@Override
public State preHandleRequest(Request request, Response response, ActionContext ac) throws Throwable {
if(!config.isEnabled()){
log.debug("Web security not enabled, ignore the interceptor");
return State.CONTINUE;
}
if(State.isIntercepted(csrf.handleRequest(request, response))){
return State.INTERCEPTED;
}
if(config.isCorsIgnored() && cors.isPreflightRequest(request)) {
return State.CONTINUE;
}
for(RequestIgnore ignore : config.getIgnores()) {
if(ignore.matches(request)) {
return State.CONTINUE;
}
}
DefaultSecurityContextHolder context = new DefaultSecurityContextHolder(config, perm, request, ac);
context.setSecuredPath(resolveSecuredPath(request,response,context,ac.getRoute()));
return preHandleRequest(request, response, context);
}