
        //执行下一个拦截器
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
    } finally {
        super.afterInvocation(token, null);
    }
}

项目：Fetax-AI 文件：MainSecurityFilter.java

private void invoke(FilterInvocation fi) throws IOException, ServletException {
    //System.out.println("--------------------MaxSecurityFilter invoke--------------");
    InterceptorStatusToken token = super.beforeInvocation(fi);
    try {
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
    } finally {
        super.afterInvocation(token, null);
    }
}

项目：Fetax-AI 文件：MainSecurityMetadataSource.java

public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
    //System.err.println(" ---------------MaxSecurityMetadataSource getAttributes--------------- ");
    String requestUrl = ((FilterInvocation) object).getRequestUrl();
    if(resourceMap == null) {
        loadResourceDefine();
    }
    if(requestUrl.indexOf("?") > -1) {
        requestUrl=requestUrl.substring(0,requestUrl.indexOf("?"));
    }
    //System.out.println(requestUrl);
    Collection<ConfigAttribute> configAttributes = resourceMap.get(requestUrl);
    return configAttributes;
}

项目：springbootWeb 文件：CustomerFilterSecurityInterceptor.java

private void invoke(FilterInvocation fi) throws IOException, ServletException {
    InterceptorStatusToken token = super.beforeInvocation(fi);
    try {
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
    } catch (Exception e) {
        logger.error(e.getMessage());
    } finally {
        super.afterInvocation(token, null);
    }
}

项目：SpringBootStudy 文件：DemoSecurityInterceptor.java

public void invoke(FilterInvocation fi) throws IOException, ServletException {

        InterceptorStatusToken token = super.beforeInvocation(fi);
        try {
            fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
        } finally {
            super.afterInvocation(token, null);
        }
    }

项目：SpringBootStudy 文件：DemoInvocationSecurityMetadataSourceService.java

@Override
public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
    FilterInvocation filterInvocation = (FilterInvocation) object;
    for (String url : resourceMap.keySet()) {
        RequestMatcher requestMatcher = new AntPathRequestMatcher(url);
        HttpServletRequest httpRequest = filterInvocation.getHttpRequest();
        if (requestMatcher.matches(httpRequest)) {
            return resourceMap.get(url);
        }
    }
    return null;
}

项目：bootstrap 文件：ExtendedSecurityExpressionHandler.java

@Override
protected SecurityExpressionOperations createSecurityExpressionRoot(final Authentication authentication, final FilterInvocation fi) {

    // There we use the extended version of expression manager
    final WebSecurityExpressionRoot root = new ExtendedWebSecurityExpressionRoot(authentication, fi);
    root.setPermissionEvaluator(getPermissionEvaluator());
    root.setTrustResolver(trustResolver);
    root.setRoleHierarchy(getRoleHierarchy());
    root.setDefaultRolePrefix("ROLE_");
    return root;
}

项目：bootstrap 文件：ExtendedSecurityExpressionHandlerTest.java

@Test
public void testHasHeader() {
    FilterInvocation invocation = Mockito.mock(FilterInvocation.class);
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getHeader("header")).thenReturn("value");
    Mockito.when(invocation.getRequest()).thenReturn(request);
    Assert.assertTrue(((ExtendedWebSecurityExpressionRoot) new ExtendedSecurityExpressionHandler().createSecurityExpressionRoot(
            Mockito.mock(Authentication.class), invocation)).hasHeader("header"));
}

项目：bootstrap 文件：ExtendedSecurityExpressionHandlerTest.java

@Test
public void testHasParameter() {
    FilterInvocation invocation = Mockito.mock(FilterInvocation.class);
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getParameter("parameter")).thenReturn("value");
    Mockito.when(invocation.getRequest()).thenReturn(request);
    Assert.assertTrue(((ExtendedWebSecurityExpressionRoot) new ExtendedSecurityExpressionHandler().createSecurityExpressionRoot(
            Mockito.mock(Authentication.class), invocation)).hasParameter("parameter"));
}

项目：data-migration 文件：OwnSecurityInterceptor.java

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    FilterInvocation fi = new FilterInvocation(request, response, chain);
    //fi里面有一个被拦截的url
    //里面调用MyInvocationSecurityMetadataSource的getAttributes(Object object)这个方法获取fi对应的所有权限
    //再调用MyAccessDecisionManager的decide方法来校验用户的权限是否足够
    InterceptorStatusToken token = super.beforeInvocation(fi);
    try {
        //执行下一个拦截器
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
    } finally {
        super.afterInvocation(token, null);
    }
}

项目：awe-awesomesky 文件：MainSecurityFilter.java

private void invoke(FilterInvocation fi) throws IOException, ServletException {
    //System.out.println("--------------------MaxSecurityFilter invoke--------------");
    InterceptorStatusToken token = super.beforeInvocation(fi);
    try {
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
    } finally {
        super.afterInvocation(token, null);
    }
}

项目：awe-awesomesky 文件：MainSecurityMetadataSource.java

public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
    //System.err.println(" ---------------MaxSecurityMetadataSource getAttributes--------------- ");
    String requestUrl = ((FilterInvocation) object).getRequestUrl();
    if(resourceMap == null) {
        loadResourceDefine();
    }
    if(requestUrl.indexOf("?") > -1) {
        requestUrl=requestUrl.substring(0,requestUrl.indexOf("?"));
    }
    //System.out.println(requestUrl);
    Collection<ConfigAttribute> configAttributes = resourceMap.get(requestUrl);
    return configAttributes;
}

项目：Shop 文件：MyFilterSecurityInterceptor.java

@Override
public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain) throws IOException, ServletException {

    FilterInvocation fi = new FilterInvocation(request,response,chain);
    invoke(fi);
}

项目：Shop 文件：MyFilterSecurityInterceptor.java

public void invoke(FilterInvocation fi) throws IOException, ServletException{
    InterceptorStatusToken token = super.beforeInvocation(fi);
    try{
        fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
    }finally{
        super.afterInvocation(token, null);
    }
}

项目：oma-riista-web 文件：CustomWebSecurityExpressionHandler.java

@Override
protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, FilterInvocation fi) {
    WebSecurityExpressionRoot root = new CustomWebSecurityExpressionRoot(authentication, fi);
    root.setPermissionEvaluator(getPermissionEvaluator());
    root.setTrustResolver(new AuthenticationTrustResolverImpl());
    root.setRoleHierarchy(getRoleHierarchy());
    return root;
}

项目：interview-preparation 文件：WebSecurityConfig.java

@Override
public Collection<ConfigAttribute> getAttributes(final Object object) throws IllegalArgumentException {
    final FilterInvocation filterInvocation = (FilterInvocation) object;
    final String uri = filterInvocation.getRequestUrl();
    logger.info("Requested URI    :   " + uri);
    return accessControlService.getAllRolesByURI(uri);
}

项目：interview-preparation 文件：WebSecurityConfig.java

@Override
public Collection<ConfigAttribute> getAttributes(final Object object) throws IllegalArgumentException {
    final FilterInvocation filterInvocation = (FilterInvocation) object;
    final String uri = filterInvocation.getRequestUrl();
    logger.info("Requested URI    :   " + uri);
    return accessControlService.getAllRolesByURI(uri);
}