@Override public void setLoginUrl(String loginUrl) { String previous = getLoginUrl(); if (previous != null) { this.appliedPaths.remove(previous); } super.setLoginUrl(loginUrl); if (log.isTraceEnabled()) { log.trace("Adding login url to applied paths."); } this.appliedPaths.put(getLoginUrl(), null); }
/** * Determines whether the current subject should be allowed to make the current request. * <p/> * The default implementation returns <code>true</code> if the user is authenticated. Will also return * <code>true</code> if the {@link #isLoginRequest} returns false and the "permissive" flag is set. * * @return <code>true</code> if request should be allowed access */ @Override protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) { return super.isAccessAllowed(request, response, mappedValue) || (!isLoginRequest(request, response) && isPermissive(mappedValue)); }
protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception { AuthenticationToken token = createToken(request, response); if (token == null) { String msg = "createToken method implementation returned null. A valid non-null AuthenticationToken " + "must be created in order to execute a login attempt."; throw new IllegalStateException(msg); } try { Subject subject = getSubject(request, response); subject.login(token); return onLoginSuccess(token, subject, request, response); } catch (AuthenticationException e) { return onLoginFailure(token, e, request, response); } }
protected AuthenticationToken createToken(String username, String password, ServletRequest request, ServletResponse response) { boolean rememberMe = isRememberMe(request); String host = getHost(request); return createToken(username, password, rememberMe, host); }
@Override protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception { HttpServletResponse httpResponse = (HttpServletResponse) response; HttpServletRequest httpServletRequest = (HttpServletRequest) request; httpResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*"); httpResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS,TRACE"); httpResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, httpServletRequest.getHeader("Access-Control-Request-Headers")); httpResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); if (RequestMethod.OPTIONS.name().equals(WebUtils.toHttp(request).getMethod())) { httpResponse.setStatus(HttpStatus.OK.value()); return false; } return super.preHandle(request, response); } }
@Override protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception { successAuths.mark(); return super.onLoginSuccess(token, subject, request, response); }
@Override protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) { log.warn("onLoginFailure ['{}'] -> login failed ({}): {}", token, request.getRemoteAddr(), e.getMessage()); failedAuths.mark(); return super.onLoginFailure(token, e, request, response); }
@Override protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) { if(this.isLoginRequest(request, response)) return true; Boolean afterFiltered = (Boolean)(request.getAttribute("jwtShiroFilter.FILTERED")); if( BooleanUtils.isTrue(afterFiltered)) return true; boolean allowed = false; try { allowed = executeLogin(request, response); } catch(IllegalStateException e){ //not found any token log.error("Not found any token"); }catch (Exception e) { log.error("Error occurs when login", e); } return allowed || super.isPermissive(mappedValue); }
@Override public void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain filterChain) throws ServletException, IOException { HttpServletRequest req = WebUtils.toHttp(request); super.doFilterInternal(new CachingRequestWrapper(req), response, filterChain); }
@Override protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception { HttpServletRequest httpServletRequest = WebUtils.toHttp(request); if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) //对于OPTION请求做拦截,不做token校验 return false; return super.preHandle(request, response); }
@Override public void setLoginUrl(String loginUrl) { String previous = getLoginUrl(); if (previous != null) { this.appliedPaths.remove(previous); } super.setLoginUrl(loginUrl); this.appliedPaths.put(getLoginUrl(), null); }
protected void configure() { this.objects.clear(); WebSecurityManager securityManager = createWebSecurityManager(); setWebSecurityManager(securityManager); String loginUrl = conf.get(ShiroEnvStarter.PROP_URL_LOGIN, "/user/login"); String unauthorizedUrl = conf.get(ShiroEnvStarter.PROP_URL_UNAUTH, "/user/login"); String logoutUrl = conf.get(ShiroEnvStarter.PROP_URL_LOGOUT_REDIRECT, "/"); for (Map.Entry<String, Filter> en : DefaultFilter.createInstanceMap(null).entrySet()) { Filter filter = en.getValue(); if (filter instanceof LogoutFilter) { ((LogoutFilter)filter).setRedirectUrl(logoutUrl); } else if (filter instanceof AuthenticatingFilter) { ((AuthenticatingFilter)filter).setLoginUrl(loginUrl); } else if (filter instanceof AccessControlFilter) { ((AccessControlFilter)filter).setLoginUrl(unauthorizedUrl); } objects.put(en.getKey(), en.getValue()); } for (String objectName : Strings.splitIgnoreBlank(conf.get("shiro.objects", ""))) { objects.put(objectName, ioc.get(null, objectName)); } FilterChainResolver resolver = createFilterChainResolver(); if (resolver != null) { setFilterChainResolver(resolver); } NutShiro.DefaultLoginURL = loginUrl; NutShiro.DefaultNoAuthURL = unauthorizedUrl; }