org.joyrest.oauth2.interceptor.AuthorizationInterceptor.java Source code

Java tutorial

  1. HOME
  2. Java
  3. org.joyrest.oauth2.interceptor.AuthorizationInterceptor.java

Introduction

Here is the source code for org.joyrest.oauth2.interceptor.AuthorizationInterceptor.java

Source

/*
 * Copyright 2015 Petr Bouda
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.joyrest.oauth2.interceptor;

import java.util.Collections;
import java.util.List;

import org.joyrest.exception.type.InvalidConfigurationException;
import org.joyrest.interceptor.Interceptor;
import org.joyrest.interceptor.InterceptorChain;
import org.joyrest.interceptor.InterceptorInternalOrders;
import org.joyrest.model.request.InternalRequest;
import org.joyrest.model.response.InternalResponse;
import org.joyrest.routing.InternalRoute;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException;

import static java.util.stream.Collectors.toList;

public class AuthorizationInterceptor implements Interceptor {

    @Override
    public InternalResponse<Object> around(InterceptorChain chain, InternalRequest<Object> req,
            InternalResponse<Object> resp) throws Exception {
        InternalRoute route = chain.getRoute();
        if (!route.isSecured()) {
            return chain.proceed(req, resp);
        }

        Authentication authentication = req.getPrincipal().filter(principal -> principal instanceof Authentication)
                .map(principal -> (Authentication) principal).orElseThrow(
                        () -> new InvalidConfigurationException("Principal object is not Authentication type."));

        List<String> authorities = authentication.getAuthorities().stream().map(GrantedAuthority::getAuthority)
                .collect(toList());

        if (Collections.disjoint(authorities, route.getRoles())) {
            throw new UserDeniedAuthorizationException("User denied access");
        }

        return chain.proceed(req, resp);
    }

    @Override
    public int getOrder() {
        return InterceptorInternalOrders.AUTHORIZATION;
    }
}