ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/filters/LogsearchSecurityContextFormationFilter.java - ambari - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.ambari.logsearch.web.filters;

 import java.io.IOException;

 import javax.inject.Inject;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;

 import org.apache.ambari.logsearch.common.LogSearchContext;
 import org.apache.ambari.logsearch.manager.SessionManager;
 import org.apache.ambari.logsearch.util.CommonUtil;
 import org.apache.ambari.logsearch.web.model.User;
 import org.apache.log4j.Logger;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.filter.GenericFilterBean;

 public class LogsearchSecurityContextFormationFilter extends GenericFilterBean {

   static Logger logger = Logger.getLogger(LogsearchSecurityContextFormationFilter.class);

   public static final String LOGSEARCH_SC_SESSION_KEY = "LOGSEARCH_SECURITY_CONTEXT";
   public static final String USER_AGENT = "User-Agent";

   @Inject
   SessionManager sessionManager;

   public LogsearchSecurityContextFormationFilter() {
   }

   /*
    * (non-Javadoc)
    *
    * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
    * javax.servlet.ServletResponse, javax.servlet.FilterChain)
    */
   @Override
   public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
     ServletException {

     try {
       Authentication auth = SecurityContextHolder.getContext().getAuthentication();

       if (auth instanceof AnonymousAuthenticationToken) {
         // ignore
       } else {
         HttpServletRequest httpRequest = (HttpServletRequest) request;
         HttpSession httpSession = httpRequest.getSession(false);
         Cookie[] cookieList = httpRequest.getCookies();
         String msaCookie = null;
         for (int i = 0; cookieList != null && i < cookieList.length; i++) {
           if (cookieList[i].getName().equalsIgnoreCase("msa")) {
             msaCookie = cookieList[i].getValue();
           }
         }
         if (msaCookie == null) {
           HttpServletResponse httpResponse = (HttpServletResponse) response;
           msaCookie = CommonUtil.genGUI();
           Cookie cookie = new Cookie("msa", msaCookie);
           // TODO: Need to revisit this
           cookie.setMaxAge(Integer.MAX_VALUE);
           httpResponse.addCookie(cookie);
         }
         // [1]get the context from session
         LogSearchContext context = (LogSearchContext) httpSession.getAttribute(LOGSEARCH_SC_SESSION_KEY);
         if (context == null) {
           context = new LogSearchContext();
           httpSession.setAttribute(LOGSEARCH_SC_SESSION_KEY, context);
         }
         LogSearchContext.setContext(context);
         User user = sessionManager.processSuccessLogin();
         context.setUser(user);
       }
       chain.doFilter(request, response);

     } finally {
       // [4]remove context from thread-local
       LogSearchContext.resetContext();
     }
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.ambari.logsearch.web.filters;

	import java.io.IOException;

	import javax.inject.Inject;
	import javax.servlet.FilterChain;
	import javax.servlet.ServletException;
	import javax.servlet.ServletRequest;
	import javax.servlet.ServletResponse;
	import javax.servlet.http.Cookie;
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;
	import javax.servlet.http.HttpSession;

	import org.apache.ambari.logsearch.common.LogSearchContext;
	import org.apache.ambari.logsearch.manager.SessionManager;
	import org.apache.ambari.logsearch.util.CommonUtil;
	import org.apache.ambari.logsearch.web.model.User;
	import org.apache.log4j.Logger;
	import org.springframework.security.authentication.AnonymousAuthenticationToken;
	import org.springframework.security.core.Authentication;
	import org.springframework.security.core.context.SecurityContextHolder;
	import org.springframework.web.filter.GenericFilterBean;

	public class LogsearchSecurityContextFormationFilter extends GenericFilterBean {

	static Logger logger = Logger.getLogger(LogsearchSecurityContextFormationFilter.class);

	public static final String LOGSEARCH_SC_SESSION_KEY = "LOGSEARCH_SECURITY_CONTEXT";
	public static final String USER_AGENT = "User-Agent";

	@Inject
	SessionManager sessionManager;

	public LogsearchSecurityContextFormationFilter() {
	}

	/*
	* (non-Javadoc)
	*
	* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
	* javax.servlet.ServletResponse, javax.servlet.FilterChain)
	*/
	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
	ServletException {

	try {
	Authentication auth = SecurityContextHolder.getContext().getAuthentication();

	if (auth instanceof AnonymousAuthenticationToken) {
	// ignore
	} else {
	HttpServletRequest httpRequest = (HttpServletRequest) request;
	HttpSession httpSession = httpRequest.getSession(false);
	Cookie[] cookieList = httpRequest.getCookies();
	String msaCookie = null;
	for (int i = 0; cookieList != null && i < cookieList.length; i++) {
	if (cookieList[i].getName().equalsIgnoreCase("msa")) {
	msaCookie = cookieList[i].getValue();
	}
	}
	if (msaCookie == null) {
	HttpServletResponse httpResponse = (HttpServletResponse) response;
	msaCookie = CommonUtil.genGUI();
	Cookie cookie = new Cookie("msa", msaCookie);
	// TODO: Need to revisit this
	cookie.setMaxAge(Integer.MAX_VALUE);
	httpResponse.addCookie(cookie);
	}
	// [1]get the context from session
	LogSearchContext context = (LogSearchContext) httpSession.getAttribute(LOGSEARCH_SC_SESSION_KEY);
	if (context == null) {
	context = new LogSearchContext();
	httpSession.setAttribute(LOGSEARCH_SC_SESSION_KEY, context);
	}
	LogSearchContext.setContext(context);
	User user = sessionManager.processSuccessLogin();
	context.setUser(user);
	}
	chain.doFilter(request, response);

	} finally {
	// [4]remove context from thread-local
	LogSearchContext.resetContext();
	}
	}
	}