Open Kilda Java Documentation
RequestInterceptor.java
Go to the documentation of this file.
1 package org.openkilda.auth.interceptor;
2 
3 import org.slf4j.Logger;
4 import org.slf4j.LoggerFactory;
5 import org.slf4j.MDC;
6 
7 import org.springframework.beans.factory.annotation.Autowired;
8 import org.springframework.stereotype.Component;
9 import org.springframework.web.method.HandlerMethod;
10 import org.springframework.web.servlet.ModelAndView;
11 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
12 
13 import java.nio.file.AccessDeniedException;
14 import java.util.HashSet;
15 import java.util.List;
16 import java.util.Set;
17 import java.util.UUID;
18 
19 import javax.servlet.http.HttpServletRequest;
20 import javax.servlet.http.HttpServletResponse;
21 import javax.servlet.http.HttpSession;
22 
23 import org.openkilda.auth.context.ServerContext;
24 import org.openkilda.auth.model.Permissions;
25 import org.openkilda.auth.model.RequestContext;
26 import org.openkilda.constants.IConstants;
27 import org.openkilda.constants.Status;
28 import org.usermanagement.dao.entity.UserEntity;
29 import org.usermanagement.dao.repository.UserRepository;
30 import org.usermanagement.model.Permission;
31 import org.usermanagement.model.Role;
32 import org.usermanagement.model.UserInfo;
33 import org.usermanagement.service.PermissionService;
34 import org.usermanagement.service.RoleService;
35 import org.usermanagement.util.MessageUtils;
36 
37 
38 @Component
39 public class RequestInterceptor extends HandlerInterceptorAdapter {
40 
41  private static final Logger LOGGER = LoggerFactory.getLogger(RequestInterceptor.class);
42  private static final String CORRELATION_ID = "correlationid";
43 
44  @Autowired
45  private ServerContext serverContext;
46 
47  @Autowired
48  private RoleService roleService;
49 
50  @Autowired
51  private PermissionService permissionService;
52 
53  @Autowired
54  private MessageUtils messageUtils;
55 
56  @Autowired
57  private UserRepository userRepository;
58 
59  @Override
60  public boolean preHandle(final HttpServletRequest request, final HttpServletResponse response,
61  final Object handler) throws Exception {
62  String correlationId = request.getParameter(CORRELATION_ID);
63  correlationId = correlationId == null ? UUID.randomUUID().toString() : correlationId;
64 
65  try {
66  MDC.put(CORRELATION_ID, correlationId);
67  HttpSession session = request.getSession();
68  UserInfo userInfo = null;
69 
70  userInfo = (UserInfo) session.getAttribute(IConstants.SESSION_OBJECT);
71  if (userInfo != null) {
72  if (handler instanceof HandlerMethod) {
73  HandlerMethod handlerMethod = (HandlerMethod) handler;
74  Permissions permissions =
75  handlerMethod.getMethod().getAnnotation(Permissions.class);
76  if (permissions != null) {
77  validateAndPopulatePermisssion(userInfo, permissions);
78  }
79  }
80  updateRequestContext(correlationId, request, userInfo);
81  }
82  } catch (IllegalStateException ex) {
83  LOGGER.error(
84  "[getLoggedInUser] Exception while retrieving user information from session. Exception: "
85  + ex.getLocalizedMessage(),
86  ex);
87  }
88  return true;
89  }
90 
91  @Override
92  public void postHandle(final HttpServletRequest request, final HttpServletResponse response,
93  final Object handler, final ModelAndView modelAndView) throws Exception {
94  super.postHandle(request, response, handler, modelAndView);
95  MDC.remove(CORRELATION_ID);
96  }
97 
98  private void updateRequestContext(final String correlationId, final HttpServletRequest request,
99  final UserInfo userInfo) {
100  RequestContext requestContext = serverContext.getRequestContext();
101  requestContext.setCorrelationId(correlationId);
102  requestContext.setUserId(userInfo.getUserId());
103  requestContext.setUserName(userInfo.getUsername());
