RestSecurityContextMapper.java revision bac066aba91585304ce46b92b923c344ab8d2150
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * The contents of this file are subject to the terms of the Common Development and
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * Distribution License (the License). You may not use this file except in compliance with the
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * specific language governing permission and limitations under the License.
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * When distributing Covered Software, include this CDDL Header Notice in each file and include
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * Header, with the fields enclosed by brackets [] replaced by your own identifying
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * information: "Portions copyright [year] [name of copyright owner]".
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * Copyright 2013-2014 ForgeRock AS.
88328f1b6dc66803c905a3fb857e04d97facc3d2wroweimport org.forgerock.json.resource.servlet.SecurityContextFactory;
88328f1b6dc66803c905a3fb857e04d97facc3d2wroweimport org.forgerock.openam.jaspi.config.RestJaspiRuntimeConfigurationFactory;
72664754b0b490b91f9debd16ecb172fb9475721rpluem * Maps the Commons AuthN Filter security parameters to CREST security parameters.
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * {@link SecurityContextFactory}
a05afc9e8144b978275e5fadf356717de6f93039jailletcpublic class RestSecurityContextMapper implements Filter {
5bfaaf573bacb45c1cf290ce85ecc676587e8a64jim private static final Debug DEBUG = Debug.getInstance(RestJaspiRuntimeConfigurationFactory.LOG_NAME);
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * Does nothing.
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * {@inheritDoc}
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe public void init(FilterConfig filterConfig) throws ServletException {
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * Converts the Commons AuthN Filter "org.forgerock.authentication.principal" and
a221184be5b40f8349982d94cda02b98068ce0d8minfrin * "org.forgerock.authentication.context" request header and attribute into the expected CREST
a221184be5b40f8349982d94cda02b98068ce0d8minfrin * "org.forgerock.security.authcid" and "org.forgerock.security.authzid" request attributes.
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * These two CREST request attributes will be picked up by the CREST framework and create a SecurityContext
a05afc9e8144b978275e5fadf356717de6f93039jailletc * with these two values, which can then be accessed by CREST resources.
49fd87ed00b95bdd7a4cfc874e5c5fe4a04faf5aminfrin * @param servletRequest {@inheritDoc}
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * @param servletResponse {@inheritDoc}
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * @param filterChain {@inheritDoc}
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * @throws IOException {@inheritDoc}
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * @throws ServletException {@inheritDoc}
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe if ((!HttpServletRequest.class.isAssignableFrom(servletRequest.getClass())
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe || !HttpServletResponse.class.isAssignableFrom(servletResponse.getClass()))) {
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe HttpServletRequest request = (HttpServletRequest) servletRequest;
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe Object principal = request.getAttribute(JaspiRuntime.ATTRIBUTE_AUTH_PRINCIPAL);
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe Map<String, Object> authzid = (Map<String, Object>) request.getAttribute(JaspiRuntime.ATTRIBUTE_AUTH_CONTEXT);
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe request.setAttribute(SecurityContextFactory.ATTRIBUTE_AUTHCID, authcid);
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe request.setAttribute(SecurityContextFactory.ATTRIBUTE_AUTHZID, authzid);
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * Does nothing.
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * {@inheritDoc}
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe public void destroy() {