@ConditionalOnMissingBean(name = "restAuthenticationThrottle") @Bean public HandlerInterceptor restAuthenticationThrottle() { final String throttler = casProperties.getRest().getThrottler(); if (StringUtils.isNotBlank(throttler) && this.applicationContext.containsBean(throttler)) { return this.applicationContext.getBean(throttler, HandlerInterceptor.class); } return new HandlerInterceptorAdapter() { @Override public boolean preHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler) { return true; } }; }
@Override public void addInterceptors(InterceptorRegistry registry) { //接口签名认证拦截器,该签名认证比较简单,实际项目中可以使用Json Web Token或其他更好的方式替代。 if (!"dev".equals(env)) { //开发环境忽略签名认证 registry.addInterceptor(new HandlerInterceptorAdapter() { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { //验证签名 boolean pass = validateSign(request); if (pass) { return true; } else { logger.warn("签名认证失败,请求接口:{},请求IP:{},请求参数:{}", request.getRequestURI(), getIpAddress(request), JSON.toJSONString(request.getParameterMap())); Result result = new Result(); result.setCode(ResultCode.UNAUTHORIZED).setMessage("签名认证失败"); responseResult(response, result); return false; } } }); } }
@Bean public WebMvcConfigurer webMvcConfigurer(List<HandlerMethodArgumentResolver> handlerMethodArgumentResolvers) { return new WebMvcConfigurerAdapter() { @Override public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) { super.addArgumentResolvers(argumentResolvers); argumentResolvers.addAll(handlerMethodArgumentResolvers); } @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(new HandlerInterceptorAdapter() { @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { //clear thread local ThreadLocalUtils.clear(); } }); } }; }
@Test public void mappedInterceptors() throws Exception { String path = "/foo"; HandlerInterceptor interceptor = new HandlerInterceptorAdapter() {}; MappedInterceptor mappedInterceptor = new MappedInterceptor(new String[] {path}, interceptor); TestRequestMappingInfoHandlerMapping hm = new TestRequestMappingInfoHandlerMapping(); hm.registerHandler(new TestController()); hm.setInterceptors(new Object[] { mappedInterceptor }); hm.setApplicationContext(new StaticWebApplicationContext()); HandlerExecutionChain chain = hm.getHandler(new MockHttpServletRequest("GET", path)); assertNotNull(chain); assertNotNull(chain.getInterceptors()); assertSame(interceptor, chain.getInterceptors()[0]); chain = hm.getHandler(new MockHttpServletRequest("GET", "/invalid")); assertNull(chain); }
@Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints .tokenStore(tokenStore) .accessTokenConverter(accessTokenConverter()) .reuseRefreshTokens(false) .userDetailsService(userDetailsService) .authorizationCodeServices(authorizationCodeServices) .requestFactory(new CustomOAuth2RequestFactory(clientDetailsService)) .userApprovalHandler(userApprovalHandler) .authenticationManager(authenticationManager) .tokenGranter(tokenGranter(endpoints)) .addInterceptor(new HandlerInterceptorAdapter() { @Override public boolean preHandle(HttpServletRequest hsr, HttpServletResponse rs, Object o) throws Exception { rs.setHeader("Access-Control-Allow-Origin", hsr.getHeader("origin")); rs.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS"); rs.setHeader("Access-Control-Max-Age", "3600"); rs.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization"); return true; } }); }
private HandlerInterceptor getCSPInterceptor() { return new HandlerInterceptorAdapter() { @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { // http://www.html5rocks.com/en/tutorials/security/content-security-policy/ // lockdown policy response.addHeader("Content-Security-Policy", "default-src 'none'; "//block all by default + " script-src 'self' https://js.stripe.com/ https://api.stripe.com/ https://ssl.google-analytics.com/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/api2/ https://maps.googleapis.com/;"// + " style-src 'self' 'unsafe-inline';" // unsafe-inline for style is acceptable... + " img-src 'self' https: data:;"// + " child-src 'self';"//webworker + " frame-src 'self' https://js.stripe.com https://www.google.com;" + " font-src 'self';"// + " media-src blob: 'self';"//for loading camera api + " connect-src 'self' https://api.stripe.com https://maps.googleapis.com/ https://geocoder.cit.api.here.com;" //<- currently stripe.js use jsonp but if they switch to xmlhttprequest+cors we will be ready + (environment.acceptsProfiles(Initializer.PROFILE_DEBUG_CSP) ? " report-uri /report-csp-violation" : "")); } }; }
@Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(new HandlerInterceptorAdapter() { @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { if (handler instanceof HandlerMethod) { HandlerMethod handlerMethod = (HandlerMethod) handler; Navigation navSection = handlerMethod.getBean().getClass().getAnnotation(Navigation.class); if (navSection != null && modelAndView != null) { modelAndView.addObject("navSection", navSection.value().toString().toLowerCase()); } } } }); }
public OidcHandlerInterceptorAdapter(final HandlerInterceptorAdapter requiresAuthenticationAccessTokenInterceptor, final HandlerInterceptorAdapter requiresAuthenticationAuthorizeInterceptor, final HandlerInterceptorAdapter requiresAuthenticationDynamicRegistrationInterceptor, final OidcConstants.DynamicClientRegistrationMode dynamicClientRegistrationMode) { super(requiresAuthenticationAccessTokenInterceptor, requiresAuthenticationAuthorizeInterceptor); this.requiresAuthenticationDynamicRegistrationInterceptor = requiresAuthenticationDynamicRegistrationInterceptor; this.dynamicClientRegistrationMode = dynamicClientRegistrationMode; }
@Bean public HandlerInterceptorAdapter requiresAuthenticationDynamicRegistrationInterceptor() { final String clients = Stream.of( Authenticators.CAS_OAUTH_CLIENT_BASIC_AUTHN, Authenticators.CAS_OAUTH_CLIENT_DIRECT_FORM, Authenticators.CAS_OAUTH_CLIENT_USER_FORM).collect(Collectors.joining(",")); return new SecurityInterceptor(oauthSecConfig, clients); }
@Bean public HandlerInterceptorAdapter oauthInterceptor() { final OidcProperties oidc = casProperties.getAuthn().getOidc(); final OidcConstants.DynamicClientRegistrationMode mode = OidcConstants.DynamicClientRegistrationMode.valueOf(StringUtils.defaultIfBlank( oidc.getDynamicClientRegistrationMode(), OidcConstants.DynamicClientRegistrationMode.PROTECTED.name())); return new OidcHandlerInterceptorAdapter(requiresAuthenticationAccessTokenInterceptor, requiresAuthenticationAuthorizeInterceptor(), requiresAuthenticationDynamicRegistrationInterceptor(), mode); }
@Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(new HandlerInterceptorAdapter() { @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { HelloWorldController.this.setStatus(response.getStatus()); HelloWorldController.this.latch.countDown(); } }); }
@Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor( new HandlerInterceptorAdapter() { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { accessTokenContextRelay.copyToken(); return true; } } ); }
@Bean public HandlerInterceptorAdapter getDefaultTemplateObjectsFiller() { return new HandlerInterceptorAdapter() { @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { Optional.ofNullable(modelAndView) .filter(mv -> !StringUtils.startsWith(mv.getViewName(), "redirect:")) .ifPresent(mv -> { mv.addObject("request", request); final ModelMap modelMap = mv.getModelMap(); boolean demoModeEnabled = environment.acceptsProfiles(Initializer.PROFILE_DEMO); modelMap.put("demoModeEnabled", demoModeEnabled); Optional.ofNullable(request.getAttribute("ALFIO_EVENT_NAME")).map(Object::toString).ifPresent(eventName -> { List<?> availableLanguages = i18nManager.getEventLanguages(eventName); modelMap.put("showAvailableLanguagesInPageTop", availableLanguages.size() > 1); modelMap.put("availableLanguages", availableLanguages); }); modelMap.putIfAbsent("event", null); modelMap.putIfAbsent("pageTitle", "empty"); Event event = modelMap.get("event") == null ? null : modelMap.get("event") instanceof Event ? (Event) modelMap.get("event") : ((EventDescriptor) modelMap.get("event")).getEvent(); ConfigurationPathKey googleAnalyticsKey = Optional.ofNullable(event) .map(e -> alfio.model.system.Configuration.from(e.getOrganizationId(), e.getId(), GOOGLE_ANALYTICS_KEY)) .orElseGet(() -> alfio.model.system.Configuration.getSystemConfiguration(GOOGLE_ANALYTICS_KEY)); modelMap.putIfAbsent("analyticsEnabled", StringUtils.isNotBlank(configurationManager.getStringConfigValue(googleAnalyticsKey, ""))); if(demoModeEnabled) { modelMap.putIfAbsent("paypalTestUsername", configurationManager.getStringConfigValue(alfio.model.system.Configuration.getSystemConfiguration(PAYPAL_DEMO_MODE_USERNAME), "<missing>")); modelMap.putIfAbsent("paypalTestPassword", configurationManager.getStringConfigValue(alfio.model.system.Configuration.getSystemConfiguration(PAYPAL_DEMO_MODE_PASSWORD), "<missing>")); } }); } }; }
