| Line 1... |
Line 1... |
| 1 |
package com.spice.profitmandi.web.interceptor;
|
1 |
package com.spice.profitmandi.web.interceptor;
|
| 2 |
|
2 |
|
| 3 |
import java.util.HashSet;
|
3 |
import java.util.HashSet;
|
| 4 |
import java.util.List;
|
- |
|
| 5 |
import java.util.Set;
|
4 |
import java.util.Set;
|
| 6 |
import java.util.function.Predicate;
|
5 |
import java.util.function.Predicate;
|
| 7 |
|
6 |
|
| 8 |
import javax.servlet.http.HttpServletRequest;
|
7 |
import javax.servlet.http.HttpServletRequest;
|
| 9 |
import javax.servlet.http.HttpServletResponse;
|
8 |
import javax.servlet.http.HttpServletResponse;
|
| Line 16... |
Line 15... |
| 16 |
import org.springframework.stereotype.Component;
|
15 |
import org.springframework.stereotype.Component;
|
| 17 |
import org.springframework.web.servlet.HandlerInterceptor;
|
16 |
import org.springframework.web.servlet.HandlerInterceptor;
|
| 18 |
import org.springframework.web.servlet.ModelAndView;
|
17 |
import org.springframework.web.servlet.ModelAndView;
|
| 19 |
|
18 |
|
| 20 |
import com.spice.profitmandi.common.exception.ProfitMandiBusinessException;
|
19 |
import com.spice.profitmandi.common.exception.ProfitMandiBusinessException;
|
| 21 |
import com.spice.profitmandi.dao.entity.dtr.User;
|
- |
|
| 22 |
import com.spice.profitmandi.dao.entity.dtr.UserRole;
|
- |
|
| 23 |
import com.spice.profitmandi.dao.enumuration.dtr.RoleType;
|
20 |
import com.spice.profitmandi.dao.enumuration.dtr.RoleType;
|
| 24 |
import com.spice.profitmandi.dao.repository.dtr.UserRepository;
|
21 |
import com.spice.profitmandi.dao.repository.dtr.UserRepository;
|
| 25 |
import com.spice.profitmandi.dao.repository.dtr.UserRoleRepository;
|
22 |
import com.spice.profitmandi.dao.repository.dtr.UserRoleRepository;
|
| 26 |
import com.spice.profitmandi.web.model.FofoDetails;
|
23 |
import com.spice.profitmandi.web.model.FofoDetails;
|
| 27 |
import com.spice.profitmandi.web.util.CookiesProcessor;
|
24 |
import com.spice.profitmandi.web.util.CookiesProcessor;
|
| 28 |
import com.spice.profitmandi.web.util.MVCResponseSender;
|
25 |
import com.spice.profitmandi.web.util.MVCResponseSender;
|
| 29 |
|
26 |
|
| - |
|
27 |
import in.shop2020.utils.Role;
|
| - |
|
28 |
|
| 30 |
@Component
|
29 |
@Component
|
| 31 |
public class RoleInterceptor implements HandlerInterceptor {
|
30 |
public class RoleInterceptor implements HandlerInterceptor {
|
| 32 |
|
31 |
|
| 33 |
private static final Logger LOGGER = LoggerFactory.getLogger(RoleInterceptor.class);
|
32 |
private static final Logger LOGGER = LoggerFactory.getLogger(RoleInterceptor.class);
|
| 34 |
|
33 |
|
| 35 |
private static final Set<String> REQUESTED_URI_PATTERNS = new HashSet<>();
|
34 |
private static final Set<String> REQUESTED_URI_PATTERNS = new HashSet<>();
|
| 36 |
static{
|
35 |
static{
|
| 37 |
REQUESTED_URI_PATTERNS.add("/fofo");
|
36 |
REQUESTED_URI_PATTERNS.add("/fofo");
|
| - |
|
37 |
REQUESTED_URI_PATTERNS.add("/fofo/");
|
| 38 |
REQUESTED_URI_PATTERNS.add("/fofo/[0-9]{1,6}/edit");
|
38 |
REQUESTED_URI_PATTERNS.add("/fofo/-?[0-9]{1,10}/edit");
|
| - |
|
39 |
REQUESTED_URI_PATTERNS.add("/fofo/-?[0-9]{1,10}/edit/");
|
| 39 |
REQUESTED_URI_PATTERNS.add("/file-display/[1-9]{1,6}");
|
40 |
REQUESTED_URI_PATTERNS.add("/file-display/-?[1-9]{1,10}");
|
| - |
|
41 |
REQUESTED_URI_PATTERNS.add("/file-display/-?[1-9]{1,10}/");
|
| 40 |
}
|
42 |
}
|
| 41 |
@Autowired
|
43 |
@Autowired
|
| 42 |
UserRepository userRepository;
|
44 |
UserRepository userRepository;
|
| 43 |
|
45 |
|
| 44 |
@Autowired
|
46 |
@Autowired
|
| Line 65... |
Line 67... |
| 65 |
