Java 类org.springframework.security.web.access.ExceptionTranslationFilter 实例源码

@Override
    protected void configure(HttpSecurity http) throws Exception
    {
        super.configure(http);
        http
                .authorizeRequests()
//                .antMatchers("/customers*").hasRole("USER")
//                .antMatchers("/admin*").hasRole("ADMIN")
                .antMatchers(HttpMethod.GET, "/api/account").permitAll()
                .anyRequest().authenticated()
                .and()
                    .logout()
                    .logoutUrl("/api/logout")
                    .logoutSuccessHandler(ajaxLogoutSuccessHandler)
                    .deleteCookies("JSESSIONID", "CSRF-TOKEN")
                    .permitAll()
                .and().exceptionHandling();

        if (!csrfEnabled) {
            http.csrf().disable();
        } else {
            http.csrf().csrfTokenRepository(tokenRepository());
        }
        http.addFilterAfter(this.customRedirectFilter(), ExceptionTranslationFilter.class);
    }

@Override
protected void configure(HttpSecurity http) throws Exception {
    if (noauthdevmode && devmode) {
        // don't configure any security
    } else {
        http
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessHandler(logoutHandler()).and()
            .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and()
            .authorizeRequests()
            .antMatchers("/my/**").authenticated()
            .anyRequest().permitAll().and()
            .addFilterBefore(oasisAuthenticationFilter(), AbstractPreAuthenticatedProcessingFilter.class);
    }
    http
        .addFilterAfter(oasisExceptionTranslationFilter(authenticationEntryPoint()), ExceptionTranslationFilter.class);
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    // @formatter:off
        http.authorizeRequests()
               .antMatchers("/sparklr/**","/facebook/**","/xvia/**","/xvscribe/**").hasRole("USER")
               .anyRequest().permitAll()
               .and()
           .addFilterAfter(oauth2ClientFilter(), ExceptionTranslationFilter.class)
           .logout()
               .logoutSuccessUrl("/login.jsp")
               .logoutUrl("/logout.do")
               .permitAll()
               .and()
           .formLogin()
               .loginPage("/login.jsp")
               .loginProcessingUrl("/login.do")
               .failureUrl("/login.jsp?authentication_error=true")
               .usernameParameter("j_username")
               .passwordParameter("j_password")
               .permitAll();
    // @formatter:on
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    configureHeaders(http.headers());
    http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())
            .and().requestMatchers().antMatchers("/admin/**", "/signout").and()
            .addFilterAfter(new OncePerRequestFilter() {

                // TODO this filter needs to be removed once basic auth is removed
                @Override
                protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
                                                FilterChain filterChain) throws ServletException, IOException {
                    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
                    if (authentication == null || !authentication.isAuthenticated()
                            || !(authentication.getPrincipal() instanceof Long)) {
                        throw new BadCredentialsException("Not a github user!");
                    }
                    filterChain.doFilter(request, response);
                }
            }, ExceptionTranslationFilter.class);
    http.logout().logoutRequestMatcher(new AntPathRequestMatcher("/signout"))
            .logoutSuccessUrl("/").and().authorizeRequests().anyRequest()
            .authenticated();
    if (isForceHttps()) {
        http.requiresChannel().anyRequest().requiresSecure();
    }
}

@Bean
public ExceptionTranslationFilter exceptionTranslationFilter(){
    LoginUrlAuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint("/index.xhtml");
    entryPoint.setForceHttps(false);
    AccessDeniedHandlerImpl handler = new AccessDeniedHandlerImpl();
    handler.setErrorPage("/index.xhtml");
    ExceptionTranslationFilter bean = new ExceptionTranslationFilter(entryPoint);
    bean.setAccessDeniedHandler(handler);
    return bean;
}

/**
 * Attempts to find the place in the filter chain to insert the spring security oauth filters. Currently,
 * these filters are inserted after the ExceptionTranslationFilter.
 *
 * @param filterChain The filter chain configuration.
 * @return The insert index.
 */
private int insertIndex(List<BeanMetadataElement> filterChain) {
  int i;
  for (i = 0; i < filterChain.size(); i++) {
    BeanMetadataElement filter = filterChain.get(i);
    if (filter instanceof BeanDefinition) {
      String beanName = ((BeanDefinition) filter).getBeanClassName();
      if (beanName.equals(ExceptionTranslationFilter.class.getName())) {
         return i + 1;
      }
    }
  }
  return filterChain.size();
}

private static HttpSecurity ssoHttpConfiguration(HttpSecurity http, OAuth2ClientContextFilter client) throws Exception {
    // @formatter:off
    http
        .addFilterAfter(client, ExceptionTranslationFilter.class)
        .anonymous()
            .disable()
        .logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl("/");
    // @formatter:on

    return http;
}

/**
 * Gets the exception translation filter.
 *
 * @return the exception translation filter
 */
@Bean(name = "etf")
public ExceptionTranslationFilter getExceptionTranslationFilter() {
  return new ExceptionTranslationFilter(getHttp403ForbiddenEntryPoint());
}