/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* https://opensso.dev.java.net/public/CDDLv1.0.html or
* opensso/legal/CDDLv1.0.txt
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: RestServiceManager.java,v 1.1 2009/11/12 18:37:35 veiming Exp $
*
* Portions Copyright 2015 ForgeRock AS.
*/
package com.sun.identity.rest;
import javax.security.auth.Subject;
import javax.servlet.FilterConfig;
import javax.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.Map;
import java.util.ServiceLoader;
import java.util.StringTokenizer;
import com.sun.identity.rest.spi.IAuthentication;
import com.sun.identity.rest.spi.IAuthorization;
import com.sun.identity.shared.debug.Debug;
/**
*
* @author dennis
*/
public class RestServiceManager {
private static RestServiceManager serviceManager = new RestServiceManager();
static final Debug DEBUG = Debug.getInstance("Entitlement");
// TOFIX: make DEFAULT_AUTHN_SCHEME configurable
public static final String DEFAULT_AUTHN_SCHEME = "sstoken";
public static final String SUBJECT_HEADER_NAME = "X-Query-Parameters";
public static final String HASHED_SUBJECT_QUERY = "subject";
public static final String SSOTOKEN_SUBJECT_PREFIX = "ssotoken";
public static final String SUBJECT_DELIMITER = ":";
public static final String DISABLE_HASHED_SUBJECT_CHECK =
"rest.disable.hashed.subject.validation";
// TOFIX: make DEFAULT_AUTHZ_SCHEME configurable
public static final String DEFAULT_AUTHZ_SCHEME = SSOTOKEN_SUBJECT_PREFIX;
private Map<String, IAuthentication> authNServices = new
HashMap<String, IAuthentication>();
private Map<String, IAuthorization> authZServices = new
HashMap<String, IAuthorization>();
private RestServiceManager() {
}
public static RestServiceManager getInstance() {
return serviceManager;
}
public synchronized void destroy() {
for (IAuthentication auth : authNServices.values()) {
try {
auth.destroy();
} catch (Exception e) {
// catch all exception, so that all auth filters have
// the chance to shutdown.
DEBUG.error("AuthNFilter.destroy", e);
}
}
authNServices.clear();
for (IAuthorization auth : authZServices.values()) {
try {
auth.destroy();
} catch (Exception e) {
// catch all exception, so that all auth filters have
// the chance to shutdown.
DEBUG.error("AuthZFilter.destroy", e);
}
}
authZServices.clear();
}
public void initAuthN(FilterConfig config) {
ServiceLoader<IAuthentication> filters = ServiceLoader.load(
IAuthentication.class);
for (IAuthentication p : filters) {
try {
p.init(config);
String[] acceptMtd = p.accept();
for (int i = 0; i < acceptMtd.length; i++) {
authNServices.put(acceptMtd[i], p);
}
} catch (Exception e) {
// catch all exception, so that all auth filters have
// the chance to registered
DEBUG.error("ServiceManager.initAuthN", e);
}
}
}
public void initAuthZ(FilterConfig config) {
ServiceLoader<IAuthorization> filters = ServiceLoader.load(
IAuthorization.class);
for (IAuthorization p : filters) {
try {
p.init(config);
String[] acceptMtd = p.accept();
for (int i = 0; i < acceptMtd.length; i++) {
authZServices.put(acceptMtd[i], p);
}
} catch (Exception e) {
// catch all exception, so that all auth filters have
// the chance to registered
DEBUG.error("AuthZFilter.init", e);
}
}
}
public IAuthentication getAuthenticationFilter(HttpServletRequest req) {
String acceptAuth = req.getHeader("X-Accept-Authentication");
if (acceptAuth == null) {
return authNServices.get(DEFAULT_AUTHN_SCHEME);
}
StringTokenizer st = new StringTokenizer(acceptAuth, ",");
while (st.hasMoreTokens()) {
String mtd = st.nextToken();
IAuthentication auth = authNServices.get(mtd);
if (auth != null) {
return auth;
}
}
return null;
}
public IAuthorization getAuthorizationFilter(HttpServletRequest req) {
String subjectHeader = req.getHeader(SUBJECT_HEADER_NAME);
if (subjectHeader == null) {
return authZServices.get(DEFAULT_AUTHZ_SCHEME);
}
int idx = subjectHeader.indexOf(SUBJECT_DELIMITER);
if (idx == -1) {
return authZServices.get(DEFAULT_AUTHZ_SCHEME);
}
String schema = subjectHeader.substring(0, idx);
return authZServices.get(schema);
}
public Subject getAuthZSubject(HttpServletRequest request)
throws RestException {
IAuthorization authz = getAuthorizationFilter(request);
return authz.getAuthZSubject(request);
}
}