common/securis.git

..	..	@@ -34,98 +34,94 @@
34	34	// @PreMatching
35	35	@Priority(Priorities.AUTHENTICATION)
36	36	public class SecurityInterceptor implements javax.ws.rs.container.ContainerRequestFilter {
37		- private static final Logger LOG = LogManager.getLogger(SecurityInterceptor.class);
	37	+ private static final Logger LOG = LogManager.getLogger(SecurityInterceptor.class);
38	38
39		- @Inject
40		- private TokenHelper tokenHelper;
	39	+ @Inject
	40	+ private TokenHelper tokenHelper;
41	41
42		- @Context
43		- private HttpServletRequest servletRequest;
	42	+ @Context
	43	+ private HttpServletRequest servletRequest;
44	44
45		- @Inject
46		- CacheTTL cache;
	45	+ @Inject
	46	+ CacheTTL cache;
47	47
48		- @Context
49		- Dispatcher dispatcher;
	48	+ @Context
	49	+ Dispatcher dispatcher;
50	50
51		- @Inject
52		- com.google.inject.Provider<EntityManager> emProvider;
	51	+ @Inject
	52	+ com.google.inject.Provider<EntityManager> emProvider;
53	53
54		- public void filter(ContainerRequestContext containerRequestContext) throws IOException {
55		- ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker) containerRequestContext.getProperty("org.jboss.resteasy.core.ResourceMethodInvoker");
56		- Method method = methodInvoker.getMethod();
	54	+ public void filter(ContainerRequestContext containerRequestContext) throws IOException {
	55	+ ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker) containerRequestContext
	56	+ .getProperty("org.jboss.resteasy.core.ResourceMethodInvoker");
	57	+ Method method = methodInvoker.getMethod();
57	58
58		- if (!method.isAnnotationPresent(Securable.class))
59		- return;
60		- String token = servletRequest.getHeader(TokenHelper.TOKEN_HEADER_PÀRAM);
61		- if (token == null \|\| !tokenHelper.isTokenValid(token)) {
62		- LOG.info("Access denied to '{}', Token not valid.", servletRequest.getPathInfo());
63		- containerRequestContext.abortWith(Response.status(Status.UNAUTHORIZED).build());
64		- } else {
65		- Securable sec = method.getAnnotation(Securable.class);
	59	+ if (!method.isAnnotationPresent(Securable.class)) {
	60	+ return;
	61	+ }
	62	+ String token = servletRequest.getHeader(TokenHelper.TOKEN_HEADER_PÀRAM);
	63	+ if (token == null \|\| !tokenHelper.isTokenValid(token)) {
	64	+ LOG.info("Access denied to '{}', Token not valid.", servletRequest.getPathInfo());
	65	+ containerRequestContext.abortWith(Response.status(Status.UNAUTHORIZED).build());
	66	+ } else {
	67	+ Securable sec = method.getAnnotation(Securable.class);
66	68
67		- // If roles == 0 we only need to validate the token
68		- String username = tokenHelper.extractUserFromToken(token);
69		- int userRoles = getUserRoles(username);
70		- // if (sec.roles() != 0) {
71		- // if ((sec.roles() & userRoles) == 0) {
72		- // LOG.info("User {} has no necessary role to access url: {}", username, servletRequest.getPathInfo());
73		- // containerRequestContext.abortWith(Response.status(Status.UNAUTHORIZED).build());
74		- // }
75		- // }
76		- Set<Integer> orgs = getUserOrganizations(username);
	69	+ // If roles == 0 we only need to validate the token
	70	+ String username = tokenHelper.extractUserFromToken(token);
	71	+ int userRoles = getUserRoles(username);
	72	+ Set<Integer> orgs = getUserOrganizations(username);
77	73
78		- BasicSecurityContext scw = new BasicSecurityContext(username, userRoles, servletRequest.isSecure());
79		- scw.setOrganizationsIds(orgs);
80		- containerRequestContext.setSecurityContext(scw);
81		- // Next line provide injection in resource methods
82		- ResteasyProviderFactory.pushContext(BasicSecurityContext.class, scw);
83		- LOG.debug("Added custom SecurityContext for user {}, orgs: {}", username, orgs);
84		- }
85		- }
	74	+ BasicSecurityContext scw = new BasicSecurityContext(username, userRoles, servletRequest.isSecure());
	75	+ scw.setOrganizationsIds(orgs);
	76	+ containerRequestContext.setSecurityContext(scw);
	77	+ // Next line provide injection in resource methods
	78	+ ResteasyProviderFactory.pushContext(BasicSecurityContext.class, scw);
	79	+ LOG.debug("Added custom SecurityContext for user {}, orgs: {}", username, orgs);
	80	+ }
	81	+ }
86	82
87		- private Set<Integer> getUserOrganizations(String username) {
88		- @SuppressWarnings("unchecked")
89		- Set<Integer> userOrgs = cache.get("orgs_" + username, Set.class);
90		- if (userOrgs == null) {
91		- // Theorically this shouldn't be never null, but just in case...
