Subversion Repositories SmartDukaan

Rev

Rev 23568 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 23568 Rev 23784
Line 1... Line 1...
1 
package com.spice.profitmandi.web.interceptor;
 1 
package com.spice.profitmandi.web.interceptor;
2 
 
 2 
 
3 
import java.util.HashSet;
 - 
 
4 
import java.util.Set;
 - 
 
5 
import java.util.function.Predicate;
 - 
 
6 
 
 - 
 
7 
import javax.servlet.http.HttpServletRequest;
 3 
import javax.servlet.http.HttpServletRequest;
8 
import javax.servlet.http.HttpServletResponse;
 4 
import javax.servlet.http.HttpServletResponse;
9 
 
 5 
 
10 
import org.apache.logging.log4j.Logger;
 - 
 
11 
import org.apache.logging.log4j.LogManager;
 6 
import org.apache.logging.log4j.LogManager;
- 
 
 7 
import org.apache.logging.log4j.Logger;
12 
import org.springframework.beans.factory.annotation.Autowired;
 8 
import org.springframework.beans.factory.annotation.Autowired;
13 
import org.springframework.http.HttpStatus;
 - 
 
14 
import org.springframework.http.MediaType;
 - 
 
15 
import org.springframework.stereotype.Component;
 9 
import org.springframework.stereotype.Component;
16 
import org.springframework.web.servlet.HandlerInterceptor;
 10 
import org.springframework.web.servlet.HandlerInterceptor;
17 
import org.springframework.web.servlet.ModelAndView;
 11 
import org.springframework.web.servlet.ModelAndView;
18 
 
 12 
 
19 
import com.spice.profitmandi.common.exception.ProfitMandiBusinessException;
 13 
import com.spice.profitmandi.common.exception.ProfitMandiBusinessException;
20 
import com.spice.profitmandi.dao.enumuration.dtr.RoleType;
 - 
 
21 
import com.spice.profitmandi.web.model.LoginDetails;
 14 
import com.spice.profitmandi.web.model.LoginDetails;
22 
import com.spice.profitmandi.web.util.CookiesProcessor;
 15 
import com.spice.profitmandi.web.util.CookiesProcessor;
23 
import com.spice.profitmandi.web.util.MVCResponseSender;
 16 
import com.spice.profitmandi.web.util.RoleManager;
24 
 
 17 
 
25 
@Component
 18 
@Component
26 
public class RoleInterceptor implements HandlerInterceptor {
 19 
public class RoleInterceptor implements HandlerInterceptor {
27 
 
 - 
 
28 
	private static final Logger LOGGER = LogManager.getLogger(RoleInterceptor.class);
 - 
 
29
- 
 
30 
	private static final Set<String> REQUESTED_URI_PATTERNS = new HashSet<>();
 - 
 
31 
	static{
 - 
 
32 
		REQUESTED_URI_PATTERNS.add("/fofo");
 - 
 
33 
		REQUESTED_URI_PATTERNS.add("/fofo/");
 - 
 
34 
		REQUESTED_URI_PATTERNS.add("/fofo/-?[0-9]{1,10}/edit");
 - 
 
35 
		REQUESTED_URI_PATTERNS.add("/fofo/-?[0-9]{1,10}/edit/");
 - 
 
36 
		REQUESTED_URI_PATTERNS.add("/fofo/-?[0-9]{1,10}/file-display");
 - 
 
37 
		REQUESTED_URI_PATTERNS.add("/fofo/-?[0-9]{1,10}/file-display/");
 - 
 
38 
	}
 - 
 
39
20
40 
	@Autowired
 21 
	@Autowired
41 
	private MVCResponseSender mvcResponseSender;
 22 
	private RoleManager roleManager;
- 
 
