package etunicorn; import etunicorn.controller.BaseController; import etunicorn.entity.Permission; import etunicorn.entity.Session; import etunicorn.repository.PermissionRepository; import etunicorn.service.SessionService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /** * etunicorn-server * Copyright © 2017 Le Club Info Polytech Lille * Tous droits réservés */ public class SecurityInterceptor extends HandlerInterceptorAdapter { @Autowired SessionService sessionService; @Autowired PermissionRepository permissionRepository; public SecurityInterceptor() { super(); } private void responseEntityToServletResponse(ResponseEntity responseEntity, HttpServletResponse response) throws IOException { HttpHeaders httpHeaders = responseEntity.getHeaders(); for (String header : httpHeaders.keySet()) { for (String headerValue : httpHeaders.get(header)) { response.setHeader(header, headerValue); } } response.getWriter().write(responseEntity.getBody().toString()); } @Override @Transactional public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { Session session = sessionService.getSession(request); HandlerMethod method = (HandlerMethod) handler; RestrictedTo annotation = method.getMethodAnnotation(RestrictedTo.class); if (annotation != null) { Permission requiredPermission = permissionRepository.findByNom(annotation.value()); if (annotation.authentifie()) { BaseController baseController = new BaseController(); baseController.setRequest(request); if (requiredPermission == null) { response.setStatus(HttpStatus.NOT_IMPLEMENTED.value()); ResponseEntity responseEntity = baseController.generateError(HttpStatus.NOT_IMPLEMENTED); responseEntityToServletResponse(responseEntity, response); return false; } if (session == null) { ResponseEntity responseEntity = baseController.generateError(HttpStatus.UNAUTHORIZED); responseEntityToServletResponse(responseEntity, response); return false; } else { if (!session.hasPermission(requiredPermission)) { ResponseEntity responseEntity = baseController.generateError(HttpStatus.FORBIDDEN); responseEntityToServletResponse(responseEntity, response); return false; } } } } return super.preHandle(request, response, handler); } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { super.postHandle(request, response, handler, modelAndView); } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { super.afterCompletion(request, response, handler, ex); } @Override public void afterConcurrentHandlingStarted(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { super.afterConcurrentHandlingStarted(request, response, handler); } }