Subversion Repositories SmartDukaan

Rev

Rev 22139 | Rev 22860 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
22107 ashik.ali 1 
package com.spice.profitmandi.web.interceptor;
2 
 
3 
import java.util.HashSet;
4 
import java.util.Set;
5 
import java.util.function.Predicate;
6 
 
7 
import javax.servlet.http.HttpServletRequest;
8 
import javax.servlet.http.HttpServletResponse;
9 
 
10 
import org.slf4j.Logger;
11 
import org.slf4j.LoggerFactory;
12 
import org.springframework.beans.factory.annotation.Autowired;
13 
import org.springframework.http.HttpStatus;
14 
import org.springframework.http.MediaType;
15 
import org.springframework.stereotype.Component;
16 
import org.springframework.web.servlet.HandlerInterceptor;
17 
import org.springframework.web.servlet.ModelAndView;
18 
 
19 
import com.spice.profitmandi.common.exception.ProfitMandiBusinessException;
22533 ashik.ali 20 
import com.spice.profitmandi.common.web.util.ResponseSender;
22107 ashik.ali 21 
import com.spice.profitmandi.dao.enumuration.dtr.RoleType;
22 
import com.spice.profitmandi.dao.repository.dtr.UserRepository;
23 
import com.spice.profitmandi.dao.repository.dtr.UserRoleRepository;
22139 amit.gupta 24 
import com.spice.profitmandi.web.model.LoginDetails;
22107 ashik.ali 25 
import com.spice.profitmandi.web.util.CookiesProcessor;
26 
import com.spice.profitmandi.web.util.MVCResponseSender;
27 
 
28 
@Component
29 
public class RoleInterceptor implements HandlerInterceptor {
30 
 
31 
	private static final Logger LOGGER = LoggerFactory.getLogger(RoleInterceptor.class);
32 
 
33 
	private static final Set<String> REQUESTED_URI_PATTERNS = new HashSet<>();
34 
	static{
35 
		REQUESTED_URI_PATTERNS.add("/fofo");
22111 ashik.ali 36 
		REQUESTED_URI_PATTERNS.add("/fofo/");
37 
		REQUESTED_URI_PATTERNS.add("/fofo/-?[0-9]{1,10}/edit");
38 
		REQUESTED_URI_PATTERNS.add("/fofo/-?[0-9]{1,10}/edit/");
22533 ashik.ali 39 
		REQUESTED_URI_PATTERNS.add("/fofo/-?[0-9]{1,10}/file-display");
40 
		REQUESTED_URI_PATTERNS.add("/fofo/-?[0-9]{1,10}/file-display/");
22107 ashik.ali 41 
	}
42 
	@Autowired
43 
	UserRepository userRepository;
44 
 
45 
	@Autowired
46 
	UserRoleRepository userRoleRepository;
47 
 
48 
	@Autowired
49 
	MVCResponseSender mvcResponseSender;
50 
 
51 
	@Autowired
52 
	CookiesProcessor cookiesProcessor;
53 
 
22533 ashik.ali 54 
	@Autowired
55 
	ResponseSender<?> responseSender;
56 
 
22107 ashik.ali 57 
	@Override
58 
	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object arg2, Exception arg3)
59 
			throws Exception {
60 
	}
61 
 
62 
	@Override
63 
	public void postHandle(HttpServletRequest request, HttpServletResponse response, Object arg2, ModelAndView arg3)
64 
			throws Exception {
65 
		LOGGER.info("request is received after : "+request.getRequestURL().toString());
66 
	}
67 
 
68 
	@Override
69 
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception {
22109 ashik.ali 70 
		LOGGER.info("request is received before uri : "+request.getRequestURI());
22107 ashik.ali 71 
		LOGGER.info("Request method {}",request.getMethod());
72 
		try {
22139 amit.gupta 73 
			LoginDetails fofoDetails = cookiesProcessor.getCookiesObject(request);
22111 ashik.ali 74 
			LOGGER.info(fofoDetails.toString());
22107 ashik.ali 75 
			if(
76 
				// condition start
77 
				// first condition start
22139 amit.gupta 78 
				(REQUESTED_URI_PATTERNS.stream().anyMatch(new Predicate<String>() {
22107 ashik.ali 79 
					@Override
80 
					public boolean test(String regexUriPattern) {
22533 ashik.ali 81 
						LOGGER.info("requestedUri {} == predefinedPattern {} => {}", request.getRequestURI(), request.getContextPath() + regexUriPattern, request.getRequestURI().matches(request.getContextPath() + regexUriPattern));
22109 ashik.ali 82 
						return request.getRequestURI().matches(request.getContextPath() + regexUriPattern);
22139 amit.gupta 83 
					};
84 
				})
22107 ashik.ali 85 
				// first condition end
86 
				&&
87 
				// second condition start
22139 amit.gupta 88 
				fofoDetails.getRoleTypes().stream().anyMatch((new Predicate<RoleType>() {
22107 ashik.ali 89 
					@Override
22111 ashik.ali 90 
					public boolean test(RoleType roleType) {
91 
						return roleType == RoleType.FOFO_ADMIN;
22139 amit.gupta 92 
					};
93 
				}))
94 
				)
95 
				||
96 
				(REQUESTED_URI_PATTERNS.stream().noneMatch((new Predicate<String>() {
97 
					@Override
98 
					public boolean test(String regexUriPattern) {
99 
						return request.getRequestURI().matches(request.getContextPath() + regexUriPattern);
100 
					};
101 
				}))
102 
				&&
22533 ashik.ali 103 
				fofoDetails.getRoleTypes().contains(RoleType.FOFO)
22139 amit.gupta 104 
				)
105 
			) {
106 
				return true;
107 
			} else {
22111 ashik.ali 108 
				LOGGER.error("Accessed Uri {} is forbidden", request.getRequestURI());
22107 ashik.ali 109 
				response.setStatus(HttpStatus.FORBIDDEN.value());
110 
				response.setContentType(MediaType.APPLICATION_JSON_VALUE);
111 
				response.setCharacterEncoding("UTF-8");
112 
				response.getWriter().write(mvcResponseSender.createResponseString("GE_1004", false, "/error"));
113 
				response.getWriter().flush();
22111 ashik.ali 114 
				return false;
22107 ashik.ali 115 
			}
116 
		} catch (ProfitMandiBusinessException e) {
117 
			LOGGER.error("Requested session is expired", e);
118 
			return false;
119 
		}
120 
	}
121 
}