@Setter public class WebAuthenticationInterceptor extends WebRequestInterceptor { @EzyAutoBind private WebUserService userService; @EzyAutoBind private FeatureURIManager featureUriManager; @EzyAutoBind private WebUserRoleService userRoleService; @EzyAutoBind private WebRoleFeatureService roleFeatureService; protected final Set<String> canBeUseUserIdUris = getCanBeUseUserIdUris(); @Override public boolean validate(RequestArguments arguments, Method handler) { String accessToken = arguments.getHeader(COOKIE_NAME_ACCESS_TOKEN); if (accessToken == null) { accessToken = arguments.getCookieValue(COOKIE_NAME_ACCESS_TOKEN); } HttpServletRequest request = arguments.getRequest(); request.setAttribute(COOKIE_NAME_ACCESS_TOKEN, accessToken); arguments.setArgument(AccessToken.class, accessToken); Long userId = null; String uriTemplate = arguments.getUriTemplate(); HttpMethod method = arguments.getMethod(); if (requestUriManager.isAuthenticatedURI(method, uriTemplate)) { userId = userService.validateUserAccessToken(accessToken); arguments.setArgument(UserId.class, userId); request.setAttribute(UserId.class.getName(), userId); } else if (canBeUseUserIdUris.contains(uriTemplate)) { userId = userService.getUserIdByAccessToken( accessToken ); arguments.setArgument(UserId.class, userId); request.setAttribute(UserId.class.getName(), userId); } if (userId != null && needToCheckPermission()) { UserRolesProxy userRolesProxy = checkPermission( method, uriTemplate, userId ); arguments.setArgument(UserRoles.class, userRolesProxy); } return true; } protected boolean needToCheckPermission() { return false; } protected Set<String> getCanBeUseUserIdUris() { return Collections.emptySet(); } private UserRolesProxy checkPermission( HttpMethod method, String uriTemplate, long userId ) { String feature = featureUriManager.getFeatureByURI( method, uriTemplate ); Set<Long> roleIds = userRoleService.getRoleIdsByUserId(userId); Map<Long, Map<String, Map<String, Set<HttpMethod>>>> methodsUriMapByFeatureByRoleId = roleFeatureService.getMethodsUriMapByFeatureByRoleId(); if (feature != null) { boolean hasPermission = false; for (Long roleId : roleIds) { Map<String, Map<String, Set<HttpMethod>>> methodsUriMapByFeature = methodsUriMapByFeatureByRoleId.get(roleId); if (methodsUriMapByFeature != null) { Map<String, Set<HttpMethod>> methodsUriMap = methodsUriMapByFeature.get(feature); if (methodsUriMap != null) { Set<HttpMethod> methods = methodsUriMap.get(uriTemplate); if (methods != null && methods.contains(method)) { hasPermission = true; break; } } } } if (!hasPermission) { throw new HttpForbiddenException( singletonMap("permission", "denied") ); } } return UserRolesProxy.create( roleIds, featureUriManager, methodsUriMapByFeatureByRoleId ); } }
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
