/**
* Copyright (c) 2009 - 2012 Red Hat, Inc.
*
* This software is licensed to you under the GNU General Public License,
* version 2 (GPLv2). There is NO WARRANTY for this software, express or
* implied, including the implied warranties of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
* along with this software; if not, see
* http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
*
* Red Hat trademarks are not licensed under GPLv2. No permission is
* granted to use or replicate Red Hat trademarks that are incorporated
* in this software or its documentation.
*/
package org.candlepin.auth;
import org.candlepin.common.resteasy.auth.AuthUtil;
import org.candlepin.service.UserServiceAdapter;
import com.google.inject.Inject;
import org.jboss.resteasy.spi.HttpRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xnap.commons.i18n.I18n;
import javax.inject.Provider;
/**
* This auth form allows for a consumer id to be passed in a clear http header.
* This should be used only if the environment is known to be secure
*/
public class TrustedUserAuth extends UserAuth {
public static final String USER_HEADER = "cp-user";
public static final String LOOKUP_PERMISSIONS_HEADER = "cp-lookup-permissions";
private static Logger log = LoggerFactory.getLogger(TrustedUserAuth.class);
@Inject
TrustedUserAuth(UserServiceAdapter userServiceAdaper, Provider<I18n> i18n) {
super(userServiceAdaper, i18n);
}
public Principal getPrincipal(HttpRequest httpRequest) {
String username = AuthUtil.getHeader(httpRequest, USER_HEADER);
if (username == null || username.isEmpty()) {
// Nothing we can do here:
log.debug("No username header provided, returning null principal.");
return null;
}
// Check if we should ask the user service for this user and their permissions:
String lookupPermsHeader = AuthUtil.getHeader(httpRequest, LOOKUP_PERMISSIONS_HEADER);
if (lookupPermsHeader != null && lookupPermsHeader.equals("true")) {
log.debug("Looking up user permissions from user service.");
return createPrincipal(username);
}
log.debug("Returning full trusted user principal.");
return new TrustedUserPrincipal(username);
}
}