OrcidSwitchUserFilter.java example

Explorer
ORCID-Source-master
/**
 * =============================================================================
 *
 * ORCID (R) Open Source
 * http://orcid.org
 *
 * Copyright (c) 2012-2014 ORCID, Inc.
 * Licensed under an MIT-Style License (MIT)
 * http://orcid.org/open-source-license
 *
 * This copyright and license information (including a link to the full license)
 * shall be included in its entirety in all copies or substantial portion of
 * the software.
 *
 * =============================================================================
 */
package org.orcid.frontend.web.filter;

import java.io.IOException;

import javax.annotation.Resource;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.orcid.core.locale.LocaleManager;
import org.orcid.core.manager.InternalSSOManager;
import org.orcid.core.manager.SourceManager;
import org.orcid.frontend.web.exception.SwitchUserAuthenticationException;
import org.orcid.jaxb.model.common_v2.OrcidType;
import org.orcid.persistence.jpa.entities.GivenPermissionByEntity;
import org.orcid.persistence.jpa.entities.ProfileEntity;
import org.orcid.pojo.ajaxForm.PojoUtil;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.switchuser.SwitchUserFilter;

/**
 * 
 * @author Will Simpson
 * 
 */
public class OrcidSwitchUserFilter extends SwitchUserFilter {

    @Resource
    private SourceManager sourceManager;

    @Resource
    private LocaleManager localeManager;

    @Resource
    private InternalSSOManager internalSSOManager;        
    
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {                
        if(internalSSOManager.enableCookie()) {            
            HttpServletRequest request = (HttpServletRequest) req;
            HttpServletResponse response = (HttpServletResponse) res;
            if (requiresSwitchUser(request)) {
                // Add the cookie for the delegate user
                String targetUserOrcid = request.getParameter(SPRING_SECURITY_SWITCH_USERNAME_KEY);
                if (!PojoUtil.isEmpty(targetUserOrcid)) {
                    //If it is switching back to the original user
                    if(isSwitchingBack(request)) {
                        internalSSOManager.getAndUpdateCookie(targetUserOrcid, request, response);
                    } else {
                        //If it is switching user
                        internalSSOManager.writeCookie(targetUserOrcid, request, response);
                    }            
                }
            }
        }
        
        super.doFilter(req, res, chain);
    }

    @Override
    protected Authentication attemptSwitchUser(HttpServletRequest request) throws AuthenticationException {
        String targetUserOrcid = request.getParameter(SPRING_SECURITY_SWITCH_USERNAME_KEY);
        ProfileEntity profileEntity = sourceManager.retrieveSourceProfileEntity();
        if (OrcidType.ADMIN.equals(profileEntity.getOrcidType())) {
            return super.attemptSwitchUser(request);
        }
        // If we are switching back to me it is OK
        if (isSwitchingBack(request)) {
            return super.attemptSwitchUser(request);
        }
        for (GivenPermissionByEntity gpbe : profileEntity.getGivenPermissionBy()) {
            if (gpbe.getGiver().getId().equals(targetUserOrcid)) {
                return super.attemptSwitchUser(request);
            }
        }
        Object params[] = {};
        throw new SwitchUserAuthenticationException(localeManager.resolveMessage("web.orcid.switchuser.exception", params));
    }

    private boolean isSwitchingBack(HttpServletRequest request) {
        String targetUserOrcid = request.getParameter(SPRING_SECURITY_SWITCH_USERNAME_KEY);
        String realUser = sourceManager.retrieveRealUserOrcid();
        return targetUserOrcid.equals(realUser);
    }
    
}