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception {
|
67 |
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception {
|
| 66 |
LOGGER.info("request is received before uri : "+request.getRequestURI());
|
68 |
LOGGER.info("request is received before uri : "+request.getRequestURI());
|
| 67 |
LOGGER.info("Request method {}",request.getMethod());
|
69 |
LOGGER.info("Request method {}",request.getMethod());
|
| 68 |
try {
|
70 |
try {
|
| 69 |
FofoDetails fofoDetails = cookiesProcessor.getCookiesObject(request);
|
71 |
FofoDetails fofoDetails = cookiesProcessor.getCookiesObject(request);
|
| 70 |
User user = userRepository.selectByEmailId(fofoDetails.getEmailId());
|
72 |
LOGGER.info(fofoDetails.toString());
|
| 71 |
List<UserRole> userRoles = userRoleRepository.selectByUserId(user.getId());
|
- |
|
| 72 |
if(
|
73 |
if(
|
| 73 |
// condition start
|
74 |
// condition start
|
| 74 |
// first condition start
|
75 |
// first condition start
|
| 75 |
REQUESTED_URI_PATTERNS.stream().anyMatch(new Predicate<String>() {
|
76 |
REQUESTED_URI_PATTERNS.stream().anyMatch(new Predicate<String>() {
|
| 76 |
@Override
|
77 |
@Override
|
| 77 |
public boolean test(String regexUriPattern) {
|
78 |
public boolean test(String regexUriPattern) {
|
| - |
|
79 |
LOGGER.info("requestedUri == predefinedPattern {}=={} => {}", request.getRequestURI(), regexUriPattern, request.getRequestURI().matches(request.getContextPath() + regexUriPattern));
|
| 78 |
return request.getRequestURI().matches(request.getContextPath() + regexUriPattern);
|
80 |
return request.getRequestURI().matches(request.getContextPath() + regexUriPattern);
|
| 79 |
};})
|
81 |
};})
|
| 80 |
// first condition end
|
82 |
// first condition end
|
| 81 |
&&
|
83 |
&&
|
| 82 |
// second condition start
|
84 |
// second condition start
|
| 83 |
userRoles.stream().anyMatch(new Predicate<UserRole>() {
|
85 |
fofoDetails.getRoleTypes().stream().noneMatch(new Predicate<RoleType>() {
|
| 84 |
@Override
|
86 |
@Override
|
| 85 |
public boolean test(UserRole userRole) {
|
87 |
public boolean test(RoleType roleType) {
|
| - |
|
88 |
LOGGER.info("roleType == actualRoleType {}!={} => {}", roleType, RoleType.FOFO_ADMIN, roleType != RoleType.FOFO_ADMIN);
|
| 86 |
return userRole.getRoleType() == RoleType.FOFO_ADMIN;
|
89 |
return roleType == RoleType.FOFO_ADMIN;
|
| 87 |
}
|
- |
|
| 88 |
}))
|
90 |
};}))
|
| 89 |
// second condition end
|
91 |
// second condition end
|
| 90 |
// condition end
|
92 |
// condition end
|
| 91 |
{
|
93 |
{
|
| - |
|
94 |
LOGGER.error("Accessed Uri {} is forbidden", request.getRequestURI());
|
| 92 |
response.setStatus(HttpStatus.FORBIDDEN.value());
|
95 |
response.setStatus(HttpStatus.FORBIDDEN.value());
|
| 93 |
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
|
96 |
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
|
| 94 |
response.setCharacterEncoding("UTF-8");
|
97 |
response.setCharacterEncoding("UTF-8");
|
| 95 |
response.getWriter().write(mvcResponseSender.createResponseString("GE_1004", false, "/error"));
|
98 |
response.getWriter().write(mvcResponseSender.createResponseString("GE_1004", false, "/error"));
|
| 96 |
response.getWriter().flush();
|
99 |
response.getWriter().flush();
|
| - |
|
100 |
return false;
|
| 97 |
}
|
101 |
}
|
| 98 |
return true;
|
102 |
return true;
|
| 99 |
} catch (ProfitMandiBusinessException e) {
|
103 |
} catch (ProfitMandiBusinessException e) {
|
| 100 |
LOGGER.error("Requested session is expired", e);
|
104 |
LOGGER.error("Requested session is expired", e);
|
| 101 |
return false;
|
105 |
return false;
|