AdminEnterpriseSecurityRequestHandler.java example

Explorer
abiquo-master
/**
 * Abiquo community edition
 * cloud management application for hybrid clouds
 * Copyright (C) 2008-2010 - Abiquo Holdings S.L.
 *
 * This application is free software; you can redistribute it and/or
 * modify it under the terms of the GNU LESSER GENERAL PUBLIC
 * LICENSE as published by the Free Software Foundation under
 * version 3 of the License
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * LESSER GENERAL PUBLIC LICENSE v.3 for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the
 * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
 * Boston, MA 02111-1307, USA.
 */

package com.abiquo.api.handlers;

import java.util.regex.Matcher;
import java.util.regex.Pattern;

import org.apache.wink.server.handlers.HandlersChain;
import org.apache.wink.server.handlers.MessageContext;
import org.springframework.security.AccessDeniedException;

import com.abiquo.api.resources.EnterprisesResource;

/**
 * Request handler to check permissions of the logged user to use the requested virtual datacenter.
 * This means that all request to uris who depend on "cloud/virtualdatacenters/{id}" will be checked
 * by this handler.
 * 
 * @author scastro
 */
public class AdminEnterpriseSecurityRequestHandler extends SecurityPathRequestHandler
{

    /**
     * in this case must be a <code>\w</code> and not a <code>\d</code>
     */
    private static String ENTERPRISE_ID_REGEX = EnterprisesResource.ENTERPRISES_PATH + "/(\\w+)";

    private static String ENTERPRISES_PATH_REGEX = ENTERPRISE_ID_REGEX + "[/]?.*$";

    @Override
    public boolean matches(final String path)
    {
        return path.matches(ENTERPRISES_PATH_REGEX);
    }

    @Override
    public void handleRequest(final MessageContext context, final HandlersChain chain)
        throws Throwable
    {
        // check if path maches with 'admin/enterprises/{id}*'
        String path = context.getUriInfo().getPath();
        // 1. get user from context [userName, authType, privileges list]
        Object[] userprorps = getCurrentLoginInfo();

        // 3. get enterprise id from path
        Pattern p = Pattern.compile(ENTERPRISE_ID_REGEX);
        Matcher m = p.matcher(path);
        // matcher ALLWAYS must find the enterprise id in the second group (remember that group 0 is
        // the original string)
        m.find();
        String gr = m.group(1);
        if (!gr.equals("_"))
        {
            Integer idEnt = new Integer(gr);

            boolean isAllowed =
                getUserService().isUserAllowedToEnterprise((String) userprorps[0],
                    (String) userprorps[1], (String[]) userprorps[2], idEnt);

            if (!isAllowed)
            {
                // throw forbidden if is not allowed
                throw new AccessDeniedException("Missing privilege to get info from other enterprises");
            }
        }

        // finally
        chain.doChain(context);
    }
}