Package org.silverpeas.core.web.rs
Class UserPrivilegeValidator
- java.lang.Object
-
- org.silverpeas.core.web.rs.UserPrivilegeValidator
-
- All Implemented Interfaces:
UserPrivilegeValidation
@Service public class UserPrivilegeValidator extends Object implements UserPrivilegeValidation
It is a decorator of a REST-based web service that provides access to the validation of the authentication and of the authorization for a caller to request the decorated web service. Indeed, the validation mechanism is encapsulated within the RESTWebService as it requires access to the incoming HTTP request as well to the current user session if any. In order to delegate externally the validation triggering,
-
-
Field Summary
-
Fields inherited from interface org.silverpeas.core.web.rs.UserPrivilegeValidation
HTTP_ACCESS_TOKEN, HTTP_AUTHORIZATION, HTTP_SESSIONKEY
-
-
Constructor Summary
Constructors Constructor Description UserPrivilegeValidator()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description UserPrivilegeValidationskipLastUserAccessTimeRegistering(javax.servlet.http.HttpServletRequest request)Sets into the request attributes theSKIP_LAST_USER_ACCESS_TIME_REGISTERINGattribute to true.SessionInfovalidateUserAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)Validates the authentication of the user at the origin of a web request.voidvalidateUserAuthorizationOnAttachment(javax.servlet.http.HttpServletRequest request, User user, SimpleDocument doc)Validates the authorization of the specified user to access the specified attachment.voidvalidateUserAuthorizationOnComponentInstance(User user, String instanceId)Validates the authorization of the specified user to access the component instance with the specified unique identifier.voidvalidateUserAuthorizationOnPublication(javax.servlet.http.HttpServletRequest request, User user, PublicationDetail publi)Validates the authorization of the specified user to access the specified publication.
-
-
-
Method Detail
-
validateUserAuthentication
public SessionInfo validateUserAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Validates the authentication of the user at the origin of a web request.The validation checks first the user is already authenticated, then it has a valid opened session in Silverpeas. Otherwise, it attempts to open a new session for the user by using its credentials passed through the request (as an HTTP header). Once the authentication succeed, the identification of the user is done and detail about it can then be got. His session key is then passed in the header of the HTTP response. A runtime exception is thrown with an HTTP status code UNAUTHORIZED (401) at validation failure. The validation fails when one of the below situation is occurring:
- The user session key is invalid;
- The user isn't authenticated and no credentials are passed within the request;
- The user authentication failed.
- Specified by:
validateUserAuthenticationin interfaceUserPrivilegeValidation- Parameters:
request- the HTTP request from which the authentication of the caller can be done.response- the HTTP response that will be sent with the session information set in the header(s).- Returns:
- the opened session of the user at the origin of the specified request.
- Throws:
javax.ws.rs.WebApplicationException- exception if the validation failed.
-
skipLastUserAccessTimeRegistering
public UserPrivilegeValidation skipLastUserAccessTimeRegistering(javax.servlet.http.HttpServletRequest request)
Sets into the request attributes theSKIP_LAST_USER_ACCESS_TIME_REGISTERINGattribute to true.- Specified by:
skipLastUserAccessTimeRegisteringin interfaceUserPrivilegeValidation- Parameters:
request- the current request performed.- Returns:
- itself.
-
validateUserAuthorizationOnComponentInstance
public void validateUserAuthorizationOnComponentInstance(User user, String instanceId)
Validates the authorization of the specified user to access the component instance with the specified unique identifier. If no such component instance exists then aWebApplicationExceptionis thrown with the Not Found HTTP status code (404). If the user isn't authorized to access the component instance, aWebApplicationExceptionis thrown with the Forbidden HTTP status code (403).- Specified by:
validateUserAuthorizationOnComponentInstancein interfaceUserPrivilegeValidation- Parameters:
user- the user for whom the authorization has to be validated.instanceId- the unique identifier of the accessed component instance.- Throws:
javax.ws.rs.WebApplicationException- exception either if the component instance isn't found or if the validation failed.
-
validateUserAuthorizationOnAttachment
public void validateUserAuthorizationOnAttachment(javax.servlet.http.HttpServletRequest request, User user, SimpleDocument doc)Validates the authorization of the specified user to access the specified attachment.- Specified by:
validateUserAuthorizationOnAttachmentin interfaceUserPrivilegeValidation- Parameters:
request- the HTTP request from which the authentication of the caller can be done.user- the user for whom the authorization has to be validated.doc- the document accessed.- Throws:
javax.ws.rs.WebApplicationException- exception if the validation failed.
-
validateUserAuthorizationOnPublication
public void validateUserAuthorizationOnPublication(javax.servlet.http.HttpServletRequest request, User user, PublicationDetail publi)Validates the authorization of the specified user to access the specified publication.- Specified by:
validateUserAuthorizationOnPublicationin interfaceUserPrivilegeValidation- Parameters:
request- the HTTP request from which the authentication of the caller can be done.user- the user for whom the authorization has to be validated.publi- the publication accessed.- Throws:
javax.ws.rs.WebApplicationException- exception if the validation failed.
-
-