@Bean public HandlerInterceptor getCsrfInterceptor() { return new HandlerInterceptorAdapter() { @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { Optional.ofNullable(modelAndView).ifPresent(mv -> mv.addObject(WebSecurityConfig.CSRF_PARAM_NAME, request.getAttribute(CsrfToken.class.getName()))); } }; }
@Override public void addInterceptors(InterceptorRegistry registry) { super.addInterceptors(registry); HandlerInterceptor addShoppingCartInRequestHandlerInterceptor = new HandlerInterceptorAdapter() { @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { ShoppingCart shoppingCart = shoppingCartRepository.getCurrentShoppingCart(request); request.setAttribute("shoppingCart", shoppingCart); } }; registry.addInterceptor(addShoppingCartInRequestHandlerInterceptor); }
@Bean public HandlerInterceptorAdapter casManagementSecurityInterceptor() { return new CasManagementSecurityInterceptor(config()); }
@Bean public HandlerInterceptorAdapter statusInterceptor() { return new CasAdminStatusInterceptor(); }
@Bean public HandlerInterceptorAdapter requiresAuthenticationAuthorizeInterceptor() { final String name = oauthSecConfig.getClients().findClient(CasClient.class).getName(); return new OidcSecurityInterceptor(oauthSecConfig, name, oidcAuthorizationRequestSupport()); }
public OAuth20HandlerInterceptorAdapter(final HandlerInterceptorAdapter requiresAuthenticationAccessTokenInterceptor, final HandlerInterceptorAdapter requiresAuthenticationAuthorizeInterceptor) { this.requiresAuthenticationAccessTokenInterceptor = requiresAuthenticationAccessTokenInterceptor; this.requiresAuthenticationAuthorizeInterceptor = requiresAuthenticationAuthorizeInterceptor; }
@ConditionalOnMissingBean(name = "oauthInterceptor") @Bean @RefreshScope public HandlerInterceptorAdapter oauthInterceptor() { return new OAuth20HandlerInterceptorAdapter(requiresAuthenticationAccessTokenInterceptor(), requiresAuthenticationAuthorizeInterceptor()); }
@Bean public HandlerInterceptor getEventLocaleSetterInterceptor() { return new HandlerInterceptorAdapter() { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { if(handler instanceof HandlerMethod) { HandlerMethod handlerMethod = ((HandlerMethod) handler); RequestMapping reqMapping = handlerMethod.getMethodAnnotation(RequestMapping.class); //check if the request mapping value has the form "/event/{something}" Pattern eventPattern = Pattern.compile("^/event/\\{(\\w+)}/{0,1}.*"); if (reqMapping != null && reqMapping.value().length == 1 && eventPattern.matcher(reqMapping.value()[0]).matches()) { Matcher m = eventPattern.matcher(reqMapping.value()[0]); m.matches(); String pathVariableName = m.group(1); //extract the parameter name Arrays.stream(handlerMethod.getMethodParameters()) .map(methodParameter -> methodParameter.getParameterAnnotation(PathVariable.class)) .filter(Objects::nonNull) .map(PathVariable::value) .filter(pathVariableName::equals) .findFirst().ifPresent((val) -> { //fetch the parameter value @SuppressWarnings("unchecked") String eventName = Optional.ofNullable(((Map<String, Object>)request.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE)).get(val)).orElse("").toString(); LocaleResolver resolver = RequestContextUtils.getLocaleResolver(request); Locale locale = resolver.resolveLocale(request); List<ContentLanguage> cl = i18nManager.getEventLanguages(eventName); request.setAttribute("ALFIO_EVENT_NAME", eventName); if(cl.stream().noneMatch(contentLanguage -> contentLanguage.getLanguage().equals(Optional.ofNullable(locale).orElse(Locale.ENGLISH).getLanguage()))) { //override the user locale if it's not in the one permitted by the event resolver.setLocale(request, response, cl.stream().findFirst().map(ContentLanguage::getLocale).orElse(Locale.ENGLISH)); } else { resolver.setLocale(request, response, locale); } }); } } return true; } }; }