001package org.apache.archiva.redback.integration.filter.authorization; 002 003/* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022import org.apache.archiva.redback.authorization.AuthorizationException; 023import org.apache.archiva.redback.integration.filter.SpringServletFilter; 024import org.apache.archiva.redback.system.SecuritySession; 025import org.apache.archiva.redback.system.SecuritySystem; 026import org.apache.commons.lang3.StringUtils; 027import org.slf4j.Logger; 028import org.slf4j.LoggerFactory; 029 030import javax.servlet.FilterChain; 031import javax.servlet.FilterConfig; 032import javax.servlet.ServletException; 033import javax.servlet.ServletRequest; 034import javax.servlet.ServletResponse; 035import javax.servlet.http.HttpServletResponse; 036import java.io.IOException; 037 038/** 039 * SimpleAuthorizationFilter 040 * 041 * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a> 042 * 043 */ 044public class SimpleAuthorizationFilter 045 extends SpringServletFilter 046{ 047 048 private Logger logger = LoggerFactory.getLogger( getClass() ); 049 050 private String permission; 051 052 private String resource; 053 054 private String accessDeniedLocation; 055 056 public void init( FilterConfig filterConfig ) 057 throws ServletException 058 { 059 super.init( filterConfig ); 060 061 permission = filterConfig.getInitParameter( "permission" ); 062 resource = filterConfig.getInitParameter( "resource" ); 063 accessDeniedLocation = filterConfig.getInitParameter( "accessDeniedLocation" ); 064 065 if ( StringUtils.isEmpty( accessDeniedLocation ) ) 066 { 067 throw new ServletException( 068 "Missing parameter 'accessDeniedLocation' from " + SimpleAuthorizationFilter.class.getName() 069 + " configuration." ); 070 } 071 } 072 073 public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain ) 074 throws IOException, ServletException 075 { 076 SecuritySession securitySession = getApplicationContext().getBean( "securitySession", SecuritySession.class ); 077 078 if ( securitySession == null ) 079 { 080 logger.warn( "Security Session is null." ); 081 return; 082 } 083 084 SecuritySystem securitySystem = getApplicationContext().getBean( "securitySystem", SecuritySystem.class ); 085 086 boolean isAuthorized = false; 087 088 try 089 { 090 if ( StringUtils.isEmpty( resource ) ) 091 { 092 isAuthorized = securitySystem.isAuthorized( securitySession, permission ); 093 } 094 else 095 { 096 isAuthorized = securitySystem.isAuthorized( securitySession, permission, resource ); 097 } 098 if ( isAuthorized ) 099 { 100 chain.doFilter( request, response ); 101 } 102 else 103 { 104 accessDenied( response ); 105 } 106 } 107 catch ( AuthorizationException e ) 108 { 109 accessDenied( response ); 110 } 111 } 112 113 protected void accessDenied( ServletResponse response ) 114 throws IOException 115 { 116 String newlocation = accessDeniedLocation; 117 118 if ( newlocation.indexOf( '?' ) == ( -1 ) ) 119 { 120 newlocation += "?"; 121 } 122 else 123 { 124 newlocation += "&"; 125 } 126 newlocation += "resource=" + resource; 127 128 ( (HttpServletResponse) response ).sendRedirect( newlocation ); 129 } 130 131}