@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
final AuthenticationToken<?> authentication = SessionUtils.getAuthenticationToken(request);
final Set<GrantedAuthority> authorities = authentication.getUser().getAuthorities();
if (authorityVerifier.hasAnyAuthorityMatching(authorities)) {
LOGGER.debug("User {} authorized to access {}", authentication.getUser().getUsername(), request.getRequestURI());
filterChain.doFilter(request, response);
} else {
LOGGER.debug("User {} not authorized to access {}: has authorities {}", authentication.getUser().getUsername(), request.getRequestURI(), authentication.getUser().getAuthorities());
if (SessionUtils.getCurrentUser().asUsernameObject().isAnonymous()) {
requestHandler.handle(request, response, SC_UNAUTHORIZED, "You are not authenticated!");
} else {
requestHandler.handle(request, response, SC_FORBIDDEN, "You are not authorized to access this resource!");
}
}
}
}