package org.ohdsi.webapi.shiro;
import io.buji.pac4j.subject.Pac4jPrincipal;
import java.security.Principal;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Set;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.web.servlet.AdviceFilter;
import org.apache.shiro.web.util.WebUtils;
/**
*
* @author gennadiy.anisimov
*/
public class UpdateAccessTokenFilter extends AdviceFilter {
private final PermissionManager authorizer;
private final int tokenExpirationIntervalInSeconds;
private final Set<String> defaultRoles;
public UpdateAccessTokenFilter(
PermissionManager authorizer,
Set<String> defaultRoles,
int tokenExpirationIntervalInSeconds) {
this.authorizer = authorizer;
this.tokenExpirationIntervalInSeconds = tokenExpirationIntervalInSeconds;
this.defaultRoles = defaultRoles;
}
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
if (!SecurityUtils.getSubject().isAuthenticated()) {
WebUtils.toHttp(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return false;
}
String login;
String jwt = null;
final PrincipalCollection principals = SecurityUtils.getSubject().getPrincipals();
Object principal = principals.getPrimaryPrincipal();
if (principal instanceof Principal) {
login = ((Principal)principal).getName();
} else if (principal instanceof Pac4jPrincipal) {
login = ((Pac4jPrincipal)principal).getProfile().getEmail();
if (login == null) {
// user doesn't provide email - send empty token
jwt = "";
}
} else if (principal instanceof String) {
login = (String)principal;
} else {
throw new Exception("Unknown type of principal");
}
// stop session to make logout of OAuth users possible
Session session = SecurityUtils.getSubject().getSession(false);
if (session != null) {
session.stop();
}
if (jwt == null) {
this.authorizer.registerUser(login, defaultRoles);
Date expiration = this.getExpirationDate(this.tokenExpirationIntervalInSeconds);
Collection<String> permissions = this.authorizer.getAuthorizationInfo(login).getStringPermissions();
jwt = TokenManager.createJsonWebToken(login, expiration, permissions);
}
request.setAttribute("TOKEN", jwt);
return true;
}
private Date getExpirationDate(final int expirationIntervalInSeconds) {
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.SECOND, expirationIntervalInSeconds);
return calendar.getTime();
}
}