LeClubInfo / etunicorn-server

SecurityInterceptor.java 2.67 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 
package etunicorn;

import etunicorn.entity.Permission;
import etunicorn.entity.Session;
import etunicorn.repository.PermissionRepository;
import etunicorn.service.SessionService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * etunicorn-server
 * Copyright © 2017 Le Club Info Polytech Lille
 * Tous droits réservés
 */
public class SecurityInterceptor extends HandlerInterceptorAdapter {
    @Autowired
    SessionService sessionService;
    @Autowired
    PermissionRepository permissionRepository;

    public SecurityInterceptor() {
        super();
    }

    @Override
    @Transactional
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        Session session = sessionService.getSession(request);

        HandlerMethod method = (HandlerMethod) handler;
        RestrictedTo annotation = method.getMethodAnnotation(RestrictedTo.class);

        Permission requiredPermission = permissionRepository.findByNom(annotation.value());
        if (requiredPermission == null) {
            response.setStatus(HttpStatus.NOT_IMPLEMENTED.value());
            return false;
        }

        if (annotation.authentifie()) {
            if (session == null) {
                response.setStatus(HttpStatus.UNAUTHORIZED.value());
                return false;
            } else {
                if (!session.hasPermission(requiredPermission)) {
                    response.setStatus(HttpStatus.FORBIDDEN.value());
                    return false;
                }
            }
        }
        return super.preHandle(request, response, handler);
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
        super.postHandle(request, response, handler, modelAndView);
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        super.afterCompletion(request, response, handler, ex);
    }

    @Override
    public void afterConcurrentHandlingStarted(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        super.afterConcurrentHandlingStarted(request, response, handler);
    }
}