@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
ServletRequest request = servletRequestContext.getServletRequest();
if (request.getDispatcherType() == DispatcherType.REQUEST) {
List<SingleConstraintMatch> constraints = servletRequestContext.getRequiredConstrains();
SecurityContext sc = exchange.getSecurityContext();
if (!authorizationManager.canAccessResource(constraints, sc.getAuthenticatedAccount(), servletRequestContext.getCurrentServlet().getManagedServlet().getServletInfo(), servletRequestContext.getOriginalRequest(), servletRequestContext.getDeployment())) {
HttpServletResponse response = (HttpServletResponse) servletRequestContext.getServletResponse();
response.sendError(StatusCodes.FORBIDDEN);
return;
}
}
next.handleRequest(exchange);
}
ServletSecurityRoleHandler.java 文件源码
java
阅读 25
收藏 0
点赞 0
评论 0
项目:lams
作者:
评论列表
文章目录
