[ZEPPELIN-2913] support for both user and role

prabhjyotsingh · prabhjyotsingh · commit 53c0c034a3e7 · 2018-06-05T13:44:33.000+05:30
Change-Id: I5a83e5701d22ac40b37cc8c3d4c9414ef007b99c
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/utils/AnyOfRolesUserAuthorizationFilter.java b/zeppelin-server/src/main/java/org/apache/zeppelin/utils/AnyOfRolesUserAuthorizationFilter.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.zeppelin.utils;
+
+import java.io.IOException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;
+
+/**
+ * Allows access if current user has at least one role of the specified list.
+ * <p>
+ * Basically, it's the same as {@link RolesAuthorizationFilter} but using {@literal OR} instead
+ * of {@literal AND} on the specified roles.
+ */
+public class AnyOfRolesUserAuthorizationFilter extends RolesAuthorizationFilter {
+  @Override
+  public boolean isAccessAllowed(ServletRequest request, ServletResponse response,
+          Object mappedValue) throws IOException {
+    final Subject subject = getSubject(request, response);
+    final String[] rolesArray = (String[]) mappedValue;
+
+    if (rolesArray == null || rolesArray.length == 0) {
+      //no roles specified, so nothing to check - allow access.
+      return true;
+    }
+
+    for (String roleName : rolesArray) {
+      if (subject.hasRole(roleName) || subject.getPrincipal().equals(roleName)) {
+        return true;
+      }
+    }
+    return false;
+  }
+}
