github
/
halo
mirror of https://github.com/halo-dev/halo
1
0
Fork 0
Code Issues Releases Wiki Activity

Remove security context after every api request

pull/146/head
johnniang 2019-04-30 11:38:36 +08:00
parent 03b7c33297
commit 57172cdf55
3 changed files with 42 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/main/java/run/halo/app/config/HaloConfiguration.java
View File

@ -16,6 +16,7 @@ import run.halo.app.cache.InMemoryCacheStore;
import run.halo.app.cache.StringCacheStore; import run.halo.app.cache.StringCacheStore;
import run.halo.app.config.properties.HaloProperties; import run.halo.app.config.properties.HaloProperties;
import run.halo.app.filter.CorsFilter; import run.halo.app.filter.CorsFilter;
import run.halo.app.filter.GuardFilter;
import run.halo.app.filter.LogFilter; import run.halo.app.filter.LogFilter;
import run.halo.app.security.filter.AdminAuthenticationFilter; import run.halo.app.security.filter.AdminAuthenticationFilter;
import run.halo.app.security.filter.ApiAuthenticationFilter; import run.halo.app.security.filter.ApiAuthenticationFilter;
@ -75,6 +76,15 @@ public class HaloConfiguration {
return corsFilter; return corsFilter;
} }
@Bean
public FilterRegistrationBean<GuardFilter> guardFilter() {
FilterRegistrationBean<GuardFilter> guardFilter = new FilterRegistrationBean<>();
guardFilter.setOrder(Ordered.HIGHEST_PRECEDENCE);
guardFilter.setFilter(new GuardFilter());
guardFilter.addUrlPatterns("/api/*");
return guardFilter;
}
/** /**
* Creates a LogFilter. * Creates a LogFilter.
* *

27
src/main/java/run/halo/app/filter/GuardFilter.java Normal file
View File

@ -0,0 +1,27 @@
package run.halo.app.filter;
import org.springframework.web.filter.GenericFilterBean;
import run.halo.app.security.context.SecurityContextHolder;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.IOException;
/**
* @author johnniang
* @date 19-4-30
*/
public class GuardFilter extends GenericFilterBean {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// Do filter
chain.doFilter(request, response);
// Clear security context
SecurityContextHolder.clearContext();
}
}

10
src/main/java/run/halo/app/service/impl/AdminServiceImpl.java
View File

@ -77,11 +77,6 @@ public class AdminServiceImpl implements AdminService {
public AuthToken authenticate(LoginParam loginParam) { public AuthToken authenticate(LoginParam loginParam) {
Assert.notNull(loginParam, "Login param must not be null"); Assert.notNull(loginParam, "Login param must not be null");
if (SecurityContextHolder.getContext().isAuthenticated()) {
// If the user has been logged in
throw new BadRequestException("You have been logged in, do not log in repeatedly please");
}
String username = loginParam.getUsername(); String username = loginParam.getUsername();
User user = Validator.isEmail(username) ? User user = Validator.isEmail(username) ?
userService.getByEmailOfNonNull(username) : userService.getByUsernameOfNonNull(username); userService.getByEmailOfNonNull(username) : userService.getByUsernameOfNonNull(username);
@ -93,6 +88,11 @@ public class AdminServiceImpl implements AdminService {
throw new BadRequestException("Username or password is incorrect"); throw new BadRequestException("Username or password is incorrect");
} }
if (SecurityContextHolder.getContext().isAuthenticated()) {
// If the user has been logged in
throw new BadRequestException("You have been logged in, do not log in repeatedly please");
}
// Generate new token // Generate new token
return buildAuthToken(user); return buildAuthToken(user);
} }