Examples with UriRouterContext org.forgerock.http.routing.UriRouterContext used on opensource projects

Example 1 with UriRouterContext

use of org.forgerock.http.routing.UriRouterContext in project OpenAM by OpenRock.

the class RealmContextFilterTest method verifyUriRouterContext.

private void verifyUriRouterContext(Context context, String matchedUri) {
    UriRouterContext routerContext = context.asContext(UriRouterContext.class);
    if (matchedUri.isEmpty()) {
        assertThat(routerContext.getBaseUri()).isEqualTo(JSON_PATH_ELEMENT);
    } else {
        assertThat(routerContext.getBaseUri()).isEqualTo(JSON_PATH_ELEMENT + "/" + matchedUri);
    }
    assertThat(routerContext.getMatchedUri()).isEqualTo(matchedUri);
    assertThat(routerContext.getRemainingUri()).isEqualTo(ENDPOINT_PATH_ELEMENT);
}

Example 2 with UriRouterContext

use of org.forgerock.http.routing.UriRouterContext in project OpenAM by OpenRock.

the class UmaResourceSetRegistrationHook method createAdminContext.

/**
     * Used to create a context for deleting policies. If this is being called, we know that the user has the right
     * to delete the policies.
     * @param realm The realm to delete the policies in.
     * @param resourceOwnerId The owner of the ResourceSet that the policies are for.
     * @return The generated context.
     */
private Context createAdminContext(String realm, String resourceOwnerId) {
    RealmContext realmContext = new RealmContext(new RootContext());
    realmContext.setSubRealm(realm, realm);
    SubjectContext subjectContext = new AdminSubjectContext(logger, sessionCache, realmContext);
    Map<String, String> templateVariables = new HashMap<>();
    templateVariables.put("user", resourceOwnerId);
    UriRouterContext routerContext = new UriRouterContext(subjectContext, "", "", templateVariables);
    return routerContext;
}

Example 3 with UriRouterContext

use of org.forgerock.http.routing.UriRouterContext in project OpenAM by OpenRock.

the class PrivilegeAuthzModule method evaluate.

/**
     * Given the calling context and the privilege definition attempts to authorise the calling subject.
     *
     * @param context
     *         the server context
     * @param definition
     *         the privilege definition
     *
     * @return the authorisation result
     */
protected Promise<AuthorizationResult, ResourceException> evaluate(final Context context, final PrivilegeDefinition definition) {
    // If no realm is specified default to the root realm.
    final String realm = (context.containsContext(RealmContext.class)) ? context.asContext(RealmContext.class).getResolvedRealm() : "/";
    final SubjectContext subjectContext = context.asContext(SubjectContext.class);
    final UriRouterContext routerContext = context.asContext(UriRouterContext.class);
    // Map the set of actions to a set of action strings.
    final Set<String> actions = transformSet(definition.getActions(), ACTION_TO_STRING_MAPPER);
    try {
        Session callerSession = subjectContext.getCallerSession();
        if (callerSession == null) {
            // you don't have a session so return access denied
            return Promises.newResultPromise(AuthorizationResult.accessDenied("No session for request."));
        }
        final String loggedInRealm = coreWrapper.convertOrgNameToRealmName(callerSession.getClientDomain());
        final DelegationPermission permissionRequest = permissionFactory.newInstance(loggedInRealm, REST, VERSION, routerContext.getMatchedUri(), definition.getCommonVerb(), actions, Collections.<String, String>emptyMap());
        if (evaluator.isAllowed(subjectContext.getCallerSSOToken(), permissionRequest, Collections.<String, Set<String>>emptyMap()) && loggedIntoValidRealm(realm, loggedInRealm)) {
            // Authorisation has been approved.
            return Promises.newResultPromise(AuthorizationResult.accessPermitted());
        }
    } catch (DelegationException dE) {
        return new InternalServerErrorException("Attempt to authorise the user has failed", dE).asPromise();
    } catch (SSOException e) {
        //you don't have a user so return access denied
        return Promises.newResultPromise(AuthorizationResult.accessDenied("No user supplied in request."));
    }
    return Promises.newResultPromise(AuthorizationResult.accessDenied("The user has insufficient privileges"));
}

Example 4 with UriRouterContext

use of org.forgerock.http.routing.UriRouterContext in project OpenAM by OpenRock.

the class ContextHelper method getUserId.

/**
     * Gets the username for the user of the accessed resource.
     *
     * @param context The context.
     * @return The resource users username.
     */
public String getUserId(Context context) {
    UriRouterContext routerContext = context.asContext(UriRouterContext.class);
    String userId = routerContext.getUriTemplateVariables().get("user");
    if (userId == null && !routerContext.isRootContext() && routerContext.getParent().containsContext(UriRouterContext.class)) {
        return getUserId(routerContext.getParent());
    }
    return userId;
}

Example 5 with UriRouterContext

use of org.forgerock.http.routing.UriRouterContext in project OpenAM by OpenRock.

the class RealmContextFilter method evaluate.

private Context evaluate(Context context, String hostname, List<String> requestUri, List<String> overrideRealmParameter) throws ResourceException {
    if (!coreWrapper.isValidFQDN(hostname)) {
        throw new BadRequestException("FQDN \"" + hostname + "\" is not valid.");
    }
    SSOToken adminToken = coreWrapper.getAdminToken();
    String dnsAliasRealm = RealmUtils.cleanRealm(getRealmFromAlias(adminToken, hostname));
    StringBuilder matchedUriBuilder = new StringBuilder();
    String currentRealm = dnsAliasRealm;
    int consumedElementsCount = 0;
    for (String element : requestUri) {
        try {
            String subrealm = RealmUtils.cleanRealm(element);
            currentRealm = resolveRealm(adminToken, currentRealm, subrealm);
            matchedUriBuilder.append(subrealm);
            consumedElementsCount++;
        } catch (InternalServerErrorException ignored) {
            break;
        }
    }
    String overrideRealm = null;
    try {
        if (overrideRealmParameter != null && !overrideRealmParameter.isEmpty()) {
            overrideRealm = resolveRealm(adminToken, "/", RealmUtils.cleanRealm(overrideRealmParameter.get(0)));
        }
    } catch (InternalServerErrorException e) {
        throw new BadRequestException("Invalid realm, " + overrideRealmParameter.get(0), e);
    }
    List<String> remainingUri = requestUri.subList(consumedElementsCount, requestUri.size());
    String matchedUri = matchedUriBuilder.length() > 1 ? matchedUriBuilder.substring(1) : matchedUriBuilder.toString();
    RealmContext realmContext = new RealmContext(new UriRouterContext(context, matchedUri, Paths.joinPath(remainingUri), Collections.<String, String>emptyMap()));
    realmContext.setDnsAlias(hostname, dnsAliasRealm);
    realmContext.setSubRealm(matchedUri, RealmUtils.cleanRealm(currentRealm.substring(dnsAliasRealm.length())));
    realmContext.setOverrideRealm(overrideRealm);
    return realmContext;
}