.getRequiredWebApplicationContext(session.getServletContext());
manager = (SecurityManager) wac.getBean("securityManager", SecurityManager.class);
}
// 避免login没有权限,出现死循环
if (!freeResources.contains(resource) && !manager.isPublicResource(resource)) {
OnlineActivity info = manager.getAuthenticationManager().getSessionController()
.getOnlineActivity(session.getId());
if (null == info) {
Authentication auth = null;
// remember me
// if (manager.isEnableRememberMe()) {
// auth = manager.getRememberMeService().autoLogin(httpRequest);
// }
if (null == auth) {
auth = new SsoAuthentication(httpRequest);
auth.setDetails(userDetailsSource.buildDetails(httpRequest));
}
try {
manager.authenticate(auth);
} catch (AuthenticationException e) {
// 记录访问失败的URL
session.setAttribute(PREVIOUS_URL, httpRequest.getRequestURL() + "?"
+ httpRequest.getQueryString());
redirectTo((HttpServletRequest) request, (HttpServletResponse) response,
loginFailPath);
return;
}
info = manager.getAuthenticationManager().getSessionController().getOnlineActivity(
session.getId());
} else if (info.isExpired()) {
manager.logout(session);
// 记录访问失败的URL
session.setAttribute(PREVIOUS_URL, httpRequest.getRequestURL() + "?"
+ httpRequest.getQueryString());
redirectTo((HttpServletRequest) request, (HttpServletResponse) response,
expiredPath);
return;
}
info.refreshLastRequest();
boolean pass = manager.isAuthorized(info.getUserid(), resource);
if (pass) {
logger.debug("user {} access {} success", info.getPrincipal(), resource);
} else {
logger.info("user {} cannot access [{}]", info.getPrincipal(), resource);
reportNoAuthority((HttpServletRequest) request, (HttpServletResponse) response);
return;
}
} else {
logger.debug("free or public resource {} was accessed", resource);