NoAuthHeaderUserFilter.java

/*
 * Copyright (c) 2008-2011 EMC Corporation
 * All Rights Reserved
 */
package com.emc.storageos.security.authentication;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import com.emc.storageos.security.authentication.AbstractAuthenticationFilter;
import com.emc.storageos.security.authentication.StorageOSUserRepository;
import org.springframework.beans.factory.annotation.Autowired;

/**
 * Dummy authentication filter, takes in the user context from a header string
 */
public class NoAuthHeaderUserFilter extends AbstractAuthenticationFilter {
    public static String USER_INFO_HEADER_TAG = "BourneUser";

    @Autowired
    private StorageOSUserRepository _userRepo;

    private boolean fromLocalhost(HttpServletRequest req) {
        return (req.getRemoteHost().equalsIgnoreCase("localhost") || req.getRemoteHost().equals("127.0.0.1"));
    }

    @Override
    protected AbstractRequestWrapper authenticate(final ServletRequest servletRequest) {
        // check if we can extract user context from request header
        // and the request is coming on localhost
        HttpServletRequest req = (HttpServletRequest) servletRequest;
        final String user = req.getHeader(USER_INFO_HEADER_TAG);
        if (user != null && !user.isEmpty() && fromLocalhost(req)) {
            return new AbstractRequestWrapper(req, _userRepo.findOne(user));
        }
        return null;
    }
}