1 /* 2 * Copyright 2007-2008 The Kuali Foundation 3 * 4 * Licensed under the Educational Community License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.opensource.org/licenses/ecl2.php 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package org.kuali.rice.ken.web.spring; 17 18 import javax.servlet.http.HttpServletRequest; 19 import javax.servlet.http.HttpServletResponse; 20 21 import org.apache.log4j.Logger; 22 import org.kuali.rice.ken.service.NotificationAuthorizationService; 23 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; 24 25 /** 26 * Spring HandlerInterceptor implementation that implements security. For now this just 27 * adds a flag to the request indicating whether the authenticated user is a Notification 28 * System administrator. 29 * @author Kuali Rice Team (rice.collab@kuali.org) 30 */ 31 public class SecurityInterceptor extends HandlerInterceptorAdapter { 32 private static final Logger LOG = Logger.getLogger(SecurityInterceptor.class); 33 34 /** 35 * Request attribute key under which to register the userIsAdmin flag 36 */ 37 private static final String USER_IS_ADMIN_KEY = "userIsAdmin"; 38 39 protected NotificationAuthorizationService notificationAuthzService; 40 41 /** 42 * Sets the NotificationAuthorizationService member 43 * @param notificationAuthzService NotificationAuthorizationService used to determine whether user is administrator 44 */ 45 public void setNotificationAuthorizationService(NotificationAuthorizationService notificationAuthzService) { 46 this.notificationAuthzService = notificationAuthzService; 47 } 48 49 /** 50 * Decorate the incoming request with an attribute that indicates whether the user is a Notification System administrator 51 * @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object) 52 */ 53 @Override 54 public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { 55 String user = request.getRemoteUser(); 56 boolean isAdmin = false; 57 if (user != null) { 58 isAdmin = notificationAuthzService.isUserAdministrator(user); 59 } 60 LOG.debug("Setting request attribute '" + USER_IS_ADMIN_KEY + "' to " + isAdmin); 61 request.setAttribute(USER_IS_ADMIN_KEY, Boolean.valueOf(isAdmin)); 62 return true; 63 } 64 }