Source code

001/**
002 * Copyright 2005-2016 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package org.kuali.rice.ken.web.spring;
017
018import javax.servlet.http.HttpServletRequest;
019import javax.servlet.http.HttpServletResponse;
020
021import org.apache.log4j.Logger;
022import org.kuali.rice.ken.service.NotificationAuthorizationService;
023import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
024
025/**
026 * Spring HandlerInterceptor implementation that implements security.  For now this just
027 * adds a flag to the request indicating whether the authenticated user is a Notification
028 * System administrator.
029 * @author Kuali Rice Team (rice.collab@kuali.org)
030 */
031public class SecurityInterceptor extends HandlerInterceptorAdapter {
032    private static final Logger LOG = Logger.getLogger(SecurityInterceptor.class);
033
034    /**
035     * Request attribute key under which to register the userIsAdmin flag
036     */
037    private static final String USER_IS_ADMIN_KEY = "userIsAdmin";
038
039    protected NotificationAuthorizationService notificationAuthzService;
040    
041    /**
042     * Sets the NotificationAuthorizationService member
043     * @param notificationAuthzService NotificationAuthorizationService used to determine whether user is administrator
044     */
045    public void setNotificationAuthorizationService(NotificationAuthorizationService notificationAuthzService) {
046        this.notificationAuthzService = notificationAuthzService;
047    }
048
049    /**
050     * Decorate the incoming request with an attribute that indicates whether the user is a Notification System administrator
051     * @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object)
052     */
053    @Override
054    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
055        String user = request.getRemoteUser();
056        boolean isAdmin = false;
057        if (user != null) {
058            isAdmin = notificationAuthzService.isUserAdministrator(user);
059        }
060        LOG.debug("Setting request attribute '" + USER_IS_ADMIN_KEY + "' to " + isAdmin);
061        request.setAttribute(USER_IS_ADMIN_KEY, Boolean.valueOf(isAdmin));
062        return true;
063    }
064}