001    /**
002     * Copyright 2005-2013 The Kuali Foundation
003     *
004     * Licensed under the Educational Community License, Version 2.0 (the "License");
005     * you may not use this file except in compliance with the License.
006     * You may obtain a copy of the License at
007     *
008     * http://www.opensource.org/licenses/ecl2.php
009     *
010     * Unless required by applicable law or agreed to in writing, software
011     * distributed under the License is distributed on an "AS IS" BASIS,
012     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013     * See the License for the specific language governing permissions and
014     * limitations under the License.
015     */
016    package org.kuali.rice.ken.web.spring;
017    
018    import javax.servlet.http.HttpServletRequest;
019    import javax.servlet.http.HttpServletResponse;
020    
021    import org.apache.log4j.Logger;
022    import org.kuali.rice.ken.service.NotificationAuthorizationService;
023    import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
024    
025    /**
026     * Spring HandlerInterceptor implementation that implements security.  For now this just
027     * adds a flag to the request indicating whether the authenticated user is a Notification
028     * System administrator.
029     * @author Kuali Rice Team (rice.collab@kuali.org)
030     */
031    public class SecurityInterceptor extends HandlerInterceptorAdapter {
032        private static final Logger LOG = Logger.getLogger(SecurityInterceptor.class);
033    
034        /**
035         * Request attribute key under which to register the userIsAdmin flag
036         */
037        private static final String USER_IS_ADMIN_KEY = "userIsAdmin";
038    
039        protected NotificationAuthorizationService notificationAuthzService;
040        
041        /**
042         * Sets the NotificationAuthorizationService member
043         * @param notificationAuthzService NotificationAuthorizationService used to determine whether user is administrator
044         */
045        public void setNotificationAuthorizationService(NotificationAuthorizationService notificationAuthzService) {
046            this.notificationAuthzService = notificationAuthzService;
047        }
048    
049        /**
050         * Decorate the incoming request with an attribute that indicates whether the user is a Notification System administrator
051         * @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object)
052         */
053        @Override
054        public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
055            String user = request.getRemoteUser();
056            boolean isAdmin = false;
057            if (user != null) {
058                isAdmin = notificationAuthzService.isUserAdministrator(user);
059            }
060            LOG.debug("Setting request attribute '" + USER_IS_ADMIN_KEY + "' to " + isAdmin);
061            request.setAttribute(USER_IS_ADMIN_KEY, Boolean.valueOf(isAdmin));
062            return true;
063        }
064    }