ServerSecurityUtil.java example

Explorer
incubator-blur-master
/**
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.blur.server;

import java.lang.reflect.InvocationHandler;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.util.List;

import org.apache.blur.log.Log;
import org.apache.blur.log.LogFactory;
import org.apache.blur.thrift.BException;
import org.apache.blur.thrift.generated.Blur.Iface;
import org.apache.blur.user.User;
import org.apache.blur.user.UserContext;

public class ServerSecurityUtil {

  private static final Log LOG = LogFactory.getLog(ServerSecurityUtil.class);

  public static Iface applySecurity(final Iface iface, final List<ServerSecurityFilter> serverSecurityList,
      final boolean shardServer) {
    if (serverSecurityList == null || serverSecurityList.isEmpty()) {
      LOG.info("No server security configured.");
      return iface;
    }
    for (ServerSecurityFilter serverSecurity : serverSecurityList) {
      LOG.info("Server security configured with [{0}] class [{1}].", serverSecurity, serverSecurity.getClass());
    }
    InvocationHandler handler = new InvocationHandler() {
      @Override
      public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
        BlurServerContext blurServerContext;
        if (shardServer) {
          blurServerContext = ShardServerContext.getShardServerContext();
        } else {
          blurServerContext = ControllerServerContext.getControllerServerContext();
        }
        InetSocketAddress remoteSocketAddress = (InetSocketAddress) blurServerContext.getRemoteSocketAddress();
        InetAddress address = remoteSocketAddress.getAddress();
        int port = remoteSocketAddress.getPort();
        User user = UserContext.getUser();
        for (ServerSecurityFilter serverSecurity : serverSecurityList) {
          if (!serverSecurity.canAccess(method, args, user, address, port)) {
            throw new BException("ACCESS DENIED for User [{0}] method [{1}].", user, method.getName());
          }
        }
        try {
          return method.invoke(iface, args);
        } catch (InvocationTargetException e) {
          throw e.getTargetException();
        }
      }
    };
    return (Iface) Proxy.newProxyInstance(Iface.class.getClassLoader(), new Class[] { Iface.class }, handler);
  }

}