TokenResponseWrapper.java example

Explorer

snomed-content-service-master
- refset-graph-indexer
  - src
    - main
      - java
        org
        ihtsdo
        otf
        refset
        schema
        CompositeIndex.java
        MixedIndex.java
        Operation.java
        RefsetIndexer.java
        RefsetRelations.java
        RefsetSchema.java
- refset-model
  - src
    - main
      - java
        org
        ihtsdo
        otf
        refset
        domain
        BaseObj.java
        ChangeRecord.java
        Member.java
        MetaData.java
        RGC.java
        Refset.java
        RefsetType.java
        SearchResult.java
- refset-query-interface
  - src
    - main
      - java
        org
        ihtsdo
        otf
        refset
        CorsFilter.java
        HomeController.java
        TokenFilter.java
        api
        authentication
        LogoutController.java
        UserController.java
        export
        RefsetExportController.java
        history
        ChangeHistoryController.java
        search
        SearchController.java
        upload
        RefsetImportController.java
        common
        Meta.java
        Result.java
        SparqlQueryKeys.java
        URIFormats.java
        UriFormatter.java
        Utility.java
        config
        SwaggerModule.java
        controller
        RefsetAuthoringController.java
        RefsetBrowseController.java
        domain
        MemberValidator.java
        MetaData.java
        RefsetValidator.java
        error
        DefaultController.java
        ErrorInfo.java
        RefsetExceptionResolver.java
        exception
        EntityAlreadyExistException.java
        EntityNotFoundException.java
        ExportServiceException.java
        InvalidServiceException.java
        RefsetServiceException.java
        ValidationException.java
        graph
        RefsetGraphAccessException.java
        RefsetGraphFactory.java
        gao
        EdgeLabel.java
        EffectiveTimeChangeListener.java
        HistoryGao.java
        MemberChangeListener.java
        MemberGAO.java
        RefsetAdminGAO.java
        RefsetConvertor.java
        RefsetExportGAO.java
        RefsetGAO.java
        RefsetHeaderChangeListener.java
        Rf2ImportMemberChangeListener.java
        SearchGao.java
        VertexType.java
        schema
        GMember.java
        GRefset.java
        tx
        GraphTxManager.java
        interceptor
        RequestProcessingTimeInterceptor.java
        security
        RefsetAccessDeniedHandler.java
        RefsetAuthenticationEntryPoint.java
        RefsetAuthenticationFilter.java
        RefsetAuthenticationProvider.java
        RefsetIdentityService.java
        RefsetRole.java
        RefsetSecurityContextRepository.java
        TokenResponseWrapper.java
        User.java
        service
        ParseJodaTime.java
        RdfResult.java
        RefsetAuthoringService.java
        RefsetAuthoringServiceImpl.java
        RefsetBrowseService.java
        RefsetBrowseServiceStub.java
        RefsetBrowseServiceStubData.java
        RefsetGraphService.java
        RefsetQueryException.java
        RefsetQueryService.java
        RefsetUpdateService.java
        export
        ExportService.java
        history
        RefsetChangeHistoryService.java
        search
        RefsetSearchService.java
        upload
        ImportRF2Service.java
        ImportService.java
        RefsetProcessor.java
        Rf2Record.java
        Rf2VerificationService.java
        Rf2VerificationStub.java
        SimpleRefsetProcessor.java
        snomed
        controller
        ConceptLookupController.java
        TypeLookupController.java
        domain
        Concept.java
        exception
        ConceptServiceException.java
        service
        ConceptLookUpServiceImpl.java
        ConceptLookUpServiceImplv1_0.java
        ConceptLookupService.java
        RdfEnums.java
    - test
      - java
        org
        ihtsdo
        otf
        refset
        common
        TestGraph.java
        UriFormatterTest.java
        controller
        RefsetAuthoringControllerTest.java
        RefsetBrowseControllerTest.java
        RestData.java
        domain
        RefsetJsonConversionTest.java
        ResponseTest.java
        error
        DefaultControllerTest.java
        RefsetExceptionResolverTest.java
        graph
        gao
        MemberGAOTest.java
        RefsetAdminGAOTest.java
        RefsetConvertorTest.java
        RefsetGAOTest.java
        schema
        RefsetSchemaCreatorTest.java
        security
        MockRefsetUser.java
        MockRefsetUserDetailsSecurityContextFactory.java
        MockRefsetUserSecurityContextFactory.java
        OTFServiceAuthenticationTest.java
        RefsetAuthenticationEntryPointTest.java
        service
        RefsetAuthoringServiceImplTest.java
        RefsetBrowseServiceStubDataTest.java
        RefsetBrowseServiceStubTest.java
        export
        ExportServiceTest.java
        upload
        ImportRF2ServiceTest.java
        SimpleRefsetProcessorTest.java
        snomed
        controller
        TypeLookupControllerTest.java
        service
        ConceptLookUpServiceImplTest.java
- snomed-graph-indexer
  - src
    - main
      - java
        org
        ihtsdo
        otf
        snomed
        schema
        CompositeIndex.java
        MixedIndex.java
        Operation.java
        SnomedConceptSchema.java
        SnomedSchema.java
- snomed-graph-loader
  - src
    - main
      - java
        org
        ihtsdo
        otf
        snomed
        loader
        DefaultParser.java
        FileType.java
        GraphLoader.java
        LoadType.java
        LoaderDao.java
        ParseJodaTime.java
        RF2CellProcessor.java
        RF2ImportHelper.java
        Rf2Base.java
        Rf2Concept.java
        Rf2Description.java
        Rf2Relationship.java
        Rf2SnapshotAuditor.java
        Rf2SnapshotLoader.java
- snomed-model
  - src
    - main
      - java
        org
        ihtsdo
        otf
        snomed
        domain
        Concept.java
        DescriptionType.java
        Properties.java
        Relationship.java
        Types.java

