Search in sources :

Example 1 with Secure

use of org.xdi.service.security.Secure in project oxTrust by GluuFederation.

the class UmaSecureInterceptor method invoke.

@AroundInvoke
public Object invoke(InvocationContext ctx) throws Exception {
    HttpServletResponse response = null;
    Object[] parameters = ctx.getParameters();
    log.trace("REST method call security check. " + ctx.getMethod().getName() + "()");
    for (Object parameter : parameters) {
        if (parameter instanceof HttpServletResponse)
            response = (HttpServletResponse) parameter;
    }
    InterceptSecure is = securityExtension.getInterceptSecure(ctx.getMethod());
    // SecurityChecking  restrictions
    Secure[] constraints = (is == null) ? new Secure[0] : is.value();
    // Getting the parameter values
    Map<String, Object> secureVars = computeParameterValues(ctx);
    for (Secure constraint : constraints) {
        Boolean expressionValue = expressionEvaluator.evaluateValueExpression(constraint.value(), Boolean.class, secureVars);
        if ((expressionValue == null) || !expressionValue) {
            log.debug("Method: '{}' constrain '{}' evaluation is null or false!", ctx.getMethod(), constraint);
            throw new SecurityEvaluationException();
        }
    }
    try {
        // the method call
        return ctx.proceed();
    } catch (Exception e) {
        log.error("Error calling ctx.proceed in UmaSecureInterceptor");
        // REST call error report
        if (response != null) {
            try {
                response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR");
            } catch (Exception ex) {
            }
        } else if (Response.class.isAssignableFrom(ctx.getMethod().getReturnType())) {
            return Response.serverError().entity("INTERNAL SERVER ERROR").build();
        }
        return null;
    }
}
Also used : InterceptSecure(org.xdi.service.security.InterceptSecure) InterceptSecure(org.xdi.service.security.InterceptSecure) Secure(org.xdi.service.security.Secure) HttpServletResponse(javax.servlet.http.HttpServletResponse) SecurityEvaluationException(org.xdi.service.security.SecurityEvaluationException) SecurityEvaluationException(org.xdi.service.security.SecurityEvaluationException) AroundInvoke(javax.interceptor.AroundInvoke)

Example 2 with Secure

use of org.xdi.service.security.Secure in project oxTrust by GluuFederation.

the class WhitePagesAction method search.

@Secure("#{permissionService.hasPermission(applianceService.appliance, 'whitePagesEnabled')}")
public String search() {
    try {
        GluuCustomPerson person = new GluuCustomPerson();
        person.setGluuAllowPublication("true");
        this.persons = personService.findPersons(person, 0);
    } catch (Exception ex) {
        log.error("Failed to find persons", ex);
        facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to find persons white pages");
        conversationService.endConversation();
        return OxTrustConstants.RESULT_FAILURE;
    }
    return OxTrustConstants.RESULT_SUCCESS;
}
Also used : GluuCustomPerson(org.gluu.oxtrust.model.GluuCustomPerson) Secure(org.xdi.service.security.Secure)

Aggregations

Secure (org.xdi.service.security.Secure)2 AroundInvoke (javax.interceptor.AroundInvoke)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 GluuCustomPerson (org.gluu.oxtrust.model.GluuCustomPerson)1 InterceptSecure (org.xdi.service.security.InterceptSecure)1 SecurityEvaluationException (org.xdi.service.security.SecurityEvaluationException)1