/******************************************************************************* * ============LICENSE_START==================================================== * * org.onap.aaf * * =========================================================================== * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. * * =========================================================================== * * Licensed under the Apache License, Version 2.0 (the "License"); * * you may not use this file except in compliance with the License. * * You may obtain a copy of the License at * * * * http://www.apache.org/licenses/LICENSE-2.0 * * * * Unless required by applicable law or agreed to in writing, software * * distributed under the License is distributed on an "AS IS" BASIS, * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * * See the License for the specific language governing permissions and * * limitations under the License. * * ============LICENSE_END==================================================== * * * * ECOMP is a trademark and service mark of AT&T Intellectual Property. * * ******************************************************************************/ package com.att.cadi.filter; import java.io.IOException; import javax.servlet.Servlet; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * * */ public class AUTHZServlet implements Servlet { private String[] roles; private Servlet delegate; protected AUTHZServlet(Class cls) { try { delegate = cls.newInstance(); } catch (Exception e) { delegate = null; } RolesAllowed rolesAllowed = cls.getAnnotation(RolesAllowed.class); if(rolesAllowed == null) { roles = null; } else { roles = rolesAllowed.value(); } } public void init(ServletConfig sc) throws ServletException { if(delegate == null) throw new ServletException("Invalid Servlet Delegate"); delegate.init(sc); } public ServletConfig getServletConfig() { return delegate.getServletConfig(); } public String getServletInfo() { return delegate.getServletInfo(); } public void service(ServletRequest req, ServletResponse resp) throws ServletException, IOException { if(roles==null) { delegate.service(req,resp); } else { // Validate try { HttpServletRequest hreq = (HttpServletRequest)req; boolean proceed = false; for(String role : roles) { if(hreq.isUserInRole(role)) { proceed = true; break; } } if(proceed) { delegate.service(req,resp); } else { //baseRequest.getServletContext().log(hreq.getUserPrincipal().getName()+" Refused " + roles); ((HttpServletResponse)resp).sendError(403); // forbidden } } catch(ClassCastException e) { throw new ServletException("JASPIServlet only supports HTTPServletRequest/HttpServletResponse"); } } } public void destroy() { delegate.destroy(); } }