• Home
• org.sklsft.commons
• commons-rest-security
• 3.0.0-M2
• source code
• DocumentAccessControlAspect.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sklsft.commons.rest.security.aspect.DocumentAccessControlAspect Maven / Gradle / Ivy

package org.sklsft.commons.rest.security.aspect;

import javax.servlet.http.Cookie;

import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.sklsft.commons.rest.security.annotations.DocumentAccessControl;
import org.sklsft.commons.rest.security.context.SecurityContextProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/**
 * The aspect responsible for getting the cookies and providing a security context.
 * 
 * @author Alexandre Rupp
 *
 */
@Aspect
public class DocumentAccessControlAspect {

	private static final Logger logger = LoggerFactory.getLogger(AccessControlAspect.class);

	private SecurityContextProvider securityContextProvider;
	

	public DocumentAccessControlAspect(SecurityContextProvider securityContextProvider) {
		super();
		this.securityContextProvider = securityContextProvider;
	}

	@Around("@annotation(documentAccessControl)")
	public Object handleAuthentication(ProceedingJoinPoint joinPoint, DocumentAccessControl documentAccessControl) throws Throwable {

		try {
			String token = extractCookie("img");
			securityContextProvider.provideUserSecurityContext(token);
			return joinPoint.proceed();

		} catch (Throwable t) {
			logger.error(t.getMessage(), t);
			throw t;
		} finally {
			securityContextProvider.clearSecurityContext();
		}
	}

	private String extractCookie(String key) {
		ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
		Cookie[] cookies = servletRequestAttributes.getRequest().getCookies();
		
		String imageToken = null;
		for(Cookie cookie : cookies){
			if(cookie.getName().equals(key)){
				imageToken = cookie.getValue();
				break;
			}
		}
		
		return imageToken;
	}
}