1   package com.atlassian.plugins.rest.common.security.jersey;
2   
3   import com.atlassian.plugins.rest.common.security.AuthorisationException;
4   import com.atlassian.plugins.rest.common.security.AuthenticationRequiredException;
5   import com.atlassian.sal.api.user.UserManager;
6   import com.sun.jersey.spi.container.ResourceFilter;
7   import com.sun.jersey.spi.container.ContainerRequestFilter;
8   import com.sun.jersey.spi.container.ContainerResponseFilter;
9   import com.sun.jersey.spi.container.ContainerRequest;
10  import com.google.common.base.Preconditions;
11  
12  import javax.ws.rs.ext.Provider;
13  
14  /**
15   * Filter that can be used to restrict access to resources to system administrators.
16   *
17   * @since 1.1
18   */
19  @Provider
20  public class SysadminOnlyResourceFilter implements ResourceFilter
21  {
22      private final UserManager userManager;
23  
24      public SysadminOnlyResourceFilter(UserManager userManager)
25      {
26          this.userManager = Preconditions.checkNotNull(userManager);
27      }
28  
29      public ContainerRequestFilter getRequestFilter()
30      {
31          return new ContainerRequestFilter()
32          {
33              public ContainerRequest filter(ContainerRequest containerRequest)
34              {
35                  String username = userManager.getRemoteUsername();
36                  if (username == null)
37                  {
38                      throw new AuthenticationRequiredException();
39                  }
40                  if (!userManager.isSystemAdmin(username))
41                  {
42                      throw new AuthorisationException();
43                  }
44                  return containerRequest;
45              }
46          };
47      }
48  
49      public ContainerResponseFilter getResponseFilter()
50      {
51          return null;
52      }
53  }
54