Class UserPrivilegeValidator
- java.lang.Object
-
- org.silverpeas.core.web.rs.UserPrivilegeValidator
-
- All Implemented Interfaces:
UserPrivilegeValidation
@Service public class UserPrivilegeValidator extends Object implements UserPrivilegeValidation
It is a decorator of a REST-based web service that provides access to the validation of the authentication and of the authorization for a caller to request the decorated web service.Indeed, the validation mechanism is encapsulated within the RESTWebService as it requires access to the incoming HTTP request as well to the current user session if any. In order to delegate externally the validation triggering,
-
-
Field Summary
-
Fields inherited from interface org.silverpeas.core.web.rs.UserPrivilegeValidation
HTTP_ACCESS_TOKEN, HTTP_AUTHORIZATION, HTTP_SESSIONKEY
-
-
Constructor Summary
Constructors Constructor Description UserPrivilegeValidator()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description UserPrivilegeValidation
skipLastUserAccessTimeRegistering(javax.servlet.http.HttpServletRequest request)
Sets into the request attributes theSKIP_LAST_USER_ACCESS_TIME_REGISTERING
attribute to true.SessionInfo
validateUserAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Validates the authentication of the user at the origin of a web request.void
validateUserAuthorizationOnAttachment(javax.servlet.http.HttpServletRequest request, User user, SimpleDocument doc)
Validates the authorization of the specified user to access the specified attachment.void
validateUserAuthorizationOnComponentInstance(User user, String instanceId)
Validates the authorization of the specified user to access the component instance with the specified unique identifier.void
validateUserAuthorizationOnPublication(javax.servlet.http.HttpServletRequest request, User user, PublicationDetail publication)
Validates the authorization of the specified user to access the specified publication.
-
-
-
Method Detail
-
validateUserAuthentication
public SessionInfo validateUserAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Validates the authentication of the user at the origin of a web request.The validation checks first the user is already authenticated, then it has a valid opened session in Silverpeas. Otherwise, it attempts to open a new session for the user by using its credentials passed through the request (as an HTTP header). Once the authentication succeed, the identification of the user is done and detail about it can then be got. His session key is then passed in the header of the HTTP response. A runtime exception is thrown with an HTTP status code UNAUTHORIZED (401) at validation failure. The validation fails when one of the below situation is occurring:
- The user session key is invalid;
- The user isn't authenticated and no credentials are passed within the request;
- The user authentication failed.
- Specified by:
validateUserAuthentication
in interfaceUserPrivilegeValidation
- Parameters:
request
- the HTTP request from which the authentication of the caller can be done.response
- the HTTP response that will be sent with the session information set in the header(s).- Returns:
- the opened session of the user at the origin of the specified request.
- Throws:
javax.ws.rs.WebApplicationException
- exception if the validation failed.
-
skipLastUserAccessTimeRegistering
public UserPrivilegeValidation skipLastUserAccessTimeRegistering(javax.servlet.http.HttpServletRequest request)
Sets into the request attributes theSKIP_LAST_USER_ACCESS_TIME_REGISTERING
attribute to true.- Specified by:
skipLastUserAccessTimeRegistering
in interfaceUserPrivilegeValidation
- Parameters:
request
- the current request performed.- Returns:
- itself.
-
validateUserAuthorizationOnComponentInstance
public void validateUserAuthorizationOnComponentInstance(User user, String instanceId)
Validates the authorization of the specified user to access the component instance with the specified unique identifier. If no such component instance exists then aWebApplicationException
is thrown with the Not Found HTTP status code (404). If the user isn't authorized to access the component instance, aWebApplicationException
is thrown with the Forbidden HTTP status code (403).- Specified by:
validateUserAuthorizationOnComponentInstance
in interfaceUserPrivilegeValidation
- Parameters:
user
- the user for whom the authorization has to be validated.instanceId
- the unique identifier of the accessed component instance.- Throws:
javax.ws.rs.WebApplicationException
- exception either if the component instance isn't found or if the validation failed.
-
validateUserAuthorizationOnAttachment
public void validateUserAuthorizationOnAttachment(javax.servlet.http.HttpServletRequest request, User user, SimpleDocument doc)
Validates the authorization of the specified user to access the specified attachment.- Specified by:
validateUserAuthorizationOnAttachment
in interfaceUserPrivilegeValidation
- Parameters:
request
- the HTTP request from which the authentication of the caller can be done.user
- the user for whom the authorization has to be validated.doc
- the document accessed.- Throws:
javax.ws.rs.WebApplicationException
- exception if the validation failed.
-
validateUserAuthorizationOnPublication
public void validateUserAuthorizationOnPublication(javax.servlet.http.HttpServletRequest request, User user, PublicationDetail publication)
Validates the authorization of the specified user to access the specified publication.- Specified by:
validateUserAuthorizationOnPublication
in interfaceUserPrivilegeValidation
- Parameters:
request
- the HTTP request from which the authentication of the caller can be done.user
- the user for whom the authorization has to be validated.publication
- the publication accessed.- Throws:
javax.ws.rs.WebApplicationException
- exception if the validation failed.
-
-