Authentication through the canvas-attribute signed_request

[examples/facebook-app] / src / main / java / de / juplo / yourshouter / UserCookieInterceptor.java

package de.juplo.yourshouter;


import java.io.IOException;
import java.util.Collections;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import org.springframework.social.connect.UsersConnectionRepository;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;


/**
 * Intercepts all requests to handle the user-cookie.
 *
 * @author Kai Moritz
 */
public final class UserCookieInterceptor extends HandlerInterceptorAdapter
{
  private final static Logger LOG =
      LoggerFactory.getLogger(UserCookieInterceptor.class);
  private final static Pattern PATTERN = Pattern.compile("^/signin|canvas");


  private final UsersConnectionRepository repository;


  /**
   * Creates an instance of this class, that uses the given instance of
   * {@link UsersConnectionRepository}.
   *
   * @param repository
   *     The instance of {@link UsersConnectionRepository} to use.
   */
  public UserCookieInterceptor(UsersConnectionRepository repository)
  {
    this.repository = repository;
  }


  /**
   * Before a request is handled, the current user is loaded from the cookie,
   * if the cookie is present and the user is known. If the user is not known,
   * the cookie is removed.
   *
   * @param request
   *     The {@link HttpServletRequest} that is intercepted.
   * @param response
   *     The {@link HttpServletResponse} that is intercepted.
   * @param handler
   *     The handler, that handles the intercepted request.
   * @return
   *     Always <code>true</code>, to indicate, that the intercepted request
   *     should be handled normally.
   * @throws java.io.IOException
   *     if something wents wrong, while sending the redirect to the
   *     sign-in-page.
   */
  @Override
  public boolean preHandle(
      HttpServletRequest request,
      HttpServletResponse response,
      Object handler
      )
      throws
        IOException
  {
    if (PATTERN.matcher(request.getServletPath()).find())
      return true;

    String user = UserCookieGenerator.INSTANCE.readCookieValue(request);
    if (user != null)
    {
      if (!repository
          .findUserIdsConnectedTo("facebook", Collections.singleton(user))
          .isEmpty()
          )
      {
        LOG.info("loading user {} from cookie", user);
        SecurityContext.setCurrentUser(user);
        return true;
      }
      else
      {
        LOG.warn("user {} is not known!", user);
        UserCookieGenerator.INSTANCE.removeCookie(response);
      }
    }

    response.sendRedirect("/signin.html");
    return false;
  }

  /**
   * After a request, the user is removed from the security-context.
   *
   * @param request
   *     The {@link HttpServletRequest} that is intercepted.
   * @param response
   *     The {@link HttpServletResponse} that is intercepted.
   * @param handler
   *     The handler, that handles the intercepted request.
   * @param exception
   *     If an exception was thrown during the handling of this request, it is
   *     handed in through this parameter.
   */
  @Override
  public void afterCompletion(
      HttpServletRequest request,
      HttpServletResponse response,
      Object handler,
      Exception exception
      )
  {
    SecurityContext.remove();
  }
}