package flapjack.auth; import java.util.Arrays; import java.util.List; import javax.inject.Inject; import javax.inject.Singleton; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.ws.rs.core.Context; import org.aopalliance.intercept.MethodInterceptor; import org.aopalliance.intercept.MethodInvocation; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import flapjack.entity.Session; import flapjack.manager.PersonManager; /** * Intercepts methods that have @Auth on them and handles authentication * * @author Ray Vanderborght */ @Singleton public class AuthInterceptor implements MethodInterceptor { @SuppressWarnings("unused") private static final Logger log = LoggerFactory.getLogger(AuthInterceptor.class); @Inject private PersonManager personManager; @Context private HttpServletRequest request; @Context private HttpServletResponse response; @Override public Object invoke(MethodInvocation invocation) throws Throwable { Session session = personManager.findSession(request); Auth auth = invocation.getMethod().getAnnotation(Auth.class); List<Role> requiredRoles = Arrays.asList(auth.requiresRole()); if (!requiredRoles.isEmpty() && (session == null || !requiredRoles.contains(session.getPerson().getRole()))) { response.sendRedirect("/"); return null; } if (session != null) { request.setAttribute("mvp.person.email", session.getPerson().getEmail()); } return invocation.proceed(); } }