104  requestContext.setPermissions(userInfo.getPermissions());
105 
106  requestContext.setClientIpAddress(getClientIp(request));
107  }
108 
109  private void validateAndPopulatePermisssion(final UserInfo userInfo,
110  final Permissions permissions) throws Exception {
111  if (!permissions.checkObjectAccessPermissions()) {
112  if (!hasPermissions(userInfo, permissions.values())) {
113  LOGGER.error("Access Denied. User(id: " + userInfo.getUserId()
114  + ") not have the permission to perform this operation. Permissions required " + permissions.values());
115  throw new AccessDeniedException(messageUtils.getUnauthorizedMessage());
116  }
117  }
118  }
119 
120  private boolean hasPermissions(final UserInfo userInfo, final String... permissions) {
121  boolean hasPermission = true;
122  Set<String> availablePermissions = availablePermissions(userInfo);
123  if (!availablePermissions.isEmpty()) {
124  for (String permission : permissions) {
125  if (!availablePermissions.contains(permission)) {
126  hasPermission = false;
127  break;
128  }
129  }
130  } else {
131  hasPermission = false;
132  }
133  return hasPermission;
134  }
135 
136  private Set<String> availablePermissions(final UserInfo userInfo) {
137  Set<String> availablePermissions = new HashSet<>();
138  UserEntity userEntity = userRepository.findByUserId(userInfo.getUserId());
139  if (userInfo.getUserId() != 1 && userEntity != null
140  && Status.ACTIVE.getStatusEntity().equals(userEntity.getStatusEntity())) {
141  Set<String> roles = userInfo.getRoles();
142  if (roles != null && roles.size() > 0) {
143  List<Role> roleList = roleService.getRoleByName(roles);
144  for (Role role : roleList) {
145  if (Status.ACTIVE.getStatusEntity().getStatus()
146  .equalsIgnoreCase(role.getStatus()) && role.getPermissions() != null) {
147  for (Permission permission : role.getPermissions()) {
148  if (Status.ACTIVE.getStatusEntity().getStatus()
149  .equalsIgnoreCase(permission.getStatus())) {
150  availablePermissions.add(permission.getName());
151  }
152  }
153  }
154  }
155  }
156  } else {
157  List<Permission> permissions = permissionService.getAllPermission(userInfo.getUserId());
158  for (Permission permission : permissions) {
159  availablePermissions.add(permission.getName());
160  }
161  }
162  userInfo.setPermissions(availablePermissions);
163  return availablePermissions;
164  }
165 
166  private static String getClientIp(final HttpServletRequest request) {
167  String remoteAddr = "";
168  if (request != null) {
169  remoteAddr = request.getHeader("X-FORWARDED-FOR");
170  if (remoteAddr == null || "".equals(remoteAddr)) {
171  remoteAddr = request.getRemoteAddr();
172  }
173  }
174 
175  return remoteAddr;
176  }
177 
178 }
org.openkilda.auth.interceptor.RequestInterceptor.postHandle
void postHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler, final ModelAndView modelAndView)
Definition: RequestInterceptor.java:92
org.openkilda.auth.interceptor.RequestInterceptor.preHandle
boolean preHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler)
Definition: RequestInterceptor.java:60
org.openkilda.constants.IConstants.SESSION_OBJECT
static final String SESSION_OBJECT
Definition: IConstants.java:15
org.openkilda.auth.model.RequestContext.setClientIpAddress
void setClientIpAddress(final String clientIpAddress)
Definition: RequestContext.java:54
org.openkilda.auth.model.RequestContext.setCorrelationId
void setCorrelationId(final String correlationId)
Definition: RequestContext.java:38
org.openkilda.auth.model.RequestContext.setPermissions
void setPermissions(final Set< String > permissions)
Definition: RequestContext.java:46
org.openkilda.auth.model.RequestContext.setUserName
void setUserName(final String userName)
Definition: RequestContext.java:30