View Javadoc

1   package com.atlassian.plugins.rest.common.security.jersey;
2   
3   import com.atlassian.plugins.rest.common.security.AuthenticationRequiredException;
4   import com.atlassian.plugins.rest.common.security.AuthorisationException;
5   import com.atlassian.sal.api.user.UserManager;
6   import com.google.common.base.Preconditions;
7   import com.sun.jersey.spi.container.ContainerRequest;
8   import com.sun.jersey.spi.container.ContainerRequestFilter;
9   import com.sun.jersey.spi.container.ContainerResponseFilter;
10  import com.sun.jersey.spi.container.ResourceFilter;
11  
12  import javax.ws.rs.ext.Provider;
13  
14  /**
15   * Filter that can be used to restrict access to resources to administrators.
16   *
17   * @since 2.7.1
18   */
19  @Provider
20  public class AdminOnlyResourceFilter implements ResourceFilter, ContainerRequestFilter {
21      private final UserManager userManager;
22  
23      public AdminOnlyResourceFilter(UserManager userManager) {
24          this.userManager = Preconditions.checkNotNull(userManager);
25      }
26  
27      public ContainerRequestFilter getRequestFilter() {
28          return this;
29      }
30  
31      public ContainerResponseFilter getResponseFilter() {
32          return null;
33      }
34  
35      public ContainerRequest filter(final ContainerRequest containerRequest) {
36          String username = userManager.getRemoteUsername();
37          if (username == null) {
38              throw new AuthenticationRequiredException();
39          }
40          if (!userManager.isAdmin(username)) {
41              throw new AuthorisationException("Client must be authenticated as an administrator to access this resource.");
42          }
43          return containerRequest;
44      }
45  }
46