92		- EntityManager em = emProvider.get();
93		- User user = em.find(User.class, username);
94		- if (user != null) {
95		- userOrgs = user.getAllOrgsIds();
96		- // We store user orgs in cache only for one hour
97		- cache.set("orgs_" + username, userOrgs, 3600);
98		- }
99		- }
	83	+ private Set<Integer> getUserOrganizations(String username) {
	84	+ @SuppressWarnings("unchecked")
	85	+ Set<Integer> userOrgs = cache.get("orgs_" + username, Set.class);
	86	+ if (userOrgs == null) {
	87	+ // Theorically this shouldn't be never null, but just in case...
	88	+ EntityManager em = emProvider.get();
	89	+ User user = em.find(User.class, username);
	90	+ if (user != null) {
	91	+ userOrgs = user.getAllOrgsIds();
	92	+ // We store user orgs in cache only for one hour
	93	+ cache.set("orgs_" + username, userOrgs, 3600);
	94	+ }
	95	+ }
100	96
101		- return userOrgs;
102		- }
	97	+ return userOrgs;
	98	+ }
103	99
104		- private int getUserRoles(String username) {
105		- if (username == null)
106		- return 0;
107		- Integer userRoles = cache.get("roles_" + username, Integer.class);
108		- if (userRoles == null) {
109		- EntityManager em = emProvider.get();
110		- User user = em.find(User.class, username);
111		- if (user != null) {
112		- userRoles = 0;
113		- List<Integer> roles = user.getRoles();
114		- for (Integer rol : roles) {
115		- userRoles += rol;
116		- }
117		- // We store user roles in cache only for one hour
118		- cache.set("roles_" + username, userRoles, 3600);
119		- cache.set("orgs_" + username, user.getOrgsIds(), 3600);
120		- }
121		- }
122		- return userRoles == null ? 0 : userRoles.intValue();
123		- }
	100	+ private int getUserRoles(String username) {
	101	+ if (username == null) {
	102	+ return 0;
	103	+ }
	104	+ Integer userRoles = cache.get("roles_" + username, Integer.class);
	105	+ if (userRoles == null) {
	106	+ EntityManager em = emProvider.get();
	107	+ User user = em.find(User.class, username);
	108	+ if (user != null) {
	109	+ userRoles = 0;
	110	+ List<Integer> roles = user.getRoles();
	111	+ for (Integer rol : roles) {
	112	+ userRoles += rol;
	113	+ }
	114	+ // We store user roles in cache only for one hour
	115	+ cache.set("roles_" + username, userRoles, 3600);
	116	+ cache.set("orgs_" + username, user.getOrgsIds(), 3600);
	117	+ }
	118	+ }
	119	+ return userRoles == null ? 0 : userRoles.intValue();
	120	+ }
124	121
125		- // @Override
126		- public ServerResponse preProcess(HttpRequest request, ResourceMethodInvoker method) throws Failure, WebApplicationException {
127		- // TODO Auto-generated method stub
128		- return null;
129		- }
	122	+ // @Override
	123	+ public ServerResponse preProcess(HttpRequest request, ResourceMethodInvoker method) throws Failure, WebApplicationException {
	124	+ return null;
	125	+ }
130	126
131	127	}