SecurityInterceptor.java

/*
 * Copyright (c) 2021 Oracle and/or its affiliates. All rights reserved.
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Public License v. 2.0, which is available at
 * http://www.eclipse.org/legal/epl-2.0.
 *
 * This Source Code may also be made available under the following Secondary
 * Licenses when the conditions for such availability set forth in the
 * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
 * version 2 with the GNU Classpath Exception, which is available at
 * https://www.gnu.org/software/classpath/license.html.
 *
 * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
 */

package org.glassfish.jersey.tests.e2e.inject.cdi.weld;

import javax.ws.rs.ForbiddenException;
import javax.ws.rs.core.MultivaluedMap;

import javax.inject.Inject;
import javax.interceptor.AroundInvoke;
import javax.interceptor.Interceptor;
import javax.interceptor.InvocationContext;

/**
 * Interceptor checking James as a user in query params.
 *
 * @author Petr Bouda
 */
@Secured
@Interceptor
public class SecurityInterceptor {

    @Inject
    NameService nameService;

    @Inject
    JaxrsService jaxrsService;

    @AroundInvoke
    public Object logMethodEntry(InvocationContext ctx) throws Exception {
        MultivaluedMap<String, String> params = jaxrsService.getUriInfo().getQueryParameters();
        String user = params.getFirst("user");

        if (nameService.getName().equals(user)) {
            return ctx.proceed();
        } else {
            throw new ForbiddenException("Forbidden resource for the user: " + user);
        }
    }
}