/activeobjects-plugin/src/main/java/com/atlassian/plugin/web/springmvc/interceptor/WebSudoAuthorisationInterceptor.java
Java | 29 lines | 21 code | 5 blank | 3 comment | 0 complexity | 8c24d5fc816c0b63f36c917e584f609b MD5 | raw file
Possible License(s): Apache-2.0
1package com.atlassian.plugin.web.springmvc.interceptor;
2
3import com.atlassian.sal.api.websudo.WebSudoManager;
4import com.atlassian.sal.api.websudo.WebSudoSessionException;
5import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
6
7import javax.servlet.http.HttpServletRequest;
8import javax.servlet.http.HttpServletResponse;
9
10/**
11 * Requires a WebSudo session to access admin pages.
12 */
13public final class WebSudoAuthorisationInterceptor extends HandlerInterceptorAdapter {
14 private WebSudoManager webSudoManager;
15
16 public WebSudoAuthorisationInterceptor(WebSudoManager webSudoManager) {
17 this.webSudoManager = webSudoManager;
18 }
19
20 public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
21 try {
22 webSudoManager.willExecuteWebSudoRequest(request);
23 return true;
24 } catch (WebSudoSessionException wes) {
25 webSudoManager.enforceWebSudoProtection(request, response);
26 return false;
27 }
28 }
29}