RestSecurityContextMapper.java revision bac066aba91585304ce46b92b923c344ab8d2150
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe/*
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * The contents of this file are subject to the terms of the Common Development and
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * Distribution License (the License). You may not use this file except in compliance with the
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * License.
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe *
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * specific language governing permission and limitations under the License.
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe *
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * When distributing Covered Software, include this CDDL Header Notice in each file and include
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * Header, with the fields enclosed by brackets [] replaced by your own identifying
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * information: "Portions copyright [year] [name of copyright owner]".
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe *
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * Copyright 2013-2014 ForgeRock AS.
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe */
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowepackage org.forgerock.openam.jaspi.filter;
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe
88328f1b6dc66803c905a3fb857e04d97facc3d2wroweimport com.sun.identity.shared.debug.Debug;
88328f1b6dc66803c905a3fb857e04d97facc3d2wroweimport org.forgerock.jaspi.runtime.JaspiRuntime;
88328f1b6dc66803c905a3fb857e04d97facc3d2wroweimport org.forgerock.json.resource.servlet.SecurityContextFactory;
88328f1b6dc66803c905a3fb857e04d97facc3d2wroweimport org.forgerock.openam.jaspi.config.RestJaspiRuntimeConfigurationFactory;
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe
88328f1b6dc66803c905a3fb857e04d97facc3d2wroweimport javax.servlet.Filter;
88328f1b6dc66803c905a3fb857e04d97facc3d2wroweimport javax.servlet.FilterChain;
88328f1b6dc66803c905a3fb857e04d97facc3d2wroweimport javax.servlet.FilterConfig;
88328f1b6dc66803c905a3fb857e04d97facc3d2wroweimport javax.servlet.ServletException;
88328f1b6dc66803c905a3fb857e04d97facc3d2wroweimport javax.servlet.ServletRequest;
88328f1b6dc66803c905a3fb857e04d97facc3d2wroweimport javax.servlet.ServletResponse;
88328f1b6dc66803c905a3fb857e04d97facc3d2wroweimport javax.servlet.http.HttpServletRequest;
88328f1b6dc66803c905a3fb857e04d97facc3d2wroweimport javax.servlet.http.HttpServletResponse;
88328f1b6dc66803c905a3fb857e04d97facc3d2wroweimport java.io.IOException;
88328f1b6dc66803c905a3fb857e04d97facc3d2wroweimport java.util.Map;
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe/**
72664754b0b490b91f9debd16ecb172fb9475721rpluem * Maps the Commons AuthN Filter security parameters to CREST security parameters.
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe *
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * {@link SecurityContextFactory}
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe */
a05afc9e8144b978275e5fadf356717de6f93039jailletcpublic class RestSecurityContextMapper implements Filter {
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe
5bfaaf573bacb45c1cf290ce85ecc676587e8a64jim private static final Debug DEBUG = Debug.getInstance(RestJaspiRuntimeConfigurationFactory.LOG_NAME);
5bfaaf573bacb45c1cf290ce85ecc676587e8a64jim
a05afc9e8144b978275e5fadf356717de6f93039jailletc /**
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * Does nothing.
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe *
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * {@inheritDoc}
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe */
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe public void init(FilterConfig filterConfig) throws ServletException {
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe }
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe /**
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * Converts the Commons AuthN Filter "org.forgerock.authentication.principal" and
a221184be5b40f8349982d94cda02b98068ce0d8minfrin * "org.forgerock.authentication.context" request header and attribute into the expected CREST
a221184be5b40f8349982d94cda02b98068ce0d8minfrin * "org.forgerock.security.authcid" and "org.forgerock.security.authzid" request attributes.
a05afc9e8144b978275e5fadf356717de6f93039jailletc *
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * These two CREST request attributes will be picked up by the CREST framework and create a SecurityContext
a05afc9e8144b978275e5fadf356717de6f93039jailletc * with these two values, which can then be accessed by CREST resources.
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe *
49fd87ed00b95bdd7a4cfc874e5c5fe4a04faf5aminfrin * @param servletRequest {@inheritDoc}
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * @param servletResponse {@inheritDoc}
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * @param filterChain {@inheritDoc}
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * @throws IOException {@inheritDoc}
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * @throws ServletException {@inheritDoc}
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe */
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe throws IOException, ServletException {
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe if ((!HttpServletRequest.class.isAssignableFrom(servletRequest.getClass())
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe || !HttpServletResponse.class.isAssignableFrom(servletResponse.getClass()))) {
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe DEBUG.error("Unsupported protocol");
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe throw new ServletException("Unsupported protocol");
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe }
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe HttpServletRequest request = (HttpServletRequest) servletRequest;
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe Object principal = request.getAttribute(JaspiRuntime.ATTRIBUTE_AUTH_PRINCIPAL);
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe String authcid;
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe if (principal == null) {
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe authcid = null;
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe } else {
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe authcid = principal.toString();
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe }
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe Map<String, Object> authzid = (Map<String, Object>) request.getAttribute(JaspiRuntime.ATTRIBUTE_AUTH_CONTEXT);
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe request.setAttribute(SecurityContextFactory.ATTRIBUTE_AUTHCID, authcid);
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe request.setAttribute(SecurityContextFactory.ATTRIBUTE_AUTHZID, authzid);
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe filterChain.doFilter(request, servletResponse);
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe }
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe /**
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * Does nothing.
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe *
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe * {@inheritDoc}
05a5d2147e0dadae69d00691f814049dc9999efdsf */
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe public void destroy() {
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe }
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe}
88328f1b6dc66803c905a3fb857e04d97facc3d2wrowe