GeoServerRoleFilter.java example

Explorer

geoserver-master
- doc
  - en
    - developer
      - source
        programming-guide
        ows-services
        hello
        src
        main
        java
        HelloWorld.java
        web-ui
        ComponentInfo.java
    - user
      - source
        security
        tutorials
        ldap
        acme-ldap
        src
        main
        java
        org
        acme
        Ldap.java
- src

/* (c) 2014 Open Source Geospatial Foundation - all rights reserved
 * (c) 2001 - 2013 OpenPlans
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */


package org.geoserver.security.filter;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.GeoServerRoleConverter;
import org.geoserver.security.config.RoleFilterConfig;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;

/**
 * Servlet filter for sending the roles (and role parameters) of the authenticated
 * principal to client
 * 
 * 
 * @author mcr
 *
 */
public class GeoServerRoleFilter extends GeoServerSecurityFilter {
    
    protected GeoServerRoleConverter converter;
    protected String headerAttribute;
    
    public static String DEFAULT_ROLE_CONVERTER="roleConverter";
    public static String DEFAULT_HEADER_ATTRIBUTE="roles";


    @Override
    public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException {
        super.initializeFromConfig(config);
        RoleFilterConfig roleConfig = (RoleFilterConfig) config;
        
        headerAttribute = roleConfig.getHttpResponseHeaderAttrForIncludedRoles();
        // TODO, Justin, is this ok ?
        String converterName = roleConfig.getRoleConverterName();        
        if (converterName==null || converterName.length()==0)
            converter = GeoServerExtensions.bean(GeoServerRoleConverter.class);
        else
            converter = (GeoServerRoleConverter) 
                GeoServerExtensions.bean(converterName);
        
    }

    
    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        
        chain.doFilter(request, response);
        
        SecurityContext context =SecurityContextHolder.getContext();
        if (context!=null) {
            Authentication auth = context.getAuthentication();
            if (auth!=null) {
                String roleString = converter.
                        convertRolesToString(auth.getAuthorities());
                ((HttpServletResponse)response).setHeader(
                        headerAttribute,roleString);
            }
        }                
    }
}