@SuppressWarnings({"ThrowableInstanceNeverThrown"})
private void useAnonymousIfPossible(HttpServletRequest request, HttpServletResponse response,
FilterChain chain, SecurityContext securityContext) throws IOException, ServletException {
boolean anonAccessEnabled = context.getAuthorizationService().isAnonAccessEnabled();
if (anonAccessEnabled || authInterceptors.accept(request)) {
log.debug("Using anonymous");
Authentication authentication = getNonUiCachedAuthentication(request);
if (authentication == null) {
log.debug("Creating the Anonymous token");
final UsernamePasswordAuthenticationToken authRequest =
new UsernamePasswordAuthenticationToken(UserInfo.ANONYMOUS, "");
AuthenticationDetailsSource ads = new HttpAuthenticationDetailsSource();
//noinspection unchecked
authRequest.setDetails(ads.buildDetails(request));
// explicitly ask for the default spring authentication manager by name (we have another one which
// is only used by the basic authentication filter)
AuthenticationManager authenticationManager =
context.beanForType("authenticationManager", AuthenticationManager.class);
authentication = authenticationManager.authenticate(authRequest);
if (authentication != null && authentication.isAuthenticated() && !RequestUtils.isUiRequest(request)) {
AuthCacheKey authCacheKey = new AuthCacheKey(authFilter.getCacheKey(request),
request.getRemoteAddr());
nonUiAuthCache.put(authCacheKey, authentication);
log.debug("Added anonymous authentication {} to cache", authentication);
}
} else {
log.debug("Using cached anonymous authentication");
}
useAuthentication(request, response, chain, authentication, securityContext);
} else {
if (authFilter.acceptEntry(request)) {
log.debug("Sending request requiring authentication");
authFilter.commence(request, response,
new InsufficientAuthenticationException("Authentication is required"));
} else {
log.debug("No filter or entry just chain");
chain.doFilter(request, response);
}
}
}
AccessFilter.java 文件源码
java
阅读 41
收藏 0
点赞 0
评论 0
项目:artifactory
作者:
评论列表
文章目录
