openecomp-be/lib/openecomp-item-permissions-lib/openecomp-item-permissions-core/src/main/java/org/openecomp/sdc/itempermissions/servlet/PermissionsFilter.java

   1 package org.openecomp.sdc.itempermissions.servlet;
   2
   3 import org.openecomp.sdc.itempermissions.PermissionsServices;
   4 import org.openecomp.sdc.itempermissions.PermissionsServicesFactory;
   5
   6 import javax.servlet.Filter;
   7 import javax.servlet.FilterChain;
   8 import javax.servlet.FilterConfig;
   9 import javax.servlet.ServletException;
  10 import javax.servlet.ServletRequest;
  11 import javax.servlet.ServletResponse;
  12 import javax.servlet.http.HttpServletRequest;
  13 import javax.servlet.http.HttpServletResponse;
  14 import java.io.IOException;
  15
  16 /**
  17  * Created by ayalaben on 6/27/2017.
  18  */
  19 public class PermissionsFilter implements Filter {
  20
  21   private final PermissionsServices permissionsServices;
  22   public static final String IRRELEVANT_REQUEST = "Irrelevant_Request";
  23   public static final String EDIT_ITEM = "Edit_Item";
  24
  25   public PermissionsFilter() {
  26     this.permissionsServices = PermissionsServicesFactory.getInstance().createInterface();
  27   }
  28
  29   @Override
  30   public void init(FilterConfig filterConfig) throws ServletException {
  31
  32   }
  33
  34   @Override
  35   public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
  36                        FilterChain filterChain) throws IOException, ServletException {
  37
  38     if (servletRequest instanceof HttpServletRequest) {
  39       if (((HttpServletRequest) servletRequest).getMethod().equals("POST")
  40             ||  ((HttpServletRequest) servletRequest).getMethod().equals("PUT")) {
  41
  42         String userId = ((HttpServletRequest) servletRequest).getHeader("USER_ID");
  43         String itemId = parseItemIdFromPath(((HttpServletRequest) servletRequest).getPathInfo());
  44         if ( ! itemId.equals(IRRELEVANT_REQUEST)) {
  45           if ( !  permissionsServices.isAllowed(itemId,userId,EDIT_ITEM)) {
  46             ((HttpServletResponse) servletResponse).setStatus(HttpServletResponse.SC_FORBIDDEN);
  47             servletResponse.getWriter().print("Permissions Error. The user does not have " +
  48                 "permission to perform" +
  49                 " this action.");
  50            return;
  51           }
  52         }
  53       }
  54     }
  55
  56     filterChain.doFilter(servletRequest, servletResponse);
  57   }
  58
  59   private String parseItemIdFromPath(String pathInfo) {
  60     String[] tokens = pathInfo.split("/");
  61     if (tokens.length < 4) {
  62       return IRRELEVANT_REQUEST;
  63     } else {
  64       return tokens[3];
  65     }
  66   }
  67
  68   @Override
  69   public void destroy() {
  70
  71   }
  72 }