SessionCheckInterceptor.java example

Explorer

APP-dashboard-master
- src
  - integrationtest
    - java
      - org
        slc
        sli
        selenium
        controller
        LoginSeleniumITest.java
        StudentListSeleniumITest.java
  - main
    - java
      - org
        slc
        sli
        dashboard
        client
        APIClient.java
        LiveAPIClient.java
        RESTClient.java
        SDKAPIClient.java
        SDKConstants.java
        entity
        Config.java
        ConfigMap.java
        EdOrgKey.java
        GenericEntity.java
        ModelAndViewConfig.java
        util
        ContactSorter.java
        GenericEntityComparator.java
        GenericEntityEnhancer.java
        ParentsSorter.java
        StudentProgramUtil.java
        manager
        ApiClientManager.java
        ConfigManager.java
        EntityManager.java
        Manager.java
        PopulationManager.java
        PortalWSManager.java
        StudentProgressManager.java
        UserEdOrgManager.java
        component
        CustomizationAssemblyFactory.java
        impl
        CustomizationAssemblyFactoryImpl.java
        impl
        ConfigManagerImpl.java
        PopulationManagerImpl.java
        PortalWSManagerImpl.java
        StudentProgressManagerImpl.java
        UserEdOrgManagerImpl.java
        security
        PropertiesDecryptor.java
        SLIAuthenticationEntryPoint.java
        SLIPrincipal.java
        SliApi.java
        SliTokenExtractor.java
        util
        CacheableConfig.java
        CacheableUserData.java
        Constants.java
        DashboardException.java
        DashboardExceptionResolver.java
        ExecutionTimeLogger.java
        JsonConverter.java
        SecurityUtil.java
        TimedLogic.java
        URLBuilder.java
        UserCacheKeyGenerator.java
        web
        controller
        ConfigController.java
        ErrorController.java
        GenericLayoutController.java
        LayoutController.java
        MiscellaneousController.java
        PanelController.java
        SearchController.java
        entity
        PagedEntity.java
        SafeUUID.java
        StudentSearch.java
        interceptor
        SessionCheckInterceptor.java
        util
        ControllerInputValidatorAspect.java
        HTMLCharacterEscapes.java
        HtmlEscapingFreeMarkerTemplateLoader.java
        JacksonObjectMapperWithOptions.java
        NoBadChars.java
        NoBadCharsValidator.java
        TreeGridDataBuilder.java
  - test
    - java
      - org
        slc
        sli
        dashboard
        entity
        util
        GenericEntityEnhancerTest.java
        ParentsSorterTest.java
        manager
        MockAPIClient.java
        StudentProgressManagerTest.java
        impl
        ConfigManagerImplTest.java
        UserEdOrgManagerImplTest.java
        security
        PropertiesDecryptorTest.java
        SLIAuthenticationEntryPointTest.java
        mock
        Mocker.java
        unit
        client
        LiveAPIClientTest.java
        RESTClientTest.java
        SDKAPIClientTest.java
        controller
        ConfigControllerTest.java
        ControllerTestBase.java
        ErrorControllerTest.java
        LayoutControllerTest.java
        PanelControllerTest.java
        SearchControllerTest.java
        entity
        ConfigTest.java
        CustomConfigTest.java
        GenericEntityTest.java
        util
        ContactSorterTest.java
        StudentProgramUtilTest.java
        manager
        ConfigManagerTest.java
        CustomizationAssemblyFactoryTest.java
        PopulationManagerTest.java
        PortalWSManagerImplTest.java
        UserEdOrgManagerTest.java
        web
        util
        TreeGridDataBuilderTest.java
        util
        ConstantsTest.java
        DashboardExceptionTest.java
        JsonConverterTest.java
        StudentSummaryBuilder.java
        TimedLogicTest.java
        URLBuilderTest.java
        web
        unit
        interceptor
        SessionCheckInterceptorTest.java

/*
 * Copyright 2012 Shared Learning Collaborative, LLC
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */


package org.slc.sli.dashboard.web.interceptor;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.google.gson.JsonObject;

import org.slc.sli.dashboard.client.RESTClient;
import org.slc.sli.dashboard.security.SLIAuthenticationEntryPoint;
import org.slc.sli.dashboard.util.Constants;
import org.slc.sli.dashboard.util.SecurityUtil;
import org.slc.sli.dashboard.web.controller.ErrorController;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/**
 * Intercepts all incoming requests and ensures user is authenticated against api
 * @author svankina
 * @author rbloh
 *
 */
public class SessionCheckInterceptor extends HandlerInterceptorAdapter {

    private RESTClient restClient;
    
    public RESTClient getRestClient() {
        return restClient;
    }

    public void setRestClient(RESTClient restClient) {
        this.restClient = restClient;
    }

    /**
     * Prehandle performs a session check on all incoming requests to ensure a user with an active spring security session,
     *  is still authenticated against the api.
     */
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        String token = SecurityUtil.getToken();

        JsonObject json = restClient.sessionCheck(token);
        
        // If the user is not authenticated, expire the cookie and set oauth_token to null
        if (!json.get(Constants.ATTR_AUTHENTICATED).getAsBoolean()) {
            SecurityContextHolder.getContext().setAuthentication(null);
            HttpSession session = request.getSession();
            session.setAttribute(SLIAuthenticationEntryPoint.OAUTH_TOKEN, null);
            for (Cookie c : request.getCookies()) {
                if (c.getName().equals(SLIAuthenticationEntryPoint.DASHBOARD_COOKIE)) {
                    c.setMaxAge(0);
                }
            }
            
            // Only redirect if not error page
            if (!(request.getServletPath().equalsIgnoreCase(ErrorController.EXCEPTION_URL) || request.getServletPath()
                    .equalsIgnoreCase(ErrorController.TEST_EXCEPTION_URL))) {
                response.sendRedirect(request.getRequestURI());
                return false;
            }
        }
        
        return true;
    }
    
}