• Home
• org.onetwo4j
• onetwo-boot
• 4.3.6
• source code
• CsrfAnnotationMethodMatcher.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.onetwo.boot.module.security.CsrfAnnotationMethodMatcher Maven / Gradle / Ivy

package org.onetwo.boot.module.security;

import javax.servlet.http.HttpServletRequest;

import org.onetwo.boot.core.web.utils.BootWebUtils;
import org.onetwo.common.web.preventor.DefaultPreventRequestInfoManager;
import org.onetwo.common.web.preventor.PreventRequestInfoManager;
import org.onetwo.ext.security.utils.SecurityUtils;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.method.HandlerMethod;

public class CsrfAnnotationMethodMatcher implements RequestMatcher {
	private PreventRequestInfoManager csrfAnnotationManager = new DefaultPreventRequestInfoManager();
	private RequestMatcher excludeRequestMatcher;
    

    public CsrfAnnotationMethodMatcher() {
    }

    public boolean matches(HttpServletRequest request) {
    	if(isExclude(request)){
    		return false;
    	}
    	HandlerMethod handler = BootWebUtils.webHelper().getControllerHandler();
    	return csrfAnnotationManager.getRequestPreventInfo(handler.getMethod(), request).isCsrfValidate();
    }
    
    protected boolean isExclude(HttpServletRequest request){
    	if(excludeRequestMatcher==null)
    		return false;
    	return excludeRequestMatcher.matches(request);
    }

	final public void setExcludeUrls(String... excludeUrls) {
		this.excludeRequestMatcher = SecurityUtils.checkCsrfIfRequestNotMatch(excludeUrls);
	}
    
}