| 1 |
51049
|
argiro.kok
|
package eu.dnetlib.uoaadmintools.handlers;
|
| 2 |
|
|
|
| 3 |
|
|
import eu.dnetlib.uoaadmintools.handlers.utils.AuthorizationUtils;
|
| 4 |
|
|
import org.apache.log4j.Logger;
|
| 5 |
55272
|
k.triantaf
|
import org.springframework.beans.factory.annotation.Value;
|
| 6 |
51049
|
argiro.kok
|
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
| 7 |
|
|
|
| 8 |
|
|
import javax.servlet.http.HttpServletRequest;
|
| 9 |
|
|
import javax.servlet.http.HttpServletResponse;
|
| 10 |
55272
|
k.triantaf
|
import java.util.List;
|
| 11 |
51049
|
argiro.kok
|
|
| 12 |
|
|
/**
|
| 13 |
|
|
* Created by argirok on 23/2/2018.
|
| 14 |
|
|
*/
|
| 15 |
|
|
public class AuthorizationHandler extends HandlerInterceptorAdapter {
|
| 16 |
|
|
private final Logger log = Logger.getLogger(this.getClass());
|
| 17 |
|
|
private AuthorizationUtils helper = new AuthorizationUtils();
|
| 18 |
55272
|
k.triantaf
|
private List<String> allowedPostRequests;
|
| 19 |
51049
|
argiro.kok
|
|
| 20 |
55272
|
k.triantaf
|
public AuthorizationHandler(String userInfoUrl, String originServer, List<String> allowedPostRequests){
|
| 21 |
51049
|
argiro.kok
|
helper.setOriginServer(originServer);
|
| 22 |
|
|
helper.setUserInfoUrl(userInfoUrl);
|
| 23 |
55272
|
k.triantaf
|
this.allowedPostRequests = allowedPostRequests;
|
| 24 |
51049
|
argiro.kok
|
}
|
| 25 |
|
|
@Override
|
| 26 |
|
|
public boolean preHandle(
|
| 27 |
|
|
HttpServletRequest request,
|
| 28 |
|
|
HttpServletResponse response,
|
| 29 |
|
|
Object handler) throws Exception {
|
| 30 |
|
|
// log.debug("request method " + request.getRemoteHost());
|
| 31 |
58363
|
argiro.kok
|
// log.debug("properties: " + helper.getOriginServer() + " "+ helper.getUserInfoUrl());
|
| 32 |
|
|
// log.debug(allowedPostRequests);
|
| 33 |
|
|
// log.debug(allowedPostRequests.contains(request.getServletPath()));
|
| 34 |
|
|
// log.debug(request.getServletPath());
|
| 35 |
55272
|
k.triantaf
|
if((request.getMethod().equals("POST") || request.getMethod().equals("DELETE")) &&
|
| 36 |
55305
|
k.triantaf
|
!allowedPostRequests.contains(request.getServletPath())) {
|
| 37 |
51049
|
argiro.kok
|
//TODO check domain & check user info
|
| 38 |
|
|
if(!this.helper.checkCookies(request) || !helper.isAuthorized(helper.getToken(request))){
|
| 39 |
|
|
|
| 40 |
|
|
response.setHeader("Access-Control-Allow-Credentials","true");
|
| 41 |
|
|
response.setHeader("Access-Control-Allow-Origin","*");
|
| 42 |
|
|
response.setHeader("Vary","Origin");
|
| 43 |
|
|
|
| 44 |
|
|
response.setStatus(403);
|
| 45 |
|
|
response.sendError(403, "Forbidden: You don't have permission to access. Maybe you are not registered.");
|
| 46 |
|
|
return false;
|
| 47 |
|
|
}
|
| 48 |
|
|
|
| 49 |
|
|
}
|
| 50 |
|
|
return true;
|
| 51 |
|
|
}
|
| 52 |
|
|
|
| 53 |
|
|
|
| 54 |
|
|
// @Override
|
| 55 |
|
|
// public void postHandle(
|
| 56 |
|
|
// HttpServletRequest request,
|
| 57 |
|
|
// HttpServletResponse response,
|
| 58 |
|
|
// Object handler,
|
| 59 |
|
|
// ModelAndView modelAndView) throws Exception {
|
| 60 |
|
|
// log.info("I am here - postHandle ");
|
| 61 |
|
|
// }
|
| 62 |
|
|
//
|
| 63 |
|
|
// @Override
|
| 64 |
|
|
// public void afterCompletion(
|
| 65 |
|
|
// HttpServletRequest request,
|
| 66 |
|
|
// HttpServletResponse response,
|
| 67 |
|
|
// Object handler, Exception ex) {
|
| 68 |
|
|
// log.info("I am here - afterCompletion ");
|
| 69 |
|
|
// }
|
| 70 |
|
|
|
| 71 |
58363
|
argiro.kok
|
}
|