/*
* Copyright 2015 Petr Bouda
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.joyrest.oauth2.interceptor;
import java.util.Collections;
import java.util.List;
import org.joyrest.exception.type.InvalidConfigurationException;
import org.joyrest.interceptor.Interceptor;
import org.joyrest.interceptor.InterceptorChain;
import org.joyrest.interceptor.InterceptorInternalOrders;
import org.joyrest.model.request.InternalRequest;
import org.joyrest.model.response.InternalResponse;
import org.joyrest.routing.InternalRoute;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException;
import static java.util.stream.Collectors.toList;
public class AuthorizationInterceptor implements Interceptor {
@Override
public InternalResponse<Object> around(InterceptorChain chain, InternalRequest<Object> req, InternalResponse<Object> resp)
throws Exception {
InternalRoute route = chain.getRoute();
if (!route.isSecured()) {
return chain.proceed(req, resp);
}
Authentication authentication = req.getPrincipal()
.filter(principal -> principal instanceof Authentication)
.map(principal -> (Authentication) principal)
.orElseThrow(() -> new InvalidConfigurationException("Principal object is not Authentication type."));
List<String> authorities = authentication.getAuthorities().stream()
.map(GrantedAuthority::getAuthority)
.collect(toList());
if (Collections.disjoint(authorities, route.getRoles())) {
throw new UserDeniedAuthorizationException("User denied access");
}
return chain.proceed(req, resp);
}
@Override
public int getOrder() {
return InterceptorInternalOrders.AUTHORIZATION;
}
}