Java 类org.springframework.security.web.util.matcher.MediaTypeRequestMatcher 实例源码

@Override
  public void commence(HttpServletRequest request, HttpServletResponse response,
      AuthenticationException authException) throws IOException, ServletException {

//    if (LOG.isDebugEnabled()) {
//      LOG.debug("Redirigiendo a pantalla de login: " + LOGIN_FORM_URL);
//    }

    ContentNegotiationStrategy negotiationStrategy = new HeaderContentNegotiationStrategy();
    MediaTypeRequestMatcher matcher =
        new MediaTypeRequestMatcher(negotiationStrategy, MediaType.TEXT_HTML);
    matcher.setUseEquals(false);

    if (matcher.matches(request)) {
      DefaultRedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
      redirectStrategy.setContextRelative(false);
      redirectStrategy.sendRedirect(request, response, LOGIN_FORM_URL);
    } else {
      response.sendError(HttpServletResponse.SC_FORBIDDEN);
    }
  }

@Override
public void handle(HttpServletRequest request, HttpServletResponse response,
    AccessDeniedException accessDeniedException) throws IOException, ServletException {

  ContentNegotiationStrategy negotiationStrategy = new HeaderContentNegotiationStrategy();
  MediaTypeRequestMatcher matcher =
      new MediaTypeRequestMatcher(negotiationStrategy, MediaType.TEXT_HTML);
  matcher.setUseEquals(false);

  if (matcher.matches(request)) {
    DefaultRedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
    redirectStrategy.setContextRelative(false);
    redirectStrategy.sendRedirect(request, response, "/errores/403");
  } else {
    response.sendError(HttpServletResponse.SC_FORBIDDEN);

  }

}

@Override
protected void configure(HttpSecurity http) throws Exception {
    final RequestMatcher textHtmlMatcher = new MediaTypeRequestMatcher(
            contentNegotiationStrategy,
            MediaType.TEXT_HTML);

    final String loginPage = dashboard("/#/login");

    final BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
    basicAuthenticationEntryPoint.setRealmName(securityProperties.getBasic().getRealm());
    basicAuthenticationEntryPoint.afterPropertiesSet();

    http
        .csrf()
        .disable()
        .authorizeRequests()
        .antMatchers("/")
        .authenticated()
        .antMatchers(
                dashboard("/**"),
                "/authenticate",
                "/security/info",
                "/features",
                "/assets/**").permitAll()
    .and()
        .formLogin().loginPage(loginPage)
        .loginProcessingUrl(dashboard("/login"))
        .defaultSuccessUrl(dashboard("/")).permitAll()
    .and()
        .logout().logoutUrl(dashboard("/logout"))
            .logoutSuccessUrl(dashboard("/logout-success.html"))
        .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()).permitAll()
    .and().httpBasic()
        .and().exceptionHandling()
        .defaultAuthenticationEntryPointFor(
                new LoginUrlAuthenticationEntryPoint(loginPage),
                textHtmlMatcher)
        .defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint,
                AnyRequestMatcher.INSTANCE)
    .and()
        .authorizeRequests()
        .anyRequest().authenticated();

    final SessionRepositoryFilter<ExpiringSession> sessionRepositoryFilter = new SessionRepositoryFilter<ExpiringSession>(
            sessionRepository());
    sessionRepositoryFilter
            .setHttpSessionStrategy(new HeaderHttpSessionStrategy());

    http.addFilterBefore(sessionRepositoryFilter,
            ChannelProcessingFilter.class).csrf().disable();
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
}