HostValidatorService.java

package com.epam.wilma.webapp.security;
/*==========================================================================
Copyright 2013-2017 EPAM Systems

This file is part of Wilma.

Wilma is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

Wilma is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with Wilma.  If not, see <http://www.gnu.org/licenses/>.
===========================================================================*/

import java.util.ArrayList;
import java.util.List;

import javax.servlet.ServletRequest;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationListener;
import org.springframework.context.event.ContextRefreshedEvent;
import org.springframework.stereotype.Component;

import com.epam.wilma.core.configuration.domain.WilmaAdminHostsDTO;
import com.epam.wilma.webapp.helper.IpAddressResolver;

/**
 * Class which determines if the request originates from an admin host or not.
 * @author Adam_Csaba_Kiraly
 *
 */
@Component
public class HostValidatorService implements ApplicationListener<ContextRefreshedEvent> {
    private List<String> allowedHosts;

    @Autowired
    private WilmaAdminHostsDTO wilmaAdminHostsDTO;
    @Autowired
    private IpAddressResolver ipAddressResolver;

    /**
     * Determines if the provided request, came from an admin.
     * @param request the provided request
     * @return true if the request originated from an admin, false otherwise.
     */
    public boolean isRequestFromAdmin(final ServletRequest request) {
        String host = ipAddressResolver.resolveToHostName(request.getRemoteAddr());
        return !wilmaAdminHostsDTO.isSecurityEnabled() || allowedHosts.contains(host);
    }

    private void initializeAllowedHosts() {
        allowedHosts = new ArrayList<>();
        for (String ipOrHost : wilmaAdminHostsDTO.getWilmaAdminHosts()) {
            allowedHosts.add(ipAddressResolver.resolveToHostName(ipOrHost));
        }
    }

    @Override
    public void onApplicationEvent(final ContextRefreshedEvent event) {
        initializeAllowedHosts();
    }
}