AbstractSecurityFilter.java

/**
 * 
 */
package org.minnal.security.filter;

import java.util.UUID;

import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Cookie;

import org.minnal.security.config.SecurityConfiguration;
import org.minnal.security.session.Session;

import com.google.common.base.Strings;

/**
 * @author ganeshs
 *
 */
public class AbstractSecurityFilter {
	
	private SecurityConfiguration configuration;
	
	public static final String AUTH_COOKIE = "_session_id";
	
	public static final String SESSION = "session";
	
	/**
	 * @param configuration
	 */
	public AbstractSecurityFilter(SecurityConfiguration configuration) {
		this.configuration = configuration;
	}

	/**
	 * @return the configuration
	 */
	public SecurityConfiguration getConfiguration() {
		return configuration;
	}

	/**
	 * @param request
	 * @param create
	 * @return
	 */
	protected Session getSession(ContainerRequestContext request, boolean create) {
		Session session = (Session) request.getProperty(SESSION);
		if (session != null) {
		    return session;
		}
		Cookie sessionCookie = request.getCookies().get(AUTH_COOKIE);
		
		if (sessionCookie != null) {
			session = configuration.getSessionStore().getSession(sessionCookie.getValue());
		}
		
		if (session != null && session.hasExpired(configuration.getSessionExpiryTimeInSecs())) {
			session = null;
		}
		if (session == null && create) {
			String sessionId = null;
			if (Strings.isNullOrEmpty(sessionId)) {
				sessionId = UUID.randomUUID().toString();
			}
			session = configuration.getSessionStore().createSession(sessionId);
		}
		return session;
	}
}