From c2cf57687d1d61fd476659bc5bead0592143a5c6 Mon Sep 17 00:00:00 2001
From: Roberto Sánchez <roberto.sanchez@curisit.net>
Date: Fri, 17 Jan 2014 18:50:27 +0000
Subject: [PATCH] #395 feature - Added remaining resources to REST API in Licenses management

---
 securis/src/main/java/net/curisit/securis/services/SecurityInterceptor.java |   26 ++++++++++++++------------
 1 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/securis/src/main/java/net/curisit/securis/services/SecurityInterceptor.java b/securis/src/main/java/net/curisit/securis/services/SecurityInterceptor.java
index 0516435..ca84402 100644
--- a/securis/src/main/java/net/curisit/securis/services/SecurityInterceptor.java
+++ b/securis/src/main/java/net/curisit/securis/services/SecurityInterceptor.java
@@ -40,31 +40,33 @@
 
 	@Override
 	public void filter(ContainerRequestContext containerRequestContext) throws IOException {
-		log.info("filter using REST interceptor, method: {}", containerRequestContext.getMethod());
-
-		log.info("filter using REST interceptor, ResourceMethodInvoker: {}", containerRequestContext.getProperty("org.jboss.resteasy.core.ResourceMethodInvoker"));
 		ResourceMethodInvoker methodInvoker = (ResourceMethodInvoker) containerRequestContext.getProperty("org.jboss.resteasy.core.ResourceMethodInvoker");
 		Method method = methodInvoker.getMethod();
 
 		if (!method.isAnnotationPresent(Securable.class))
 			return;
 		String token = servletRequest.getHeader(TokenHelper.TOKEN_HEADER_PÀRAM);
-		if (token == null || !tokenHelper.isTokenValid(token))
+		if (token == null || !tokenHelper.isTokenValid(token)) {
+			log.info("Access denied to '{}', Token not valid.", servletRequest.getPathInfo());
 			containerRequestContext.abortWith(Response.status(Status.UNAUTHORIZED).build());
-		Securable sec = method.getAnnotation(Securable.class);
+		} else {
+			Securable sec = method.getAnnotation(Securable.class);
 
-		// If roles == 0 we only need to validate the token
-		if (sec.roles() != 0) {
-			String username = tokenHelper.extractUserFromToken(token);
-			int userRoles = getUserRoles(username);
-			if ((sec.roles() & userRoles) == 0) {
-				log.info("User {} has no necessary role to access url: {}", username, servletRequest.getPathInfo());
-				containerRequestContext.abortWith(Response.status(Status.UNAUTHORIZED).build());
+			// If roles == 0 we only need to validate the token
+			if (sec.roles() != 0) {
+				String username = tokenHelper.extractUserFromToken(token);
+				int userRoles = getUserRoles(username);
+				if ((sec.roles() & userRoles) == 0) {
+					log.info("User {} has no necessary role to access url: {}", username, servletRequest.getPathInfo());
+					containerRequestContext.abortWith(Response.status(Status.UNAUTHORIZED).build());
+				}
 			}
 		}
 	}
 
 	private int getUserRoles(String username) {
+		if (username == null)
+			return 0;
 		Integer userRoles = cache.get("roles_" + username, Integer.class);
 		if (userRoles == null) {
 			EntityManager em = emProvider.get();

--
Gitblit v1.3.2