Example 1 with SecurityChecked
use of it.cnr.cool.security.SecurityChecked in project cool-jconon by consiglionazionaledellericerche.
the class SecurityCheckInterceptor method filter.
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
Object obj = uriInfo.getMatchedResources().get(0);
SecurityChecked sc = obj.getClass().getAnnotation(SecurityChecked.class);
if (sc.needExistingSession() && cmisService.getCMISUserFromSession(request).isGuest()) {
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity("Session exipred.").build());
}
if (sc.checkrbac()) {
String url = removePathParameter(request.getPathInfo(), uriInfo.getPathParameters());
LOGGER.debug(url);
CMISUser user = cmisService.getCMISUserFromSession(request);
if (!permission.isAuthorized(url, request.getMethod(), user.getId(), GroupsUtils.getGroups(user))) {
requestContext.abortWith(Response.status(Response.Status.FORBIDDEN).entity("User cannot access the resource.").build());
}
}
}
Also used :
CMISUser(it.cnr.cool.security.service.impl.alfresco.CMISUser)
SecurityChecked(it.cnr.cool.security.SecurityChecked)
Aggregations
SecurityChecked (it.cnr.cool.security.SecurityChecked)1
CMISUser (it.cnr.cool.security.service.impl.alfresco.CMISUser)1
