src/main/java/org/eclipse/openk/elogbook/controller/TokenManager.java - openk-usermodules/org.eclipse.openk-usermodules.elogbook - Git at Google

 /**
 ******************************************************************************
 * Copyright © 2017-2018 PTA GmbH.
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 *
 *     http://www.eclipse.org/legal/epl-v10.html
 *
 ******************************************************************************
 */
 package org.eclipse.openk.elogbook.controller;


 import org.apache.log4j.Logger;
 import org.eclipse.openk.elogbook.auth2.model.JwtPayload;
 import org.eclipse.openk.elogbook.auth2.util.JwtHelper;
 import org.eclipse.openk.elogbook.common.BackendConfig;
 import org.eclipse.openk.elogbook.common.Globals;
 import org.eclipse.openk.elogbook.communication.RestServiceWrapper;
 import org.eclipse.openk.elogbook.controller.BaseWebService.SecureType;
 import org.eclipse.openk.elogbook.exceptions.BtbException;
 import org.eclipse.openk.elogbook.exceptions.BtbForbidden;

 public class TokenManager {
     private static final Logger LOGGER = Logger.getLogger(TokenManager.class.getName());

     private static final TokenManager INSTANCE = new TokenManager();

     private TokenManager() {
     }

     public static TokenManager getInstance() {
         return INSTANCE;
     }

     public void logout(String token) throws BtbException {
         RestServiceWrapper restServiceWrapper = new RestServiceWrapper(BackendConfig.getInstance().getPortalBaseURL(), false);
         restServiceWrapper.performGetRequest("logout",token);
     }

     public void checkAut(String token) throws BtbException {
         RestServiceWrapper restServiceWrapper = new RestServiceWrapper(BackendConfig.getInstance().getPortalBaseURL(), false);
         restServiceWrapper.performGetRequest("checkAuth",token);
     }

     public void checkAutLevel(String token, BaseWebService.SecureType secureType) throws BtbForbidden {
         JwtPayload jwtPayload = JwtHelper.getJwtPayload(token);

         if (jwtPayload != null && secureType == SecureType.NORMAL && !(jwtPayload.getRealmAccess()
             .isInRole(Globals.KEYCLOAK_ROLE_NORMALUSER) || jwtPayload.getRealmAccess()
             .isInRole(Globals.KEYCLOAK_ROLE_SUPERUSER))){
             LOGGER.warn("Security level not sufficent ");
             throw new BtbForbidden("insufficent rights");
         } else if (jwtPayload != null && secureType == BaseWebService.SecureType.HIGH &&
             !jwtPayload.getRealmAccess().isInRole(Globals.KEYCLOAK_ROLE_SUPERUSER)){
             LOGGER.warn("Security level not sufficent ");
             throw new BtbForbidden("insufficent rights");
         }
     }

 }
	/**
	******************************************************************************
	* Copyright © 2017-2018 PTA GmbH.
	* All rights reserved. This program and the accompanying materials
	* are made available under the terms of the Eclipse Public License v1.0
	* which accompanies this distribution, and is available at
	*
	* http://www.eclipse.org/legal/epl-v10.html
	*
	******************************************************************************
	*/
	package org.eclipse.openk.elogbook.controller;


	import org.apache.log4j.Logger;
	import org.eclipse.openk.elogbook.auth2.model.JwtPayload;
	import org.eclipse.openk.elogbook.auth2.util.JwtHelper;
	import org.eclipse.openk.elogbook.common.BackendConfig;
	import org.eclipse.openk.elogbook.common.Globals;
	import org.eclipse.openk.elogbook.communication.RestServiceWrapper;
	import org.eclipse.openk.elogbook.controller.BaseWebService.SecureType;
	import org.eclipse.openk.elogbook.exceptions.BtbException;
	import org.eclipse.openk.elogbook.exceptions.BtbForbidden;

	public class TokenManager {
	private static final Logger LOGGER = Logger.getLogger(TokenManager.class.getName());

	private static final TokenManager INSTANCE = new TokenManager();

	private TokenManager() {
	}

	public static TokenManager getInstance() {
	return INSTANCE;
	}

	public void logout(String token) throws BtbException {
	RestServiceWrapper restServiceWrapper = new RestServiceWrapper(BackendConfig.getInstance().getPortalBaseURL(), false);
	restServiceWrapper.performGetRequest("logout",token);
	}

	public void checkAut(String token) throws BtbException {
	RestServiceWrapper restServiceWrapper = new RestServiceWrapper(BackendConfig.getInstance().getPortalBaseURL(), false);
	restServiceWrapper.performGetRequest("checkAuth",token);
	}

	public void checkAutLevel(String token, BaseWebService.SecureType secureType) throws BtbForbidden {
	JwtPayload jwtPayload = JwtHelper.getJwtPayload(token);

	if (jwtPayload != null && secureType == SecureType.NORMAL && !(jwtPayload.getRealmAccess()
	.isInRole(Globals.KEYCLOAK_ROLE_NORMALUSER) \|\| jwtPayload.getRealmAccess()
	.isInRole(Globals.KEYCLOAK_ROLE_SUPERUSER))){
	LOGGER.warn("Security level not sufficent ");
	throw new BtbForbidden("insufficent rights");
	} else if (jwtPayload != null && secureType == BaseWebService.SecureType.HIGH &&
	!jwtPayload.getRealmAccess().isInRole(Globals.KEYCLOAK_ROLE_SUPERUSER)){
	LOGGER.warn("Security level not sufficent ");
	throw new BtbForbidden("insufficent rights");
	}
	}

	}