SpringSecurity,shiro 技术的是支持对应的安全架构分析模式:如下:
源码如下:
public abstract class ApplicationContextServerWebExchangeMatcher<C> implements ServerWebExchangeMatcher {
private final Class<? extends C> contextClass;
private volatile Supplier<C> context;
private final Object contextLock = new Object();
public ApplicationContextServerWebExchangeMatcher(Class<? extends C> contextClass) {
Assert.notNull(contextClass, "Context class must not be null");
this.contextClass = contextClass;
}
@Override
public final Mono<MatchResult> matches(ServerWebExchange exchange) {
if (ignoreApplicationContext(exchange.getApplicationContext())) {
return MatchResult.notMatch();
}
return matches(exchange, getContext(exchange));
}
/**
* Decides whether the rule implemented by the strategy matches the supplied exchange.
* @param exchange the source exchange
* @param context a supplier for the initialized context (may throw an exception)
* @return if the exchange matches
*/
protected abstract Mono<MatchResult> matches(ServerWebExchange exchange, Supplier<C> context);
/**
* Returns if the {@link ApplicationContext} should be ignored and not used for
* matching. If this method returns {@code true} then the context will not be used and
* the {@link #matches(ServerWebExchange) matches} method will return {@code false}.
* @param applicationContext the candidate application context
* @return if the application context should be ignored
* @since 2.2.5
*/
protected boolean ignoreApplicationContext(ApplicationContext applicationContext) {
return false;
}
protected Supplier<C> getContext(ServerWebExchange exchange) {
if (this.context == null) {
synchronized (this.contextLock) {
if (this.context == null) {
Supplier<C> createdContext = createContext(exchange);
initialized(createdContext);
this.context = createdContext;
}
}
}
return this.context;
}
/**
* Called once the context has been initialized.
* @param context a supplier for the initialized context (may throw an exception)
*/
protected void initialized(Supplier<C> context) {
}
@SuppressWarnings("unchecked")
private Supplier<C> createContext(ServerWebExchange exchange) {
ApplicationContext context = exchange.getApplicationContext();
Assert.state(context != null, "No ApplicationContext found on ServerWebExchange.");
if (this.contextClass.isInstance(context)) {
return () -> (C) context;
}
return () -> context.getBean(this.contextClass);
}
}
这里实现了2个工具类:
public abstract class ApplicationContextRequestMatcher<C> implements RequestMatcher {
private final Class<? extends C> contextClass;
private volatile boolean initialized;
private final Object initializeLock = new Object();
public ApplicationContextRequestMatcher(Class<? extends C> contextClass) {
Assert.notNull(contextClass, "Context class must not be null");
this.contextClass = contextClass;
}
@Override
public final boolean matches(HttpServletRequest request) {
WebApplicationContext webApplicationContext = WebApplicationContextUtils
.getRequiredWebApplicationContext(request.getServletContext());
if (ignoreApplicationContext(webApplicationContext)) {
return false;
}
Supplier<C> context = () -> getContext(webApplicationContext);
if (!this.initialized) {
synchronized (this.initializeLock) {
if (!this.initialized) {
initialized(context);
this.initialized = true;
}
}
}
return matches(request, context);
}
@SuppressWarnings("unchecked")
private C getContext(WebApplicationContext webApplicationContext) {
if (this.contextClass.isInstance(webApplicationContext)) {
return (C) webApplicationContext;
}
return webApplicationContext.getBean(this.contextClass);
}
/**
* Returns if the {@link WebApplicationContext} should be ignored and not used for
* matching. If this method returns {@code true} then the context will not be used and
* the {@link #matches(HttpServletRequest) matches} method will return {@code false}.
* @param webApplicationContext the candidate web application context
* @return if the application context should be ignored
* @since 2.1.8
*/
protected boolean ignoreApplicationContext(WebApplicationContext webApplicationContext) {
return false;
}
/**
* Method that can be implemented by subclasses that wish to initialize items the
* first time that the matcher is called. This method will be called only once and
* only if {@link #ignoreApplicationContext(WebApplicationContext)} returns
* {@code false}. Note that the supplied context will be based on the
* <strong>first</strong> request sent to the matcher.
* @param context a supplier for the initialized context (may throw an exception)
* @see #ignoreApplicationContext(WebApplicationContext)
*/
protected void initialized(Supplier<C> context) {
}
/**
* Decides whether the rule implemented by the strategy matches the supplied request.
* @param request the source request
* @param context a supplier for the initialized context (may throw an exception)
* @return if the request matches
*/
protected abstract boolean matches(HttpServletRequest request, Supplier<C> context);
}
版权声明:本文为xiamaocheng原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。