public boolean preHandle()

in src/main/java/org/apache/pulsar/manager/interceptor/AdminHandlerInterceptor.java [54:113]


    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        // allow frontend requests, in case of front-end running on the same process of backend

        if (request.getServletPath().startsWith("/ui")
                || request.getServletPath().startsWith("/static")) {
            return true;
        }
        String token = request.getHeader("token");
        String saveToken = jwtService.getToken(request.getSession().getId());
        Map<String, Object> map = Maps.newHashMap();
        Gson gson = new Gson();
        if (token == null || !token.equals(saveToken)) {
            map.put("message", "Please login.");
            response.setStatus(401);
            response.getWriter().append(gson.toJson(map));
            return false;
        }
        Optional<UserInfoEntity> optionalUserInfoEntity = usersRepository.findByAccessToken(token);
        if (!optionalUserInfoEntity.isPresent()) {
            map.put("message", "Please login.");
            response.setStatus(401);
            response.getWriter().append(gson.toJson(map));
            return false;
        }
        String username = request.getHeader("username");
        UserInfoEntity userInfoEntity = optionalUserInfoEntity.get();
        if (!userInfoEntity.getName().equals(username)) {
            map.put("message", "Please login.");
            response.setStatus(401);
            response.getWriter().append(gson.toJson(map));
            return false;
        }
        String requestUri = request.getServletPath();
        if (!requestUri.equals("/pulsar-manager/users/userInfo")) {
            String environment = request.getHeader("environment");
            Optional<EnvironmentEntity> environmentEntityOptional = environmentsRepository.findByName(environment);
            if (!request.getServletPath().startsWith("/pulsar-manager/environments") && !environmentEntityOptional.isPresent()) {
                map.put("message", "Currently there is no active environment, please set one");
                response.setStatus(400);
                response.getWriter().append(gson.toJson(map));
                return false;
            }
        }
        if (requestUri.startsWith("/admin/v2/clusters")
                || requestUri.startsWith("/admin/v2/brokers")) {
            map.put("message", "This user no permissions for this resource");
            response.setStatus(401);
            response.getWriter().append(gson.toJson(map));
            return false;
        }
        if (requestUri.startsWith("/admin/v2/tenants")) {
            if (request.getMethod() != "GET") {
                map.put("message", "This user no permissions for this resource");
                response.setStatus(401);
                response.getWriter().append(gson.toJson(map));
                return false;
            }
        }
        return true;
    }