From 57172cdf55846c3fc93175aa782303b436ea7ecf Mon Sep 17 00:00:00 2001 From: johnniang Date: Tue, 30 Apr 2019 11:38:36 +0800 Subject: [PATCH] Remove security context after every api request --- .../halo/app/config/HaloConfiguration.java | 10 +++++++ .../java/run/halo/app/filter/GuardFilter.java | 27 +++++++++++++++++++ .../app/service/impl/AdminServiceImpl.java | 10 +++---- 3 files changed, 42 insertions(+), 5 deletions(-) create mode 100644 src/main/java/run/halo/app/filter/GuardFilter.java diff --git a/src/main/java/run/halo/app/config/HaloConfiguration.java b/src/main/java/run/halo/app/config/HaloConfiguration.java index 471a6670..da9d4d22 100644 --- a/src/main/java/run/halo/app/config/HaloConfiguration.java +++ b/src/main/java/run/halo/app/config/HaloConfiguration.java @@ -16,6 +16,7 @@ import run.halo.app.cache.InMemoryCacheStore; import run.halo.app.cache.StringCacheStore; import run.halo.app.config.properties.HaloProperties; import run.halo.app.filter.CorsFilter; +import run.halo.app.filter.GuardFilter; import run.halo.app.filter.LogFilter; import run.halo.app.security.filter.AdminAuthenticationFilter; import run.halo.app.security.filter.ApiAuthenticationFilter; @@ -75,6 +76,15 @@ public class HaloConfiguration { return corsFilter; } + @Bean + public FilterRegistrationBean guardFilter() { + FilterRegistrationBean guardFilter = new FilterRegistrationBean<>(); + guardFilter.setOrder(Ordered.HIGHEST_PRECEDENCE); + guardFilter.setFilter(new GuardFilter()); + guardFilter.addUrlPatterns("/api/*"); + return guardFilter; + } + /** * Creates a LogFilter. * diff --git a/src/main/java/run/halo/app/filter/GuardFilter.java b/src/main/java/run/halo/app/filter/GuardFilter.java new file mode 100644 index 00000000..02cc4b79 --- /dev/null +++ b/src/main/java/run/halo/app/filter/GuardFilter.java @@ -0,0 +1,27 @@ +package run.halo.app.filter; + +import org.springframework.web.filter.GenericFilterBean; +import run.halo.app.security.context.SecurityContextHolder; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import java.io.IOException; + +/** + * @author johnniang + * @date 19-4-30 + */ +public class GuardFilter extends GenericFilterBean { + + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { + + // Do filter + chain.doFilter(request, response); + + // Clear security context + SecurityContextHolder.clearContext(); + } +} diff --git a/src/main/java/run/halo/app/service/impl/AdminServiceImpl.java b/src/main/java/run/halo/app/service/impl/AdminServiceImpl.java index d005570a..86e9a79c 100644 --- a/src/main/java/run/halo/app/service/impl/AdminServiceImpl.java +++ b/src/main/java/run/halo/app/service/impl/AdminServiceImpl.java @@ -77,11 +77,6 @@ public class AdminServiceImpl implements AdminService { public AuthToken authenticate(LoginParam loginParam) { Assert.notNull(loginParam, "Login param must not be null"); - if (SecurityContextHolder.getContext().isAuthenticated()) { - // If the user has been logged in - throw new BadRequestException("You have been logged in, do not log in repeatedly please"); - } - String username = loginParam.getUsername(); User user = Validator.isEmail(username) ? userService.getByEmailOfNonNull(username) : userService.getByUsernameOfNonNull(username); @@ -93,6 +88,11 @@ public class AdminServiceImpl implements AdminService { throw new BadRequestException("Username or password is incorrect"); } + if (SecurityContextHolder.getContext().isAuthenticated()) { + // If the user has been logged in + throw new BadRequestException("You have been logged in, do not log in repeatedly please"); + } + // Generate new token return buildAuthToken(user); } -- GitLab