View Javadoc

1   package com.atlassian.plugins.rest.common.security.jersey;
2   
3   import com.atlassian.plugins.rest.common.security.AuthenticationRequiredException;
4   import com.atlassian.sal.api.user.UserManager;
5   import com.google.common.base.Preconditions;
6   import com.sun.jersey.spi.container.ContainerRequest;
7   import com.sun.jersey.spi.container.ContainerRequestFilter;
8   import com.sun.jersey.spi.container.ContainerResponseFilter;
9   import com.sun.jersey.spi.container.ResourceFilter;
10  
11  import javax.ws.rs.ext.Provider;
12  
13  /**
14   * Filter that can be used to restrict access to resources to administrators.
15   *
16   * @since 2.7.1
17   */
18  @Provider
19  public class AdminOnlyResourceFilter implements ResourceFilter, ContainerRequestFilter
20  {
21      private final UserManager userManager;
22  
23      public AdminOnlyResourceFilter(UserManager userManager)
24      {
25          this.userManager = Preconditions.checkNotNull(userManager);
26      }
27  
28      public ContainerRequestFilter getRequestFilter()
29      {
30          return this;
31      }
32  
33      public ContainerResponseFilter getResponseFilter()
34      {
35          return null;
36      }
37  
38      public ContainerRequest filter(final ContainerRequest containerRequest)
39      {
40          String username = userManager.getRemoteUsername();
41          if (username == null)
42          {
43              throw new AuthenticationRequiredException();
44          }
45          if (!userManager.isAdmin(username))
46          {
47              throw new SecurityException("Client must be authenticated as an administrator to access this resource.");
48          }
49          return containerRequest;
50      }
51  }
52