package com.sap.hana.cloud.samples.benefits.auth;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class AuthenticationFilter implements Filter {
private static final String CAMPAIGNS_ENTITIES_PATH = "/Campaigns"; //$NON-NLS-1$
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest req, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
if (request.getPathInfo().startsWith(CAMPAIGNS_ENTITIES_PATH) && !request.isUserInRole(AppRole.ANALYZER.getRoleName())) {
((HttpServletResponse) response).setStatus(HttpServletResponse.SC_FORBIDDEN);
return;
}
chain.doFilter(request, response);
}
@Override
public void init(FilterConfig fConfig) throws ServletException {
}
}