2 * Copyright © 2016-2017 European Support Limited
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package org.openecomp.sdc.itempermissions.servlet;
19 import java.io.IOException;
20 import javax.servlet.Filter;
21 import javax.servlet.FilterChain;
22 import javax.servlet.FilterConfig;
23 import javax.servlet.ServletException;
24 import javax.servlet.ServletRequest;
25 import javax.servlet.ServletResponse;
26 import javax.servlet.http.HttpServletRequest;
27 import javax.servlet.http.HttpServletResponse;
28 import javax.ws.rs.HttpMethod;
29 import javax.ws.rs.core.Response;
31 import org.codehaus.jackson.map.ObjectMapper;
32 import org.openecomp.sdc.common.errors.ErrorCode;
33 import org.openecomp.sdc.common.errors.ErrorCodeAndMessage;
34 import org.openecomp.sdc.common.errors.Messages;
35 import org.openecomp.sdc.itempermissions.PermissionsServices;
36 import org.openecomp.sdc.itempermissions.PermissionsServicesFactory;
37 import org.openecomp.sdc.logging.api.Logger;
38 import org.openecomp.sdc.logging.api.LoggerFactory;
41 * Created by ayalaben on 6/27/2017.
43 public class PermissionsFilter implements Filter {
45 private static final Logger LOGGER = LoggerFactory.getLogger(PermissionsFilter.class);
46 private final PermissionsServices permissionsServices;
47 private static final String IRRELEVANT_REQUEST = "Irrelevant_Request";
48 private static final String EDIT_ITEM = "Edit_Item";
50 public PermissionsFilter() {
51 this.permissionsServices = PermissionsServicesFactory.getInstance().createInterface();
55 public void init(FilterConfig filterConfig) {
56 // required by servlet API
60 public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
61 throws IOException, ServletException {
63 if ((servletRequest instanceof HttpServletRequest)
64 && isRelevant((HttpServletRequest) servletRequest, servletResponse)) {
65 filterChain.doFilter(servletRequest, servletResponse);
69 private boolean isRelevant(HttpServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
70 String method = servletRequest.getMethod();
71 if (method.equals(HttpMethod.POST) || method.equals(HttpMethod.PUT) || method.equals(HttpMethod.DELETE)) {
73 String userId = servletRequest.getHeader("USER_ID");
74 String itemId = parseItemIdFromPath(servletRequest.getPathInfo());
76 if (!itemId.equals(IRRELEVANT_REQUEST) && !permissionsServices.isAllowed(itemId, userId, EDIT_ITEM)) {
77 ((HttpServletResponse) servletResponse).setStatus(HttpServletResponse.SC_FORBIDDEN);
78 servletResponse.getWriter().print(buildResponse(Response.Status.FORBIDDEN,
79 Messages.PERMISSIONS_ERROR.getErrorMessage(),
80 Messages.PERMISSIONS_ERROR.name()));
88 private String parseItemIdFromPath(String pathInfo) {
89 String[] tokens = pathInfo.split("/");
90 if (tokens.length < 4) {
91 return IRRELEVANT_REQUEST;
98 public void destroy() {
99 // required by serlvet API
102 private String buildResponse(Response.Status status, String message, String id) {
103 ErrorCode errorCode = new ErrorCode.ErrorCodeBuilder()
105 .withMessage(message).build();
106 return objectToJsonString(new ErrorCodeAndMessage(status, errorCode));
109 private String objectToJsonString(Object obj) {
111 return new ObjectMapper().writerWithDefaultPrettyPrinter().writeValueAsString(obj);
112 } catch (Exception e) {
113 LOGGER.error(e.getMessage(), e);
114 return "An internal error has occurred. Please contact support.";
Code Review / sdc.git / blob