1 package org.openecomp.sdc.itempermissions.servlet;
3 import org.openecomp.sdc.itempermissions.PermissionsServices;
4 import org.openecomp.sdc.itempermissions.PermissionsServicesFactory;
6 import javax.servlet.Filter;
7 import javax.servlet.FilterChain;
8 import javax.servlet.FilterConfig;
9 import javax.servlet.ServletException;
10 import javax.servlet.ServletRequest;
11 import javax.servlet.ServletResponse;
12 import javax.servlet.http.HttpServletRequest;
13 import javax.servlet.http.HttpServletResponse;
14 import java.io.IOException;
17 * Created by ayalaben on 6/27/2017.
19 public class PermissionsFilter implements Filter {
21 private final PermissionsServices permissionsServices;
22 public static final String IRRELEVANT_REQUEST = "Irrelevant_Request";
23 public static final String EDIT_ITEM = "Edit_Item";
25 public PermissionsFilter() {
26 this.permissionsServices = PermissionsServicesFactory.getInstance().createInterface();
30 public void init(FilterConfig filterConfig) throws ServletException {
35 public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
36 FilterChain filterChain) throws IOException, ServletException {
38 if (servletRequest instanceof HttpServletRequest) {
39 if (((HttpServletRequest) servletRequest).getMethod().equals("POST")
40 || ((HttpServletRequest) servletRequest).getMethod().equals("PUT")) {
42 String userId = ((HttpServletRequest) servletRequest).getHeader("USER_ID");
43 String itemId = parseItemIdFromPath(((HttpServletRequest) servletRequest).getPathInfo());
44 if ( ! itemId.equals(IRRELEVANT_REQUEST)) {
45 if ( ! permissionsServices.isAllowed(itemId,userId,EDIT_ITEM)) {
46 ((HttpServletResponse) servletResponse).setStatus(HttpServletResponse.SC_FORBIDDEN);
47 servletResponse.getWriter().print("Permissions Error. The user does not have " +
48 "permission to perform" +
56 filterChain.doFilter(servletRequest, servletResponse);
59 private String parseItemIdFromPath(String pathInfo) {
60 String[] tokens = pathInfo.split("/");
61 if (tokens.length < 4) {
62 return IRRELEVANT_REQUEST;
69 public void destroy() {