use of com.sun.identity.rest.ISubjectable in project OpenAM by OpenRock.
the class SSOTokenAuthZ method doFilter.
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
int statusCode = HttpServletResponse.SC_OK;
String statusMessage = null;
Principal clientPrincipal = ((HttpServletRequest) request).getUserPrincipal();
if (clientPrincipal instanceof ISubjectable) {
try {
Subject clientSubject = ((ISubjectable) clientPrincipal).createSubject();
DelegationEvaluator eval = new DelegationEvaluatorImpl();
SSOToken token = SubjectUtils.getSSOToken(clientSubject);
String action = mapMethodToAction.get(((HttpServletRequest) request).getMethod());
if (action == null) {
statusCode = HttpServletResponse.SC_UNAUTHORIZED;
statusMessage = "Unable to get HTTP method for request.";
} else {
Set<String> setAction = new HashSet<String>();
setAction.add(action);
DelegationPermission permission = new DelegationPermission("/", "sunEntitlementService", "1.0", "application", getURI(request), setAction, null);
if (!eval.isAllowed(token, permission, Collections.EMPTY_MAP)) {
statusCode = HttpServletResponse.SC_UNAUTHORIZED;
statusMessage = "Unauthorized.";
}
}
} catch (Exception e) {
statusCode = HttpServletResponse.SC_UNAUTHORIZED;
statusMessage = e.getMessage();
}
} else {
statusCode = HttpServletResponse.SC_UNAUTHORIZED;
statusMessage = "Unable to obtain subject.";
}
if (statusCode == HttpServletResponse.SC_OK) {
statusCode = validateTokenId((HttpServletRequest) request);
if (statusCode == HttpServletResponse.SC_OK) {
chain.doFilter(request, response);
} else {
statusMessage = "SSO token is invalid or has expired.";
}
}
if (statusCode != HttpServletResponse.SC_OK) {
((HttpServletResponse) response).sendError(statusCode, statusMessage);
return;
}
}
Aggregations