View Javadoc

1   package com.atlassian.plugins.rest.common.security.jersey;
2   
3   import com.atlassian.plugins.rest.common.security.AuthorisationException;
4   import com.atlassian.plugins.rest.common.security.AuthenticationRequiredException;
5   import com.atlassian.sal.api.user.UserManager;
6   import com.sun.jersey.spi.container.ResourceFilter;
7   import com.sun.jersey.spi.container.ContainerRequestFilter;
8   import com.sun.jersey.spi.container.ContainerResponseFilter;
9   import com.sun.jersey.spi.container.ContainerRequest;
10  import com.google.common.base.Preconditions;
11  
12  import javax.ws.rs.ext.Provider;
13  
14  /**
15   * Filter that can be used to restrict access to resources to system administrators.
16   *
17   * @since 1.1
18   */
19  @Provider
20  public class SysadminOnlyResourceFilter implements ResourceFilter {
21      private final UserManager userManager;
22  
23      public SysadminOnlyResourceFilter(UserManager userManager) {
24          this.userManager = Preconditions.checkNotNull(userManager);
25      }
26  
27      public ContainerRequestFilter getRequestFilter() {
28          return new ContainerRequestFilter() {
29              public ContainerRequest filter(ContainerRequest containerRequest) {
30                  String username = userManager.getRemoteUsername();
31                  if (username == null) {
32                      throw new AuthenticationRequiredException();
33                  }
34                  if (!userManager.isSystemAdmin(username)) {
35                      throw new AuthorisationException("Client must be authenticated as a system administrator to access this resource.");
36                  }
37                  return containerRequest;
38              }
39          };
40      }
41  
42      public ContainerResponseFilter getResponseFilter() {
43          return null;
44      }
45  }
46