Search in sources :

Example 1 with InterceptSecure

use of org.xdi.service.security.InterceptSecure in project oxTrust by GluuFederation.

the class UmaSecureInterceptor method invoke.

@AroundInvoke
public Object invoke(InvocationContext ctx) throws Exception {
    HttpServletResponse response = null;
    Object[] parameters = ctx.getParameters();
    log.trace("REST method call security check. " + ctx.getMethod().getName() + "()");
    for (Object parameter : parameters) {
        if (parameter instanceof HttpServletResponse)
            response = (HttpServletResponse) parameter;
    }
    InterceptSecure is = securityExtension.getInterceptSecure(ctx.getMethod());
    // SecurityChecking  restrictions
    Secure[] constraints = (is == null) ? new Secure[0] : is.value();
    // Getting the parameter values
    Map<String, Object> secureVars = computeParameterValues(ctx);
    for (Secure constraint : constraints) {
        Boolean expressionValue = expressionEvaluator.evaluateValueExpression(constraint.value(), Boolean.class, secureVars);
        if ((expressionValue == null) || !expressionValue) {
            log.debug("Method: '{}' constrain '{}' evaluation is null or false!", ctx.getMethod(), constraint);
            throw new SecurityEvaluationException();
        }
    }
    try {
        // the method call
        return ctx.proceed();
    } catch (Exception e) {
        log.error("Error calling ctx.proceed in UmaSecureInterceptor");
        // REST call error report
        if (response != null) {
            try {
                response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR");
            } catch (Exception ex) {
            }
        } else if (Response.class.isAssignableFrom(ctx.getMethod().getReturnType())) {
            return Response.serverError().entity("INTERNAL SERVER ERROR").build();
        }
        return null;
    }
}
Also used : InterceptSecure(org.xdi.service.security.InterceptSecure) InterceptSecure(org.xdi.service.security.InterceptSecure) Secure(org.xdi.service.security.Secure) HttpServletResponse(javax.servlet.http.HttpServletResponse) SecurityEvaluationException(org.xdi.service.security.SecurityEvaluationException) SecurityEvaluationException(org.xdi.service.security.SecurityEvaluationException) AroundInvoke(javax.interceptor.AroundInvoke)

Aggregations

AroundInvoke (javax.interceptor.AroundInvoke)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 InterceptSecure (org.xdi.service.security.InterceptSecure)1 Secure (org.xdi.service.security.Secure)1 SecurityEvaluationException (org.xdi.service.security.SecurityEvaluationException)1