Advanced Handler Interceptors (#672)
* Expression-Based Access Control PermitAll, hasRole, hasAnyRole etc. I modified classes regards to Security * Added test cases for Spring Security Expressions * Handler Interceptor - logging example * Test for logger interceptor * Removed conflicted part * UserInterceptor (adding user information to model) * Spring Handler Interceptor - session timers
This commit is contained in:
parent
9c1b87d3e5
commit
113afd40d4
|
@ -0,0 +1,16 @@
|
|||
package org.baeldung.spring;
|
||||
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.servlet.ServletException;
|
||||
|
||||
import org.springframework.web.WebApplicationInitializer;
|
||||
import org.springframework.web.context.request.RequestContextListener;
|
||||
|
||||
public class ListenerConfig implements WebApplicationInitializer {
|
||||
|
||||
@Override
|
||||
public void onStartup(ServletContext sc) throws ServletException {
|
||||
// Manages the lifecycle of the root application context
|
||||
sc.addListener(new RequestContextListener());
|
||||
}
|
||||
}
|
|
@ -1,6 +1,7 @@
|
|||
package org.baeldung.spring;
|
||||
|
||||
import org.baeldung.web.interceptor.LoggerInterceptor;
|
||||
import org.baeldung.web.interceptor.SessionTimerInterceptor;
|
||||
import org.baeldung.web.interceptor.UserInterceptor;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.ComponentScan;
|
||||
|
@ -15,7 +16,7 @@ import org.springframework.web.servlet.view.InternalResourceViewResolver;
|
|||
@Configuration
|
||||
@ComponentScan("org.baeldung.web")
|
||||
@EnableWebMvc
|
||||
public class WebConfig extends WebMvcConfigurerAdapter {
|
||||
public class WebConfig extends WebMvcConfigurerAdapter{
|
||||
|
||||
public WebConfig() {
|
||||
super();
|
||||
|
@ -42,5 +43,7 @@ public class WebConfig extends WebMvcConfigurerAdapter {
|
|||
public void addInterceptors(final InterceptorRegistry registry) {
|
||||
registry.addInterceptor(new LoggerInterceptor());
|
||||
registry.addInterceptor(new UserInterceptor());
|
||||
registry.addInterceptor(new SessionTimerInterceptor());
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,57 @@
|
|||
package org.baeldung.web.interceptor;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.web.servlet.ModelAndView;
|
||||
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
||||
|
||||
public class SessionTimerInterceptor extends HandlerInterceptorAdapter {
|
||||
|
||||
private static Logger log = LoggerFactory.getLogger(SessionTimerInterceptor.class);
|
||||
|
||||
private static final long MAX_INACTIVE_SESSION_TIME = 5 * 10000;
|
||||
|
||||
@Autowired
|
||||
private HttpSession session;
|
||||
|
||||
/**
|
||||
* Executed before actual handler is executed
|
||||
**/
|
||||
@Override
|
||||
public boolean preHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler)
|
||||
throws Exception {
|
||||
log.info("Pre handle method - check handling start time");
|
||||
long startTime = System.currentTimeMillis();
|
||||
request.setAttribute("executionTime", startTime);
|
||||
if (UserInterceptor.isUserLogged()) {
|
||||
session = request.getSession();
|
||||
log.info("Who is logged in: " + SecurityContextHolder.getContext().getAuthentication().getName());
|
||||
log.info("Time since last request in this session: "
|
||||
+ (System.currentTimeMillis() - request.getSession().getLastAccessedTime()) + " ms");
|
||||
if (System.currentTimeMillis() - session.getLastAccessedTime() > MAX_INACTIVE_SESSION_TIME) {
|
||||
log.warn("Logging out, due to inactive session");
|
||||
SecurityContextHolder.clearContext();
|
||||
request.logout();
|
||||
response.sendRedirect("/spring-security-rest-full/logout");
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Executed before after handler is executed
|
||||
**/
|
||||
@Override
|
||||
public void postHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler,
|
||||
final ModelAndView model) throws Exception {
|
||||
log.info("Post handle method - check execution time of handling");
|
||||
long startTime = (Long) request.getAttribute("executionTime");
|
||||
log.info("Execution time for handling the request was: " + (System.currentTimeMillis() - startTime) + " ms");
|
||||
}
|
||||
}
|
|
@ -0,0 +1,56 @@
|
|||
package org.baeldung.web.interceptor;
|
||||
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
||||
import org.baeldung.spring.PersistenceConfig;
|
||||
import org.baeldung.spring.SecurityWithoutCsrfConfig;
|
||||
import org.baeldung.spring.WebConfig;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.MockitoAnnotations;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.mock.web.MockHttpSession;
|
||||
import org.springframework.security.test.context.support.WithMockUser;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
import org.springframework.test.context.web.WebAppConfiguration;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
|
||||
@RunWith(SpringJUnit4ClassRunner.class)
|
||||
@WebAppConfiguration
|
||||
@Transactional
|
||||
@ContextConfiguration(classes = { SecurityWithoutCsrfConfig.class, PersistenceConfig.class, WebConfig.class })
|
||||
@WithMockUser(username = "admin", roles = { "USER", "ADMIN" })
|
||||
public class SessionTimerInterceptorTest {
|
||||
|
||||
@Autowired
|
||||
WebApplicationContext wac;
|
||||
|
||||
private MockMvc mockMvc;
|
||||
|
||||
@Before
|
||||
public void setup() {
|
||||
MockitoAnnotations.initMocks(this);
|
||||
mockMvc = MockMvcBuilders.webAppContextSetup(wac).build();
|
||||
}
|
||||
|
||||
/**
|
||||
* After execution of HTTP GET logs from interceptor will be displayed in
|
||||
* the console
|
||||
*/
|
||||
@Test
|
||||
public void testInterceptors() throws Exception {
|
||||
HttpSession session = mockMvc.perform(get("/auth/admin")).andExpect(status().is2xxSuccessful()).andReturn()
|
||||
.getRequest().getSession();
|
||||
Thread.sleep(51000);
|
||||
mockMvc.perform(get("/auth/admin").session((MockHttpSession) session)).andExpect(status().is2xxSuccessful());
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue