HostBasedUrlAccessSecurityFilter.java

package com.epam.wilma.webapp.security.filter;
/*==========================================================================
Copyright 2013-2017 EPAM Systems

This file is part of Wilma.

Wilma is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

Wilma is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with Wilma.  If not, see <http://www.gnu.org/licenses/>.
===========================================================================*/

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import com.epam.wilma.webapp.helper.UrlAccessLogMessageAssembler;
import com.epam.wilma.webapp.security.HostValidatorService;

/**
 * Filter that prevents unauthorized hosts from accessing specific URLs.
 * @author Adam_Csaba_Kiraly
 *
 */
@Component
public class HostBasedUrlAccessSecurityFilter implements Filter {

    private static final String NO_ACCESS_MESSAGE = "You don't have the necessary rights.";
    private final Logger logger = LoggerFactory.getLogger(HostBasedUrlAccessSecurityFilter.class);

    @Autowired
    private HostValidatorService hostValidatorService;
    @Autowired
    private UrlAccessLogMessageAssembler urlAccessLogMessageAssembler;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        if (hostValidatorService.isRequestFromAdmin(request)) {
            chain.doFilter(request, response);
        } else {
            if (request instanceof HttpServletRequest) {
                logger.info(urlAccessLogMessageAssembler.assembleDenyMessage((HttpServletRequest) request));
            }
            sendBackNoAccessResponse(response);
        }
    }

    private void sendBackNoAccessResponse(final ServletResponse response) throws IOException {
        PrintWriter printWriter = response.getWriter();
        if (response instanceof HttpServletResponse) {
            HttpServletResponse httpResponse = (HttpServletResponse) response;
            httpResponse.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
            httpResponse.setContentType("text/plain");
        }
        printWriter.write(NO_ACCESS_MESSAGE);
        printWriter.flush();
        printWriter.close();
    }

    @Override
    public void destroy() {
    }

}