Source Code of org.geoserver.script.rest.FinderSupport

/* (c) 2014 Open Source Geospatial Foundation - all rights reserved
 * (c) 2001 - 2013 OpenPlans
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */
package org.geoserver.script.rest;

import org.geoserver.script.ScriptManager;
import org.geoserver.security.GeoServerSecurityManager;
import org.restlet.Finder;
import org.restlet.data.Request;
import org.restlet.data.Response;
import org.restlet.data.Status;
import org.restlet.resource.Resource;

/**
 * Case class for finders that are part of the script rest api.
 *
 * @author Justin Deoliveira, Boundless
 */
public abstract class FinderSupport extends Finder {

    protected ScriptManager scriptMgr;

    protected FinderSupport(ScriptManager scriptMgr) {
        this.scriptMgr = scriptMgr;
    }

    @Override
    public final Resource findTarget(Request request, Response response) {
        GeoServerSecurityManager secMgr = scriptMgr.getSecurityManager();

        // ensure user authenticated
        if (!secMgr.checkAuthenticationForAdminRole()) {
            response.setStatus(Status.CLIENT_ERROR_UNAUTHORIZED);
            return null;
        }

        // extra step of requiring that teh admin password has been changed
        if (secMgr.checkForDefaultAdminPassword()) {
            response.setStatus(Status.CLIENT_ERROR_FORBIDDEN, "insecure password");
            return null;
        }

        return doFindTarget(request, response);
    }

    protected abstract Resource doFindTarget(Request request, Response response);
}