View Javadoc
1   /**
2    * Copyright 2005-2016 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.ken.web.spring;
17  
18  import javax.servlet.http.HttpServletRequest;
19  import javax.servlet.http.HttpServletResponse;
20  
21  import org.apache.log4j.Logger;
22  import org.kuali.rice.ken.service.NotificationAuthorizationService;
23  import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
24  
25  /**
26   * Spring HandlerInterceptor implementation that implements security.  For now this just
27   * adds a flag to the request indicating whether the authenticated user is a Notification
28   * System administrator.
29   * @author Kuali Rice Team (rice.collab@kuali.org)
30   */
31  public class SecurityInterceptor extends HandlerInterceptorAdapter {
32      private static final Logger LOG = Logger.getLogger(SecurityInterceptor.class);
33  
34      /**
35       * Request attribute key under which to register the userIsAdmin flag
36       */
37      private static final String USER_IS_ADMIN_KEY = "userIsAdmin";
38  
39      protected NotificationAuthorizationService notificationAuthzService;
40      
41      /**
42       * Sets the NotificationAuthorizationService member
43       * @param notificationAuthzService NotificationAuthorizationService used to determine whether user is administrator
44       */
45      public void setNotificationAuthorizationService(NotificationAuthorizationService notificationAuthzService) {
46          this.notificationAuthzService = notificationAuthzService;
47      }
48  
49      /**
50       * Decorate the incoming request with an attribute that indicates whether the user is a Notification System administrator
51       * @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object)
52       */
53      @Override
54      public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
55          String user = request.getRemoteUser();
56          boolean isAdmin = false;
57          if (user != null) {
58              isAdmin = notificationAuthzService.isUserAdministrator(user);
59          }
60          LOG.debug("Setting request attribute '" + USER_IS_ADMIN_KEY + "' to " + isAdmin);
61          request.setAttribute(USER_IS_ADMIN_KEY, Boolean.valueOf(isAdmin));
62          return true;
63      }
64  }