 23 
 
- 
 
 24 
	private static final Logger LOGGER = LogManager.getLogger(RoleInterceptor.class);
42
25
43 
	@Autowired
 26 
	@Autowired
44 
	private CookiesProcessor cookiesProcessor;
 27 
	private CookiesProcessor cookiesProcessor;
45
28
46 
	@Override
 29 
	@Override
Line 54... Line 37...
54 
		LOGGER.info("request is received after : "+request.getRequestURL().toString());
 37 
		LOGGER.info("request is received after : "+request.getRequestURL().toString());
55 
	}
 38 
	}
56 
 
 39 
 
57 
	@Override
 40 
	@Override
58 
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception {
 41 
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception {
59 
		LOGGER.info("request is received before uri : "+request.getRequestURI());
 42 
		LOGGER.info("request is received before uri [{}], method [{}]", request.getRequestURI(), request.getMethod());
60 
		LOGGER.info("Request method {}",request.getMethod());
 43 
		LoginDetails loginDetails = null;
61 
		try {
 44 
		try {
62 
			LoginDetails fofoDetails = cookiesProcessor.getCookiesObject(request);
 45 
			loginDetails = cookiesProcessor.getCookiesObject(request);
63 
			LOGGER.info(fofoDetails.toString());
 - 
 
64 
			if(
 - 
 
65 
				// condition start
 - 
 
66 
				// first condition start
 - 
 
67 
				(REQUESTED_URI_PATTERNS.stream().anyMatch(new Predicate<String>() {
 - 
 
68 
					@Override
 - 
 
69 
					public boolean test(String regexUriPattern) {
 - 
 
70 
						LOGGER.info("requestedUri {} == predefinedPattern {} => {}", request.getRequestURI(), request.getContextPath() + regexUriPattern, request.getRequestURI().matches(request.getContextPath() + regexUriPattern));
 - 
 
71 
						return request.getRequestURI().matches(request.getContextPath() + regexUriPattern);
 - 
 
72 
					};
 - 
 
73 
				})
 - 
 
74 
				// first condition end
 - 
 
75 
				&&
 - 
 
76 
				// second condition start
 - 
 
77 
				fofoDetails.getRoleTypes().contains(RoleType.FOFO_ADMIN)
 - 
 
78 
				)
- 
 
79 
				||
- 
 
80 
				(REQUESTED_URI_PATTERNS.stream().noneMatch((new Predicate<String>() {
 - 
 
81 
					@Override
 - 
 
82 
					public boolean test(String regexUriPattern) {
 - 
 
83 
						return request.getRequestURI().matches(request.getContextPath() + regexUriPattern);
 - 
 
84 
					};
 - 
 
85 
				}))
 - 
 
86 
				&&
 - 
 
87 
				fofoDetails.getRoleTypes().contains(RoleType.FOFO)
 - 
 
88 
				)
 - 
 
89 
			) {
 - 
 
90 
				return true;
 - 
 
91 
			} else {
 - 
 
92 
				LOGGER.error("Accessed Uri {} is forbidden", request.getRequestURI());
 - 
 
93 
				response.setStatus(HttpStatus.FORBIDDEN.value());
 - 
 
94 
				response.setContentType(MediaType.APPLICATION_JSON_VALUE);
 - 
 
95 
				response.setCharacterEncoding("UTF-8");
 - 
 
96 
				response.getWriter().write(mvcResponseSender.createResponseString("GE_1004", false, "/error"));
 - 
 
97 
				response.getWriter().flush();
 - 
 
98 
				return false;
 - 
 
99 
			}
 - 
 
100 
		} catch (ProfitMandiBusinessException e) {
 46 
		} catch (ProfitMandiBusinessException e) {
101 
			LOGGER.error("Requested session is expired", e);
 47 
			LOGGER.error("Requested session is expired", e);
102 
			return false;
 48 
			throw e;
103 
		}
 49 
		}
- 
 
 50 
		return roleManager.isAuthorizedURI(loginDetails.getRoleIds(), request.getContextPath(), request.getRequestURI(), request.getMethod());
104 
	}
 51 
	}
- 
 
 52
- 
 
 53
105 
}
 54 
}