HttpServletRequest request = ((HttpServletRequest)req);
String sessionid=request.getSession().getId();
String ticketid = getTicketValue(request);
if( isCheckTicket(request) ){
AuthorizedTicket ticket = authorizedTicketManager.get(
ticketid,perms[0],request.getRequestURI(), sessionid);
if( ticket == null ){
log.debug("无法查询到有效授权令牌,[url="+request.getRequestURI()
+"ticket="+ticketid+",sessionid="+sessionid+"]。");
return false;
}
if( !ticket.isEffective() ){
log.info("授权令牌[Scope={}][ticket="+getTicketValue(request)
+"]已失效!",ticket.getScope().name());
return false;
}
if( ticket.isOnceScope() ){
if( authorizedTicketManager.invalidTicketAfterAuth(
ticketid,sessionid,Calendar.getInstance()) )
log.info("授权令牌[Scope=ONCE][ticket="+ticketid+"]使用后标记为失效!");
}else{
if( authorizedTicketManager.incAuthCount(ticketid,sessionid) )
log.info("授权令牌[Scope={}][ticket="+ticketid
+"]使用后认证次数+1!",ticket.getScope().name());
}
return true;
}