CAS-Client客户端研究(四)-HttpServletRequestWrapperFilter
2011-07-13 12:36
585 查看
最近研究CAS,先从客户开始来说明CAS的逻辑,可能会结合源代码。
必要说明:/article/8634081.html
HttpServletRequestWrapperFilter其实作用很简单,就是在HttpServletRequest对象再包装一次,让其支持getUserPrincipal,getRemoteUser方法来取得登录的用户信息。
实现起来比较简单,这个里面使用到一个类CasHttpServletRequestWrapper,其继承HttpServletRequestWrapper,通过给定Assertion对象中取得AttributePrincipal对象来组装CasHttpServletRequestWrapper,看看源代码
我们再来看看CasHttpServletRequestWrapper的源代码
必要说明:/article/8634081.html
HttpServletRequestWrapperFilter其实作用很简单,就是在HttpServletRequest对象再包装一次,让其支持getUserPrincipal,getRemoteUser方法来取得登录的用户信息。
实现起来比较简单,这个里面使用到一个类CasHttpServletRequestWrapper,其继承HttpServletRequestWrapper,通过给定Assertion对象中取得AttributePrincipal对象来组装CasHttpServletRequestWrapper,看看源代码
public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException { //从Session或者request中取得AttributePrincipal,其实Assertion的一个principal属性 final AttributePrincipal principal = retrievePrincipalFromSessionOrRequest(servletRequest); //对request进行包装,并处理后面的过滤器,使其后面的过滤器或者servlet能够在request.getRemoteUser()或者request.getUserPrincipal()取得用户信息 filterChain.doFilter(new CasHttpServletRequestWrapper((HttpServletRequest) servletRequest, principal), servletResponse); } protected AttributePrincipal retrievePrincipalFromSessionOrRequest(final ServletRequest servletRequest) { final HttpServletRequest request = (HttpServletRequest) servletRequest; final HttpSession session = request.getSession(false); final Assertion assertion = (Assertion) (session == null ? request.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION) : session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION)); return assertion == null ? null : assertion.getPrincipal(); }
我们再来看看CasHttpServletRequestWrapper的源代码
final class CasHttpServletRequestWrapper extends HttpServletRequestWrapper { private final AttributePrincipal principal; CasHttpServletRequestWrapper(final HttpServletRequest request, final AttributePrincipal principal) { super(request); this.principal = principal; } public Principal getUserPrincipal() { return this.principal; } public String getRemoteUser() { return principal != null ? this.principal.getName() : null; } public boolean isUserInRole(final String role) { if (CommonUtils.isBlank(role)) { log.debug("No valid role provided. Returning false."); return false; } if (this.principal == null) { log.debug("No Principal in Request. Returning false."); return false; } if (CommonUtils.isBlank(roleAttribute)) { log.debug("No Role Attribute Configured. Returning false."); return false; } final Object value = this.principal.getAttributes().get(roleAttribute); if (value instanceof Collection<?>) { for (final Object o : (Collection<?>) value) { if (rolesEqual(role, o)) { log.debug("User [" + getRemoteUser() + "] is in role [" + role + "]: " + true); return true; } } } final boolean isMember = rolesEqual(role, value); log.debug("User [" + getRemoteUser() + "] is in role [" + role + "]: " + isMember); return isMember; } /** * Determines whether the given role is equal to the candidate * role attribute taking into account case sensitivity. * * @param given Role under consideration. * @param candidate Role that the current user possesses. * * @return True if roles are equal, false otherwise. */ private boolean rolesEqual(final String given, final Object candidate) { return ignoreCase ? given.equalsIgnoreCase(candidate.toString()) : given.equals(candidate); } }
相关文章推荐
- CAS-Client客户端研究--HttpServletRequestWrapperFilter
- CAS-Client客户端研究(四)-HttpServletRequestWrapperFilter
- CAS-Client客户端研究(四)-HttpServletRequestWrapperFilter
- Struts2 Filter 和 HttpServletRequestWrapper出现的问题
- 继承HttpServletRequestWrapper以实现在Filter中修改HttpServletRequest的参数
- 利用HttpServletRequestWrapper和filter改变request的getParameter方法
- 继承HttpServletRequestWrapper以实现在Filter中修改HttpServletRequest的参数
- 继承HttpServletRequestWrapper以实现在Filter中修改HttpServletRequest的参数
- CAS-Client客户端研究(三)-AssertionThreadLocalFilter
- CAS-Client客户端研究(三)-AssertionThreadLocalFilter
- 继承HttpServletRequestWrapper以实现在Filter中修改HttpServletRequest的参数
- 使用HttpServletRequestWrapper在filter修改request参数
- HttpServletRequestWrapper,HttpServletResponseWrapper在过滤器Filter中的使用
- CAS-Client客户端研究(三)-AssertionThreadLocalFilter
- CAS-Client客户端研究--AssertionThreadLocalFilter
- Filter过滤器及HttpServletRequestWrapper使用
- HttpServletRequestWrapper
- HttpServletRequest的获取客户端真实IP
- Servlet 文件上传, HttpServletRequestWrapper
- 采用Filter的方法解决HttpServletRequest.getParameter乱码的问题