Add AuthorizedInterceptor to control the access for a role.

1 year ago · 06ce1ff07f
parent 2b1fef5b0e
commit 06ce1ff07f
1 changed files with 44 additions and 0 deletions
--- a/src/main/java/space/kklochko/spring_rest_example/interceptors/AuthorizedInterceptor.java
+++ b/src/main/java/space/kklochko/spring_rest_example/interceptors/AuthorizedInterceptor.java
@ -0,0 +1,44 @@
+package space.kklochko.spring_rest_example.interceptors;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpMethod;
+import org.springframework.web.servlet.HandlerInterceptor;
+import space.kklochko.spring_rest_example.security.access.AuthorizedValidator;
+
+public class AuthorizedInterceptor implements HandlerInterceptor {
+    @Autowired
+    AuthorizedValidator authorizedValidator;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        if (request.getMethod().equals(HttpMethod.GET.name())) {
+            return true;
+        }
+
+        String token = request.getHeader("Authorization");
+
+        Boolean accessStatus;
+
+        if (request.getMethod().equals(HttpMethod.DELETE.name())) {
+            accessStatus = authorizedValidator.isAdmin(token);
+        }else {
+            accessStatus = authorizedValidator.isUser(token);
+        }
+
+        if(accessStatus == null) {
+            response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authorizedValidator.noToken());
+            return false;
+        }
+
+        if(!accessStatus) {
+            response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authorizedValidator.accessDeniedNoPermission());
+            return false;
+        }
+
+        return true;
+    }
+}
+