Blame view

src/main/java/etunicorn/SecurityInterceptor.java 3.81 KB
8f35fffd   Geoffrey PREUD'HOMME   Ajout de la sécurité
1
2
  package etunicorn;
  
474776a8   Geoffrey PREUD'HOMME   Implémentation JS...
3
  import etunicorn.controller.BaseController;
2f1f76a9   Geoffrey PREUD'HOMME   Mise sous packages
4
5
6
7
  import etunicorn.entity.Permission;
  import etunicorn.entity.Session;
  import etunicorn.repository.PermissionRepository;
  import etunicorn.service.SessionService;
8f35fffd   Geoffrey PREUD'HOMME   Ajout de la sécurité
8
  import org.springframework.beans.factory.annotation.Autowired;
474776a8   Geoffrey PREUD'HOMME   Implémentation JS...
9
  import org.springframework.http.HttpHeaders;
8f35fffd   Geoffrey PREUD'HOMME   Ajout de la sécurité
10
  import org.springframework.http.HttpStatus;
474776a8   Geoffrey PREUD'HOMME   Implémentation JS...
11
  import org.springframework.http.ResponseEntity;
8f35fffd   Geoffrey PREUD'HOMME   Ajout de la sécurité
12
13
14
15
16
17
18
  import org.springframework.transaction.annotation.Transactional;
  import org.springframework.web.method.HandlerMethod;
  import org.springframework.web.servlet.ModelAndView;
  import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
  
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
474776a8   Geoffrey PREUD'HOMME   Implémentation JS...
19
  import java.io.IOException;
8f35fffd   Geoffrey PREUD'HOMME   Ajout de la sécurité
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
  
  /**
   * etunicorn-server
   * Copyright © 2017 Le Club Info Polytech Lille
   * Tous droits réservés
   */
  public class SecurityInterceptor extends HandlerInterceptorAdapter {
      @Autowired
      SessionService sessionService;
      @Autowired
      PermissionRepository permissionRepository;
  
      public SecurityInterceptor() {
          super();
      }
  
474776a8   Geoffrey PREUD'HOMME   Implémentation JS...
36
37
38
39
40
41
42
43
44
45
      private void responseEntityToServletResponse(ResponseEntity responseEntity, HttpServletResponse response) throws IOException {
          HttpHeaders httpHeaders = responseEntity.getHeaders();
          for (String header : httpHeaders.keySet()) {
              for (String headerValue : httpHeaders.get(header)) {
                  response.setHeader(header, headerValue);
              }
          }
          response.getWriter().write(responseEntity.getBody().toString());
      }
  
8f35fffd   Geoffrey PREUD'HOMME   Ajout de la sécurité
46
47
48
49
50
51
52
53
      @Override
      @Transactional
      public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
          Session session = sessionService.getSession(request);
  
          HandlerMethod method = (HandlerMethod) handler;
          RestrictedTo annotation = method.getMethodAnnotation(RestrictedTo.class);
  
474776a8   Geoffrey PREUD'HOMME   Implémentation JS...
54
55
          if (annotation != null) {
              Permission requiredPermission = permissionRepository.findByNom(annotation.value());
474776a8   Geoffrey PREUD'HOMME   Implémentation JS...
56
57
  
              if (annotation.authentifie()) {
a0940d93   badetitou   Can Login
58
59
60
61
62
63
                  if (requiredPermission == null) {
                      response.setStatus(HttpStatus.NOT_IMPLEMENTED.value());
                      // TODO utiliser base controller
                      return false;
                  }
  
474776a8   Geoffrey PREUD'HOMME   Implémentation JS...
64
65
66
67
68
                  BaseController baseController = new BaseController();
                  baseController.setRequest(request);
                  if (session == null) {
                      ResponseEntity responseEntity = baseController.generateError(HttpStatus.UNAUTHORIZED);
                      responseEntityToServletResponse(responseEntity, response);
8f35fffd   Geoffrey PREUD'HOMME   Ajout de la sécurité
69
                      return false;
474776a8   Geoffrey PREUD'HOMME   Implémentation JS...
70
71
72
73
74
75
                  } else {
                      if (!session.hasPermission(requiredPermission)) {
                          ResponseEntity responseEntity = baseController.generateError(HttpStatus.FORBIDDEN);
                          responseEntityToServletResponse(responseEntity, response);
                          return false;
                      }
8f35fffd   Geoffrey PREUD'HOMME   Ajout de la sécurité
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
                  }
              }
          }
          return super.preHandle(request, response, handler);
      }
  
      @Override
      public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
          super.postHandle(request, response, handler, modelAndView);
      }
  
      @Override
      public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
          super.afterCompletion(request, response, handler, ex);
      }
  
      @Override
      public void afterConcurrentHandlingStarted(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
          super.afterConcurrentHandlingStarted(request, response, handler);
      }
  }