SecurityInterceptor.java
4.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
package etunicorn;
import etunicorn.controller.BaseController;
import etunicorn.entity.Permission;
import etunicorn.entity.Session;
import etunicorn.repository.PermissionRepository;
import etunicorn.service.SessionService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* etunicorn-server
* Copyright © 2017 Le Club Info Polytech Lille
* Tous droits réservés
*/
public class SecurityInterceptor extends HandlerInterceptorAdapter {
@Autowired
SessionService sessionService;
@Autowired
PermissionRepository permissionRepository;
public SecurityInterceptor() {
super();
}
private void responseEntityToServletResponse(ResponseEntity responseEntity, HttpServletResponse response) throws IOException {
HttpHeaders httpHeaders = responseEntity.getHeaders();
for (String header : httpHeaders.keySet()) {
for (String headerValue : httpHeaders.get(header)) {
response.setHeader(header, headerValue);
}
}
response.setStatus(responseEntity.getStatusCodeValue());
response.getWriter().write(responseEntity.getBody().toString());
}
@Override
@Transactional
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Session session = sessionService.getSession(request);
HandlerMethod method = (HandlerMethod) handler;
RestrictedTo annotation = method.getMethodAnnotation(RestrictedTo.class);
if (annotation != null) {
Permission requiredPermission = permissionRepository.findByNom(annotation.value());
if (annotation.authentifie()) {
BaseController baseController = new BaseController();
baseController.setRequest(request);
if (requiredPermission == null) {
response.setStatus(HttpStatus.NOT_IMPLEMENTED.value());
ResponseEntity responseEntity = baseController.generateError(HttpStatus.NOT_IMPLEMENTED);
responseEntityToServletResponse(responseEntity, response);
return false;
}
if (session == null) {
ResponseEntity responseEntity = baseController.generateError(HttpStatus.UNAUTHORIZED);
responseEntityToServletResponse(responseEntity, response);
return false;
} else {
if (!session.hasPermission(requiredPermission)) {
ResponseEntity responseEntity = baseController.generateError(HttpStatus.FORBIDDEN);
responseEntityToServletResponse(responseEntity, response);
return false;
}
}
}
}
return super.preHandle(request, response, handler);
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
super.postHandle(request, response, handler, modelAndView);
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
super.afterCompletion(request, response, handler, ex);
}
@Override
public void afterConcurrentHandlingStarted(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
super.afterConcurrentHandlingStarted(request, response, handler);
}
}