private List<SecurityFilterChain> filterChain() { List<SecurityFilterChain> filters = new ArrayList<SecurityFilterChain>(12); RequestMatcher req = new AntPathRequestMatcher("/**"); filters.add(new DefaultSecurityFilterChain(req, new SecurityContextPersistenceFilter(), logoutFilter(),cojAuthenticationProcessingFilter(),new SecurityContextHolderAwareRequestFilter(), rememberMeAuthenticationFilter(),anonymousAuthenticationFilter(),exceptionTranslationFilter(),filterInvocationInterceptor() )); return filters; }
@Override public void handleRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { Map<String, String> urlPatternDispatchMap = (Map<String, String>) getApplicationContext().getBean("blResourceUrlPatternRequestDispatchMap"); for (Map.Entry<String, String> entry : urlPatternDispatchMap.entrySet()) { RequestMatcher matcher = new AntPathRequestMatcher(entry.getKey()); if (matcher.matches(request)){ request.getRequestDispatcher(entry.getValue()).forward(request, response); return; } } super.handleRequest(request, response); }
@Override public void doFilter(ServletRequest baseRequest, ServletResponse baseResponse, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) baseRequest; HttpServletResponse response = (HttpServletResponse) baseResponse; boolean excludedRequestFound = false; if (excludedRequestPatterns != null && excludedRequestPatterns.size() > 0) { for (String pattern : excludedRequestPatterns) { RequestMatcher matcher = new AntPathRequestMatcher(pattern); if (matcher.matches(request)){ excludedRequestFound = true; break; } } } // We only validate CSRF tokens on POST if (request.getMethod().equals("POST") && !excludedRequestFound) { String requestToken = request.getParameter(exploitProtectionService.getCsrfTokenParameter()); try { exploitProtectionService.compareToken(requestToken); } catch (ServiceException e) { throw new ServletException(e); } } chain.doFilter(request, response); }
/** * By default, all POST requests that are not matched by the {@link #getExcludedOrderLockRequestPatterns()} list * (using the {@link AntPathRequestMatcher}) will be marked as requiring a lock on the Order. * * @param req * @return whether or not the current request requires a lock on the order */ protected boolean requestRequiresLock(ServletRequest req) { if (!(req instanceof HttpServletRequest)) { return false; } if (!orderLockManager.isActive()) { return false; } HttpServletRequest request = (HttpServletRequest) req; if (!request.getMethod().equalsIgnoreCase("post")) { return false; } if (excludedOrderLockRequestPatterns != null && excludedOrderLockRequestPatterns.size() > 0) { for (String pattern : excludedOrderLockRequestPatterns) { RequestMatcher matcher = new AntPathRequestMatcher(pattern); if (matcher.matches(request)){ return false; } } } return true; }
/** * Builds the request map. * <p>return LinkedHashMap< {@link RequestMatcher}, Collection< {@link ConfigAttribute}>> </p> * * @return requestMap order-preserving map of request definitions to attribute lists */ protected LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> buildRequestMap() { LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>(); Map<String, String> resourceMap = findResources(); for (Map.Entry<String, String> entry : resourceMap.entrySet()) { RequestMatcher key =new AntPathRequestMatcher(entry.getKey()); requestMap.put(key, SecurityConfig.createListFromCommaDelimitedString(entry.getValue())); } return requestMap; }
private AuthenticationEntryPoint getAppropriateEntryPoint(HttpServletRequest request) { for (String pattern : m_patterns) { RequestMatcher matcher = new AntPathRequestMatcher(pattern); if (matcher.matches(request)) { return m_matchingEntryPoint; } } return m_nonMatchingEntryPoint; }