public void doFilter()

in resource-server/src/main/java/org/apache/servicecomb/fence/resource/ConfigBasedAuthoriaztionAuthFilter.java [37:59]

• 22 lines of code
• 6 McCabe index (conditional complexity)

  public void doFilter(Invocation invocation) throws InvocationException {
    AccessDynamicProperties config = AccessDynamicPropertiesManager.getAccessConfiguration(invocation);
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    // check roles
    if (!StringUtils.isEmpty(config.roles)) {
      String[] roles = config.roles.split(",");
      if (roles.length > 0) {
        boolean valid = false;
        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
        Collection<String> authoritiesNames = new HashSet<String>();
        authorities.forEach(a -> authoritiesNames.add(a.getAuthority()));
        for (String role : roles) {
          if (authoritiesNames.contains(role)) {
            valid = true;
            break;
          }
        }
        if (!valid) {
          throw new InvocationException(403, "forbidden", "not authenticated");
        }
      }
    }
  }