Rev 22860 | Rev 23173 | Go to most recent revision | View as "text/plain" | Blame | Compare with Previous | Last modification | View Log | RSS feed
package com.spice.profitmandi.web.interceptor;import java.util.HashSet;import java.util.Set;import java.util.function.Predicate;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.http.HttpStatus;import org.springframework.http.MediaType;import org.springframework.stereotype.Component;import org.springframework.web.servlet.HandlerInterceptor;import org.springframework.web.servlet.ModelAndView;import com.spice.profitmandi.common.exception.ProfitMandiBusinessException;import com.spice.profitmandi.dao.enumuration.dtr.RoleType;import com.spice.profitmandi.web.model.LoginDetails;import com.spice.profitmandi.web.util.CookiesProcessor;import com.spice.profitmandi.web.util.MVCResponseSender;@Componentpublic class RoleInterceptor implements HandlerInterceptor {private static final Logger LOGGER = LoggerFactory.getLogger(RoleInterceptor.class);private static final Set<String> REQUESTED_URI_PATTERNS = new HashSet<>();static{REQUESTED_URI_PATTERNS.add("/fofo");REQUESTED_URI_PATTERNS.add("/fofo/");REQUESTED_URI_PATTERNS.add("/fofo/-?[0-9]{1,10}/edit");REQUESTED_URI_PATTERNS.add("/fofo/-?[0-9]{1,10}/edit/");REQUESTED_URI_PATTERNS.add("/fofo/-?[0-9]{1,10}/file-display");REQUESTED_URI_PATTERNS.add("/fofo/-?[0-9]{1,10}/file-display/");REQUESTED_URI_PATTERNS.add("/adminDashboard");}@Autowiredprivate MVCResponseSender mvcResponseSender;@Autowiredprivate CookiesProcessor cookiesProcessor;@Overridepublic void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object arg2, Exception arg3)throws Exception {}@Overridepublic void postHandle(HttpServletRequest request, HttpServletResponse response, Object arg2, ModelAndView arg3)throws Exception {LOGGER.info("request is received after : "+request.getRequestURL().toString());}@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception {LOGGER.info("request is received before uri : "+request.getRequestURI());LOGGER.info("Request method {}",request.getMethod());try {LoginDetails fofoDetails = cookiesProcessor.getCookiesObject(request);LOGGER.info(fofoDetails.toString());if(// condition start// first condition start(REQUESTED_URI_PATTERNS.stream().anyMatch(new Predicate<String>() {@Overridepublic boolean test(String regexUriPattern) {LOGGER.info("requestedUri {} == predefinedPattern {} => {}", request.getRequestURI(), request.getContextPath() + regexUriPattern, request.getRequestURI().matches(request.getContextPath() + regexUriPattern));return request.getRequestURI().matches(request.getContextPath() + regexUriPattern);};})// first condition end&&// second condition startfofoDetails.getRoleTypes().contains(RoleType.FOFO_ADMIN))||(REQUESTED_URI_PATTERNS.stream().noneMatch((new Predicate<String>() {@Overridepublic boolean test(String regexUriPattern) {return request.getRequestURI().matches(request.getContextPath() + regexUriPattern);};}))&&fofoDetails.getRoleTypes().contains(RoleType.FOFO))) {return true;} else {LOGGER.error("Accessed Uri {} is forbidden", request.getRequestURI());response.setStatus(HttpStatus.FORBIDDEN.value());response.setContentType(MediaType.APPLICATION_JSON_VALUE);response.setCharacterEncoding("UTF-8");response.getWriter().write(mvcResponseSender.createResponseString("GE_1004", false, "/error"));response.getWriter().flush();return false;}} catch (ProfitMandiBusinessException e) {LOGGER.error("Requested session is expired", e);return false;}}}