Examples with SecurityFacade - com.manydesigns.portofino.security.SecurityFacade

Example 1 with SecurityFacade

use of com.manydesigns.portofino.security.SecurityFacade in project Portofino by ManyDesigns.

the class PortofinoFilter method filter.

@Override
public void filter(ContainerRequestContext requestContext) {
    UriInfo uriInfo = requestContext.getUriInfo();
    if (uriInfo.getMatchedResources().isEmpty()) {
        return;
    }
    Object resource = uriInfo.getMatchedResources().get(0);
    if (resourceInfo == null || resourceInfo.getResourceClass() == null) {
        return;
    }
    if (resource.getClass() != resourceInfo.getResourceClass()) {
        throw new RuntimeException("Inconsistency: matched resource is not of the right type, " + resourceInfo.getResourceClass());
    }
    logger.debug("Setting up logging MDC");
    MDC.clear();
    HttpServletRequest request = ElementsThreadLocals.getHttpServletRequest();
    if (request != null) {
        MDC.put("req.requestURI", request.getRequestURI());
    }
    if (resource instanceof ResourceAction) {
        ResourceAction resourceAction = (ResourceAction) resource;
        logger.debug("Retrieving user");
        Object userId = resourceAction.getSecurity().getUserId();
        if (userId != null) {
            // Issue #755
            MDC.put("userId", userId.toString());
        }
        OgnlContext ognlContext = ElementsThreadLocals.getOgnlContext();
        ognlContext.put("securityUtils", resourceAction.getSecurity().getSecurityUtilsBean());
        resourceAction.prepareForExecution();
    }
    WebApplicationContext context = WebApplicationContextUtils.getWebApplicationContext(servletContext);
    SecurityFacade facade = NoSecurity.AT_ALL;
    if (context != null) {
        try {
            facade = context.getBean(SecurityFacade.class);
        } catch (NoSuchBeanDefinitionException e) {
            logger.debug("No security facade found, using no-op", e);
        }
    }
    facade.checkWebResourceIsAccessible(requestContext, resource, resourceInfo.getResourceMethod());
    if (resource instanceof ResourceAction) {
        checkResourceActionInvocation(requestContext, (ResourceAction) resource);
    }
    Method resourceMethod = resourceInfo.getResourceMethod();
    if (isAccessToBeLogged(resource, resourceMethod)) {
        accessLogger.info(requestContext.getMethod() + " " + resourceMethod.getName() + ", queryString " + request.getQueryString());
    }
}

Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) SecurityFacade(com.manydesigns.portofino.security.SecurityFacade) Method(java.lang.reflect.Method) NoSuchBeanDefinitionException(org.springframework.beans.factory.NoSuchBeanDefinitionException) UriInfo(javax.ws.rs.core.UriInfo) ResourceAction(com.manydesigns.portofino.resourceactions.ResourceAction) OgnlContext(ognl.OgnlContext) WebApplicationContext(org.springframework.web.context.WebApplicationContext)

Aggregations

ResourceAction (com.manydesigns.portofino.resourceactions.ResourceAction)1 SecurityFacade (com.manydesigns.portofino.security.SecurityFacade)1 Method (java.lang.reflect.Method)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 UriInfo (javax.ws.rs.core.UriInfo)1 OgnlContext (ognl.OgnlContext)1 NoSuchBeanDefinitionException (org.springframework.beans.factory.NoSuchBeanDefinitionException)1 WebApplicationContext (org.springframework.web.context.WebApplicationContext)1