Example 1 with ISubjectable
use of com.sun.identity.rest.ISubjectable in project OpenAM by OpenRock.
the class SSOTokenAuthZ method doFilter.
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
int statusCode = HttpServletResponse.SC_OK;
String statusMessage = null;
Principal clientPrincipal = ((HttpServletRequest) request).getUserPrincipal();
if (clientPrincipal instanceof ISubjectable) {
try {
Subject clientSubject = ((ISubjectable) clientPrincipal).createSubject();
DelegationEvaluator eval = new DelegationEvaluatorImpl();
SSOToken token = SubjectUtils.getSSOToken(clientSubject);
String action = mapMethodToAction.get(((HttpServletRequest) request).getMethod());
if (action == null) {
statusCode = HttpServletResponse.SC_UNAUTHORIZED;
statusMessage = "Unable to get HTTP method for request.";
} else {
Set<String> setAction = new HashSet<String>();
setAction.add(action);
DelegationPermission permission = new DelegationPermission("/", "sunEntitlementService", "1.0", "application", getURI(request), setAction, null);
if (!eval.isAllowed(token, permission, Collections.EMPTY_MAP)) {
statusCode = HttpServletResponse.SC_UNAUTHORIZED;
statusMessage = "Unauthorized.";
}
}
} catch (Exception e) {
statusCode = HttpServletResponse.SC_UNAUTHORIZED;
statusMessage = e.getMessage();
}
} else {
statusCode = HttpServletResponse.SC_UNAUTHORIZED;
statusMessage = "Unable to obtain subject.";
}
if (statusCode == HttpServletResponse.SC_OK) {
statusCode = validateTokenId((HttpServletRequest) request);
if (statusCode == HttpServletResponse.SC_OK) {
chain.doFilter(request, response);
} else {
statusMessage = "SSO token is invalid or has expired.";
}
}
if (statusCode != HttpServletResponse.SC_OK) {
((HttpServletResponse) response).sendError(statusCode, statusMessage);
return;
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
DelegationEvaluator(com.sun.identity.delegation.DelegationEvaluator)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Subject(javax.security.auth.Subject)
DelegationPermission(com.sun.identity.delegation.DelegationPermission)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
RestException(com.sun.identity.rest.RestException)
SSOException(com.iplanet.sso.SSOException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
DelegationEvaluatorImpl(com.sun.identity.delegation.DelegationEvaluatorImpl)
Principal(java.security.Principal)
ISubjectable(com.sun.identity.rest.ISubjectable)
HashSet(java.util.HashSet)
Aggregations
SSOException (com.iplanet.sso.SSOException)1
SSOToken (com.iplanet.sso.SSOToken)1
DelegationEvaluator (com.sun.identity.delegation.DelegationEvaluator)1
DelegationEvaluatorImpl (com.sun.identity.delegation.DelegationEvaluatorImpl)1
DelegationPermission (com.sun.identity.delegation.DelegationPermission)1
ISubjectable (com.sun.identity.rest.ISubjectable)1
RestException (com.sun.identity.rest.RestException)1
IOException (java.io.IOException)1
Principal (java.security.Principal)1
HashSet (java.util.HashSet)1
Subject (javax.security.auth.Subject)1
ServletException (javax.servlet.ServletException)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
