View Javadoc
1   /**
2    * Copyright 2011-2013 The Kuali Foundation Licensed under the
3    * Educational Community License, Version 2.0 (the "License"); you may
4    * not use this file except in compliance with the License. You may
5    * obtain a copy of the License at
6    *
7    * http://www.osedu.org/licenses/ECL-2.0
8    *
9    * Unless required by applicable law or agreed to in writing,
10   * software distributed under the License is distributed on an "AS IS"
11   * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
12   * or implied. See the License for the specific language governing
13   * permissions and limitations under the License.
14   */
15  
16  package org.kuali.mobility.security.authz.interceptors;
17  
18  import org.slf4j.Logger;
19  import org.slf4j.LoggerFactory;
20  import org.kuali.mobility.security.authn.util.AuthenticationConstants;
21  import org.kuali.mobility.security.group.api.Group;
22  import org.kuali.mobility.security.user.api.User;
23  import org.springframework.web.servlet.HandlerInterceptor;
24  import org.springframework.web.servlet.ModelAndView;
25  
26  import javax.servlet.http.HttpServletRequest;
27  import javax.servlet.http.HttpServletResponse;
28  import java.util.ArrayList;
29  import java.util.List;
30  
31  public class AuthorizationInterceptor implements HandlerInterceptor {
32      private static final Logger LOG = LoggerFactory.getLogger(AuthorizationInterceptor.class);
33  
34      @Override
35      public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
36          User user = (User) request.getSession(true).getAttribute(AuthenticationConstants.KME_USER_KEY);
37  
38          if (user != null && !user.isPublicUser() && user.getLoginName() != null) {
39              
40              List<Group> groups = user.getGroups();
41              if (groups == null){
42              	groups = new ArrayList<Group>();
43              }
44  
45  // Removing this since it doesn't seem to serve any purpose at this time. -joseswan
46  //            user.addAttribute("user.authenticated", "true");
47  
48              String principalName = user.getLoginName().trim();
49              
50              // TODO: Refactor this to use and injected AuthZ Data Source (Active Directory, LDAP, etc)
51  
52              if ("admin".equals(principalName)) {
53                  user.addAttribute("user.campus", "ALL");
54  //                groups.add("KME-ADMIN");
55              } else if ("student".equals(principalName)) {
56                  user.addAttribute("user.campus", "BL");
57  //                groups.add("KME-STUDENT");
58              } else if ("staff".equals(principalName)) {
59                  user.addAttribute("user.campus", "IN");
60  //                groups.add("KME-STAFF");
61              } else if ("faculty".equals(principalName)) {
62                  user.addAttribute("user.campus", "BL");
63  //                groups.add("KME-FACULTY");
64              }
65                          
66              user.setGroups(groups);
67          }
68  
69          return true;
70      }
71  
72      @Override
73      public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {}
74  
75      @Override
76      public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {}
77  
78  }