1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * Copyright © 2017 Amdocs
\r
7 * * ===========================================================================
\r
8 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
9 * * you may not use this file except in compliance with the License.
\r
10 * * You may obtain a copy of the License at
\r
12 * * http://www.apache.org/licenses/LICENSE-2.0
\r
14 * * Unless required by applicable law or agreed to in writing, software
\r
15 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
16 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
17 * * See the License for the specific language governing permissions and
\r
18 * * limitations under the License.
\r
19 * * ============LICENSE_END====================================================
\r
21 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
23 ******************************************************************************/
\r
24 package com.att.cssa.rserv;
\r
26 import java.io.IOException;
\r
27 import java.security.Principal;
\r
29 import javax.servlet.Filter;
\r
30 import javax.servlet.FilterChain;
\r
31 import javax.servlet.FilterConfig;
\r
32 import javax.servlet.ServletException;
\r
33 import javax.servlet.ServletRequest;
\r
34 import javax.servlet.ServletResponse;
\r
35 import javax.servlet.http.HttpServletRequest;
\r
36 import javax.servlet.http.HttpServletResponse;
\r
38 import com.att.cadi.Access;
\r
39 import com.att.cadi.CadiException;
\r
40 import com.att.cadi.CadiWrap;
\r
41 import com.att.cadi.Connector;
\r
42 import com.att.cadi.Lur;
\r
43 import com.att.cadi.TrustChecker;
\r
44 import com.att.cadi.filter.CadiHTTPManip;
\r
45 import com.att.cadi.taf.TafResp;
\r
46 import com.att.cadi.taf.TafResp.RESP;
\r
47 import com.att.inno.env.Env;
\r
48 import com.att.inno.env.TimeTaken;
\r
49 import com.att.inno.env.TransStore;
\r
52 * Create a new Transaction Object for each and every incoming Transaction
\r
54 * Attach to Request. User "FilterHolder" mechanism to retain single instance.
\r
56 * TransFilter includes CADIFilter as part of the package, so that it can
\r
57 * set User Data, etc, as necessary.
\r
61 public abstract class TransFilter<TRANS extends TransStore> implements Filter {
\r
62 public static final String TRANS_TAG = "__TRANS__";
\r
64 private CadiHTTPManip cadi;
\r
66 public TransFilter(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException {
\r
67 cadi = new CadiHTTPManip(access, con, tc, additionalTafLurs);
\r
71 public void init(FilterConfig filterConfig) throws ServletException {
\r
74 protected Lur getLur() {
\r
75 return cadi.getLur();
\r
78 protected abstract TRANS newTrans();
\r
79 protected abstract TimeTaken start(TRANS trans, ServletRequest request);
\r
80 protected abstract void authenticated(TRANS trans, Principal p);
\r
81 protected abstract void tallyHo(TRANS trans);
\r
84 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
\r
85 TRANS trans = newTrans();
\r
87 TimeTaken overall = start(trans,request);
\r
89 request.setAttribute(TRANS_TAG, trans);
\r
91 HttpServletRequest req = (HttpServletRequest)request;
\r
92 HttpServletResponse res = (HttpServletResponse)response;
\r
94 TimeTaken security = trans.start("CADI Security", Env.SUB);
\r
95 // TimeTaken ttvalid;
\r
100 resp = cadi.validate(req,res);
\r
101 switch(r=resp.isAuthenticated()) {
\r
102 case IS_AUTHENTICATED:
\r
103 cw = new CadiWrap(req,resp,cadi.getLur());
\r
104 authenticated(trans, cw.getUserPrincipal());
\r
113 if(r==RESP.IS_AUTHENTICATED) {
\r
114 trans.checkpoint(resp.desc());
\r
115 chain.doFilter(cw, response);
\r
117 //TODO this is a good place to check if too many checks recently
\r
118 // Would need Cached Counter objects that are cleaned up on
\r
120 trans.checkpoint(resp.desc(),Env.ALWAYS);
\r
121 if(resp.isFailedAttempt())
\r
122 trans.audit().log(resp.desc());
\r
124 } catch(Exception e) {
\r
125 trans.error().log(e);
\r
126 trans.checkpoint("Error: " + e.getClass().getSimpleName() + ": " + e.getMessage());
\r
127 throw new ServletException(e);
\r
135 public void destroy() {
\r