mirror of https://github.com/halo-dev/halo
Remove security context after every api request
parent
03b7c33297
commit
57172cdf55
|
@ -16,6 +16,7 @@ import run.halo.app.cache.InMemoryCacheStore;
|
|||
import run.halo.app.cache.StringCacheStore;
|
||||
import run.halo.app.config.properties.HaloProperties;
|
||||
import run.halo.app.filter.CorsFilter;
|
||||
import run.halo.app.filter.GuardFilter;
|
||||
import run.halo.app.filter.LogFilter;
|
||||
import run.halo.app.security.filter.AdminAuthenticationFilter;
|
||||
import run.halo.app.security.filter.ApiAuthenticationFilter;
|
||||
|
@ -75,6 +76,15 @@ public class HaloConfiguration {
|
|||
return corsFilter;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public FilterRegistrationBean<GuardFilter> guardFilter() {
|
||||
FilterRegistrationBean<GuardFilter> guardFilter = new FilterRegistrationBean<>();
|
||||
guardFilter.setOrder(Ordered.HIGHEST_PRECEDENCE);
|
||||
guardFilter.setFilter(new GuardFilter());
|
||||
guardFilter.addUrlPatterns("/api/*");
|
||||
return guardFilter;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a LogFilter.
|
||||
*
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
package run.halo.app.filter;
|
||||
|
||||
import org.springframework.web.filter.GenericFilterBean;
|
||||
import run.halo.app.security.context.SecurityContextHolder;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import java.io.IOException;
|
||||
|
||||
/**
|
||||
* @author johnniang
|
||||
* @date 19-4-30
|
||||
*/
|
||||
public class GuardFilter extends GenericFilterBean {
|
||||
|
||||
@Override
|
||||
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
|
||||
|
||||
// Do filter
|
||||
chain.doFilter(request, response);
|
||||
|
||||
// Clear security context
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
}
|
|
@ -77,11 +77,6 @@ public class AdminServiceImpl implements AdminService {
|
|||
public AuthToken authenticate(LoginParam loginParam) {
|
||||
Assert.notNull(loginParam, "Login param must not be null");
|
||||
|
||||
if (SecurityContextHolder.getContext().isAuthenticated()) {
|
||||
// If the user has been logged in
|
||||
throw new BadRequestException("You have been logged in, do not log in repeatedly please");
|
||||
}
|
||||
|
||||
String username = loginParam.getUsername();
|
||||
User user = Validator.isEmail(username) ?
|
||||
userService.getByEmailOfNonNull(username) : userService.getByUsernameOfNonNull(username);
|
||||
|
@ -93,6 +88,11 @@ public class AdminServiceImpl implements AdminService {
|
|||
throw new BadRequestException("Username or password is incorrect");
|
||||
}
|
||||
|
||||
if (SecurityContextHolder.getContext().isAuthenticated()) {
|
||||
// If the user has been logged in
|
||||
throw new BadRequestException("You have been logged in, do not log in repeatedly please");
|
||||
}
|
||||
|
||||
// Generate new token
|
||||
return buildAuthToken(user);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue