.getRequiredWebApplicationContext(session.getServletContext());
monitor = (SecurityMonitor) wac.getBean("securityMonitor", SecurityMonitor.class);
}
// 避免login没有权限,出现死循环
if (!freeResources.contains(resource) && !monitor.isPublicResource(resource)) {
OnlineActivity info = monitor.getAuthenticationManager().getSessionController()
.getOnlineActivity(session.getId());
if (null == info) {
Authentication auth = null;
// remember me
if (monitor.isEnableRememberMe()) {
auth = monitor.getRememberMeService().autoLogin(httpRequest);
}
if (null == auth) {
auth = new SsoAuthentication(httpRequest);
auth.setDetails(userDetailsSource.buildDetails(httpRequest));
}
try {
monitor.authenticate(auth);
} catch (AuthenticationException e) {
// 记录访问失败的URL
session.setAttribute(PREVIOUS_URL, httpRequest.getRequestURL() + "?"
+ httpRequest.getQueryString());
redirectTo((HttpServletRequest) request, (HttpServletResponse) response,
loginFailPath);
return;
}
} else if (info.isExpired()) {
monitor.logout(session);
// 记录访问失败的URL
session.setAttribute(PREVIOUS_URL, httpRequest.getRequestURL() + "?"
+ httpRequest.getQueryString());
redirectTo((HttpServletRequest) request, (HttpServletResponse) response,
expiredPath);
return;
} else {
info.refreshLastRequest();
boolean pass = monitor.isAuthorized(info.getUserid(), resource);
if (pass) {
logger.debug("user {} access {} success", info.getPrincipal(), resource);
} else {
logger
.info("user {} cannot access resource[{}]", info.getPrincipal(),
resource);
redirectTo((HttpServletRequest) request, (HttpServletResponse) response,
noAuthorityPath);
return;
}