1 package com.atlassian.plugins.rest.module.sal.websudo;
2
3 import com.atlassian.plugins.rest.common.sal.websudo.WebSudoResourceContext;
4 import com.atlassian.plugins.rest.module.servlet.ServletUtils;
5 import com.atlassian.sal.api.websudo.WebSudoManager;
6
7 import javax.servlet.http.HttpServletRequest;
8
9 public class SalWebSudoResourceContext implements WebSudoResourceContext
10 {
11 private static final String BASIC_AUTHZ_TYPE_PREFIX = "Basic ";
12
13 private final WebSudoManager webSudoManager;
14
15 public SalWebSudoResourceContext(final WebSudoManager webSudoManager)
16 {
17 this.webSudoManager = webSudoManager;
18 }
19
20
21
22
23
24
25
26
27
28
29
30 public boolean shouldEnforceWebSudoProtection()
31 {
32 final HttpServletRequest r = ServletUtils.getHttpServletRequest();
33
34 if (null == r)
35 {
36 return false;
37 }
38
39
40 final String authHeader = r.getHeader("Authorization");
41 if (null != authHeader && authHeader.startsWith(BASIC_AUTHZ_TYPE_PREFIX))
42 {
43 return false;
44 }
45
46 return !webSudoManager.canExecuteRequest(r);
47 }
48 }