/**
 * 
 */
package org.ihtsdo.otf.refset.security;

import java.util.Collection;

import javax.servlet.http.HttpServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.token.Token;
import org.springframework.security.core.token.TokenService;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper;

/**Class to save X-REFSET-AUTH-TOKEN in {@link SecurityContext} so that it can be used
 * for handshake between frontend and api backend
 *
 */
public final class TokenResponseWrapper extends  
				SaveContextOnUpdateOrErrorResponseWrapper {
	
	private static final Logger LOGGER = LoggerFactory.getLogger(TokenResponseWrapper.class);
	
	private static final String X_REFSET_TOKEN = "X-REFSET-AUTH-TOKEN";

	
	TokenService service;


	public TokenResponseWrapper(HttpServletResponse response,
			boolean disableUrlRewriting, TokenService service) {
		
		super(response, disableUrlRewriting);
		this.service = service;
	}

	@Override
	protected void saveContext(SecurityContext ctx) {
		
		 Authentication auth = ctx.getAuthentication();
		 if (isUserHasRole(auth)) {
			 
			 User uDetails = (User)auth.getPrincipal();
			 String userId = uDetails.getUsername();
			 String password = uDetails.getPassword();
			 String info = userId  + ":" + password;
			 Token token = service.allocateToken(info);
			 String key = token.getKey();
			 uDetails.setToken(key);

			 LOGGER.trace("Setting {} as {}", X_REFSET_TOKEN, key);
			 addHeader(X_REFSET_TOKEN, key);
		 }
		
	}
	
	private boolean isUserHasRole(Authentication auth) {
		
		boolean isUserHasRole = false;
		
		if (auth!=null && auth.isAuthenticated()) {
			
			 Collection<? extends GrantedAuthority> roles = auth.getAuthorities();
			 for (GrantedAuthority role : roles) {
				
				 isUserHasRole = "ROLE_USER".equals(role.getAuthority()) ? true : false;
				 
				 if (isUserHasRole) {
					
					 break;
				}
			}

		}
		
		return isUserHasRole;
	}
	

}