TrustedUserAuth.java example

Explorer
candlepin-master
/**
 * Copyright (c) 2009 - 2012 Red Hat, Inc.
 *
 * This software is licensed to you under the GNU General Public License,
 * version 2 (GPLv2). There is NO WARRANTY for this software, express or
 * implied, including the implied warranties of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
 * along with this software; if not, see
 * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
 *
 * Red Hat trademarks are not licensed under GPLv2. No permission is
 * granted to use or replicate Red Hat trademarks that are incorporated
 * in this software or its documentation.
 */
package org.candlepin.auth;

import org.candlepin.common.resteasy.auth.AuthUtil;
import org.candlepin.service.UserServiceAdapter;

import com.google.inject.Inject;

import org.jboss.resteasy.spi.HttpRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xnap.commons.i18n.I18n;

import javax.inject.Provider;

/**
 * This auth form allows for a consumer id to be passed in a clear http header.
 * This should be used only if the environment is known to be secure
 */
public class TrustedUserAuth extends UserAuth {

    public static final String USER_HEADER = "cp-user";
    public static final String LOOKUP_PERMISSIONS_HEADER = "cp-lookup-permissions";

    private static Logger log = LoggerFactory.getLogger(TrustedUserAuth.class);

    @Inject
    TrustedUserAuth(UserServiceAdapter userServiceAdaper, Provider<I18n> i18n) {
        super(userServiceAdaper, i18n);
    }

    public Principal getPrincipal(HttpRequest httpRequest) {
        String username = AuthUtil.getHeader(httpRequest, USER_HEADER);
        if (username == null || username.isEmpty()) {
            // Nothing we can do here:
            log.debug("No username header provided, returning null principal.");
            return null;
        }

        // Check if we should ask the user service for this user and their permissions:
        String lookupPermsHeader = AuthUtil.getHeader(httpRequest,  LOOKUP_PERMISSIONS_HEADER);
        if (lookupPermsHeader != null && lookupPermsHeader.equals("true")) {
            log.debug("Looking up user permissions from user service.");
            return createPrincipal(username);
        }

        log.debug("Returning full trusted user principal.");
        return new TrustedUserPrincipal(username);
    }
}