Search in sources :

Example 1 with ISubjectable

use of com.sun.identity.rest.ISubjectable in project OpenAM by OpenRock.

the class SSOTokenAuthZ method doFilter.

public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    int statusCode = HttpServletResponse.SC_OK;
    String statusMessage = null;
    Principal clientPrincipal = ((HttpServletRequest) request).getUserPrincipal();
    if (clientPrincipal instanceof ISubjectable) {
        try {
            Subject clientSubject = ((ISubjectable) clientPrincipal).createSubject();
            DelegationEvaluator eval = new DelegationEvaluatorImpl();
            SSOToken token = SubjectUtils.getSSOToken(clientSubject);
            String action = mapMethodToAction.get(((HttpServletRequest) request).getMethod());
            if (action == null) {
                statusCode = HttpServletResponse.SC_UNAUTHORIZED;
                statusMessage = "Unable to get HTTP method for request.";
            } else {
                Set<String> setAction = new HashSet<String>();
                setAction.add(action);
                DelegationPermission permission = new DelegationPermission("/", "sunEntitlementService", "1.0", "application", getURI(request), setAction, null);
                if (!eval.isAllowed(token, permission, Collections.EMPTY_MAP)) {
                    statusCode = HttpServletResponse.SC_UNAUTHORIZED;
                    statusMessage = "Unauthorized.";
                }
            }
        } catch (Exception e) {
            statusCode = HttpServletResponse.SC_UNAUTHORIZED;
            statusMessage = e.getMessage();
        }
    } else {
        statusCode = HttpServletResponse.SC_UNAUTHORIZED;
        statusMessage = "Unable to obtain subject.";
    }
    if (statusCode == HttpServletResponse.SC_OK) {
        statusCode = validateTokenId((HttpServletRequest) request);
        if (statusCode == HttpServletResponse.SC_OK) {
            chain.doFilter(request, response);
        } else {
            statusMessage = "SSO token is invalid or has expired.";
        }
    }
    if (statusCode != HttpServletResponse.SC_OK) {
        ((HttpServletResponse) response).sendError(statusCode, statusMessage);
        return;
    }
}
Also used : SSOToken(com.iplanet.sso.SSOToken) DelegationEvaluator(com.sun.identity.delegation.DelegationEvaluator) HttpServletResponse(javax.servlet.http.HttpServletResponse) Subject(javax.security.auth.Subject) DelegationPermission(com.sun.identity.delegation.DelegationPermission) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) RestException(com.sun.identity.rest.RestException) SSOException(com.iplanet.sso.SSOException) HttpServletRequest(javax.servlet.http.HttpServletRequest) DelegationEvaluatorImpl(com.sun.identity.delegation.DelegationEvaluatorImpl) Principal(java.security.Principal) ISubjectable(com.sun.identity.rest.ISubjectable) HashSet(java.util.HashSet)

Aggregations

SSOException (com.iplanet.sso.SSOException)1 SSOToken (com.iplanet.sso.SSOToken)1 DelegationEvaluator (com.sun.identity.delegation.DelegationEvaluator)1 DelegationEvaluatorImpl (com.sun.identity.delegation.DelegationEvaluatorImpl)1 DelegationPermission (com.sun.identity.delegation.DelegationPermission)1 ISubjectable (com.sun.identity.rest.ISubjectable)1 RestException (com.sun.identity.rest.RestException)1 IOException (java.io.IOException)1 Principal (java.security.Principal)1 HashSet (java.util.HashSet)1 Subject (javax.security.auth.Subject)1 ServletException (javax.servlet.ServletException)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1