package pt.estgp.estgweb.filters.filters;
import pt.estgp.estgweb.filters.chains.LoadControlFilter;
import pt.estgp.estgweb.filters.exceptions.AccessDeniedOperationException;
import pt.estgp.estgweb.filters.filters.utils.LoadObjectFromParameters;
import pt.estgp.estgweb.utils.ConfigProperties;
import pt.estgp.estgweb.utils.RoleManager;
import pt.estgp.estgweb.domain.UserSession;
import pt.estgp.estgweb.domain.ITargetRoles;
import pt.estgp.estgweb.Globals;
import pt.utl.ist.berserk.ServiceRequest;
import pt.utl.ist.berserk.ServiceResponse;
import pt.utl.ist.berserk.logic.filterManager.exceptions.FilterException;
import pt.utl.ist.berserk.logic.filterManager.FilterParameters;
import org.apache.log4j.Logger;
import java.util.List;
public class TargetRoleUsersClass
extends LoadControlFilter
{
private static final 1.5.0/docs/api/java/util/logging/Logger.html">Logger logger =
1.5.0/docs/api/java/util/logging/Logger.html">Logger.
getLogger(TargetRoleUsersClass.
class);
private static final 1.5.0/docs/api/java/lang/String.html">String ALL_ROLE = ConfigProperties.
getProperty("user.super");
public void execute
(ServiceRequest request, ServiceResponse response
)
throws FilterException,
1.5.0/docs/api/java/lang/Exception.html">Exception
{
}
public void execute
(ServiceRequest request, ServiceResponse response, FilterParameters filterParameters
) throws FilterException,
1.5.0/docs/api/java/lang/Exception.html">Exception
{
ITargetRoles iTargetRoles =
(ITargetRoles
) LoadObjectFromParameters.
loadObjectFromClassName((1.5.0/docs/api/java/lang/String.html">String) filterParameters.
getParameter(1
),filterParameters,request.
getServiceParameters());
List
<String
> targetRoles = iTargetRoles.
getTargetRolesList();
if(targetRoles.
contains(ALL_ROLE
))
return;
UserSession userSession =
(UserSession
) request.
getServiceParameters().
getParameter(Globals.
USER_SESSION_KEY);
if(RoleManager.
hasRole(userSession.
getUser(), ALL_ROLE
) || userSession.
getUser().
isSuperuser())
return;
if(!RoleManager.
hasRole(userSession.
getUser(),iTargetRoles.
getTargetRolesList()))
{
logger.
warn(userSession.
getUser().
getUsername() +
": try access restricted area");
throw new AccessDeniedOperationException
("fail.role");
}
}
}