blame | history | raw | HEAD
rsanchez
2015-08-03 85aa3a5834bf381b603f63e9e769920c368fa53d 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

package net.curisit.securis;



import java.io.IOException;

import java.security.Principal;



import javax.enterprise.context.ApplicationScoped;

import javax.servlet.Filter;

import javax.servlet.FilterChain;

import javax.servlet.FilterConfig;

import javax.servlet.ServletException;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import javax.servlet.annotation.WebFilter;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletRequestWrapper;



import org.apache.logging.log4j.LogManager;

import org.apache.logging.log4j.Logger;



@ApplicationScoped

@WebFilter(urlPatterns = "/*")

public class AuthFilter implements Filter {



    private static final Logger LOG = LogManager.getLogger(AuthFilter.class);



    @Override

    public void init(FilterConfig fc) throws ServletException {

    }



    @Override

    public void doFilter(ServletRequest sr, ServletResponse sr1, FilterChain fc) throws IOException, ServletException {

        HttpServletRequest req = (HttpServletRequest) sr;



        if (sr.getParameter("user") != null || req.getSession().getAttribute("user") != null) {

            String username = sr.getParameter("user");

            if (username == null) {

                username = (String) req.getSession().getAttribute("user");

            }

            // TODO: role management is temporal

            String role = "advance".equals(username) ? "advance" : "normal";

            LOG.info("Role for user: {} = {}", username, role);

            fc.doFilter(new UserRoleRequestWrapper(role, sr.getParameter("user"), req), sr1);

        } else {

            fc.doFilter(req, sr1);

        }



    }



    @Override

    public void destroy() {

    }



    private class UserRoleRequestWrapper extends HttpServletRequestWrapper {



        private String role;

        private String user;



        public UserRoleRequestWrapper(String role, String user, HttpServletRequest request) {

            super(request);

            this.role = role;

            this.user = user;

        }



        @Override

        public boolean isUserInRole(String role) {

            LOG.info("isUserRole METHOD: {}, {}", role, this.role);

            if (this.role == null) {

                return super.isUserInRole(role);

            }

            return this.role.equals(role);

        }



        @Override

        public Principal getUserPrincipal() {

            if (this.user == null) {

                return super.getUserPrincipal();

            }



            return new Principal() {

                @Override

                public String getName() {

                    return user;

                }

            };

        }

    }

}