This project has retired. For details please refer to its
Attic page.
SimpleAuthorizationFilter xref
1 package org.apache.archiva.redback.integration.filter.authorization;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import org.apache.archiva.redback.authorization.AuthorizationException;
23 import org.apache.archiva.redback.system.SecuritySession;
24 import org.apache.archiva.redback.system.SecuritySystem;
25 import org.apache.archiva.redback.integration.filter.SpringServletFilter;
26 import org.apache.commons.lang.StringUtils;
27 import org.slf4j.Logger;
28 import org.slf4j.LoggerFactory;
29
30 import javax.servlet.FilterChain;
31 import javax.servlet.FilterConfig;
32 import javax.servlet.ServletException;
33 import javax.servlet.ServletRequest;
34 import javax.servlet.ServletResponse;
35 import javax.servlet.http.HttpServletResponse;
36 import java.io.IOException;
37
38
39
40
41
42
43
44 public class SimpleAuthorizationFilter
45 extends SpringServletFilter
46 {
47
48 private Logger logger = LoggerFactory.getLogger( getClass() );
49
50 private String permission;
51
52 private String resource;
53
54 private String accessDeniedLocation;
55
56 public void init( FilterConfig filterConfig )
57 throws ServletException
58 {
59 super.init( filterConfig );
60
61 permission = filterConfig.getInitParameter( "permission" );
62 resource = filterConfig.getInitParameter( "resource" );
63 accessDeniedLocation = filterConfig.getInitParameter( "accessDeniedLocation" );
64
65 if ( StringUtils.isEmpty( accessDeniedLocation ) )
66 {
67 throw new ServletException(
68 "Missing parameter 'accessDeniedLocation' from " + SimpleAuthorizationFilter.class.getName()
69 + " configuration." );
70 }
71 }
72
73 public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain )
74 throws IOException, ServletException
75 {
76 SecuritySession securitySession = getApplicationContext().getBean( "securitySession", SecuritySession.class );
77
78 if ( securitySession == null )
79 {
80 logger.warn( "Security Session is null." );
81 return;
82 }
83
84 SecuritySystem securitySystem = getApplicationContext().getBean( "securitySystem", SecuritySystem.class );
85
86 boolean isAuthorized = false;
87
88 try
89 {
90 if ( StringUtils.isEmpty( resource ) )
91 {
92 isAuthorized = securitySystem.isAuthorized( securitySession, permission );
93 }
94 else
95 {
96 isAuthorized = securitySystem.isAuthorized( securitySession, permission, resource );
97 }
98 if ( isAuthorized )
99 {
100 chain.doFilter( request, response );
101 }
102 else
103 {
104 accessDenied( response );
105 }
106 }
107 catch ( AuthorizationException e )
108 {
109 accessDenied( response );
110 }
111 }
112
113 protected void accessDenied( ServletResponse response )
114 throws IOException
115 {
116 String newlocation = accessDeniedLocation;
117
118 if ( newlocation.indexOf( '?' ) == ( -1 ) )
119 {
120 newlocation += "?";
121 }
122 else
123 {
124 newlocation += "&";
125 }
126 newlocation += "resource=" + resource;
127
128 ( (HttpServletResponse) response ).sendRedirect( newlocation );
129 }
130
131 }