HttpServletRequestWrapperFilter其实作用很简单,就是在HttpServletRequest对象再包装一次,让其支持getUserPrincipal,getRemoteUser方法来取得登录的用户信息。
实现起来比较简单,这个里面使用到一个类CasHttpServletRequestWrapper,其继承HttpServletRequestWrapper,通过给定Assertion对象中取得AttributePrincipal对象来组装CasHttpServletRequestWrapper,
public final class HttpServletRequestWrapperFilter extends AbstractConfigurationFilter { /** Name of the attribute used to answer role membership queries */ private String roleAttribute; /** Whether or not to ignore case in role membership queries */ private boolean ignoreCase; public void destroy() { // nothing to do } /** * Wraps the HttpServletRequest in a wrapper class that delegates * <code>request.getRemoteUser</code> to the underlying Assertion object * stored in the user session. */ public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
//从Session或者request中取得AttributePrincipal,其实Assertion的一个principal属性 final AttributePrincipal principal = retrievePrincipalFromSessionOrRequest(servletRequest); //对request进行包装,并处理后面的过滤器,使其后面的过滤器或者servlet能够在request.getRemoteUser()或者request.getUserPrincipal()取得用户信息 filterChain.doFilter(new CasHttpServletRequestWrapper((HttpServletRequest) servletRequest, principal), servletResponse);
} protected AttributePrincipal retrievePrincipalFromSessionOrRequest(final ServletRequest servletRequest) { final HttpServletRequest request = (HttpServletRequest) servletRequest; final HttpSession session = request.getSession(false); final Assertion assertion = (Assertion) (session == null ? request.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION) : session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION)); return assertion == null ? null : assertion.getPrincipal(); } public void init(final FilterConfig filterConfig) throws ServletException { this.roleAttribute = getPropertyFromInitParams(filterConfig, "roleAttribute", null); this.ignoreCase = Boolean.parseBoolean(getPropertyFromInitParams(filterConfig, "ignoreCase", "false")); } final class CasHttpServletRequestWrapper extends HttpServletRequestWrapper { private final AttributePrincipal principal; CasHttpServletRequestWrapper(final HttpServletRequest request, final AttributePrincipal principal) { super(request); this.principal = principal; } public Principal getUserPrincipal() { return this.principal; } public String getRemoteUser() { return principal != null ? this.principal.getName() : null; } public boolean isUserInRole(final String role) { if (CommonUtils.isBlank(role)) { return false; } if (this.principal == null) { return false; } if (CommonUtils.isBlank(roleAttribute)) { return false; } final Object value = this.principal.getAttributes().get(roleAttribute); if (value instanceof Collection<?>) { for (final Object o : (Collection<?>) value) { if (rolesEqual(role, o)) { return true; } } } final boolean isMember = rolesEqual(role, value); return isMember; } /** * Determines whether the given role is equal to the candidate * role attribute taking into account case sensitivity. * * @param given Role under consideration. * @param candidate Role that the current user possesses. * * @return True if roles are equal, false otherwise. */ private boolean rolesEqual(final String given, final Object candidate) { return ignoreCase ? given.equalsIgnoreCase(candidate.toString()) : given.equals(candidate); } }}