core/src/main/java/com/att/cadi/filter/AUTHZServlet.java

   1 /*******************************************************************************\r
   2  * ============LICENSE_START====================================================\r
   3  * * org.onap.aai\r
   4  * * ===========================================================================\r
   5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
   6  * * Copyright © 2017 Amdocs\r
   7  * * ===========================================================================\r
   8  * * Licensed under the Apache License, Version 2.0 (the "License");\r
   9  * * you may not use this file except in compliance with the License.\r
  10  * * You may obtain a copy of the License at\r
  11  * * \r
  12  *  *      http://www.apache.org/licenses/LICENSE-2.0\r
  13  * * \r
  14  *  * Unless required by applicable law or agreed to in writing, software\r
  15  * * distributed under the License is distributed on an "AS IS" BASIS,\r
  16  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
  17  * * See the License for the specific language governing permissions and\r
  18  * * limitations under the License.\r
  19  * * ============LICENSE_END====================================================\r
  20  * *\r
  21  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
  22  * *\r
  23  ******************************************************************************/\r
  24 package com.att.cadi.filter;\r
  25 \r
  26 import java.io.IOException;\r
  27 \r
  28 import javax.servlet.Servlet;\r
  29 import javax.servlet.ServletConfig;\r
  30 import javax.servlet.ServletException;\r
  31 import javax.servlet.ServletRequest;\r
  32 import javax.servlet.ServletResponse;\r
  33 import javax.servlet.http.HttpServletRequest;\r
  34 import javax.servlet.http.HttpServletResponse;\r
  35 \r
  36 /**\r
  37  * \r
  38  *\r
  39  */\r
  40 public class AUTHZServlet<S extends Servlet> implements Servlet {\r
  41         private String[] roles;\r
  42         private Servlet delegate;\r
  43 \r
  44         protected AUTHZServlet(Class<S> cls) {\r
  45                 try {\r
  46                         delegate = cls.newInstance();\r
  47                 } catch (Exception e) {\r
  48                         delegate = null;\r
  49                 }\r
  50                 RolesAllowed rolesAllowed = cls.getAnnotation(RolesAllowed.class);\r
  51                 if(rolesAllowed == null) {\r
  52                         roles = null;\r
  53                 } else {\r
  54                         roles = rolesAllowed.value();\r
  55                 }\r
  56         }\r
  57         \r
  58         public void init(ServletConfig sc) throws ServletException {\r
  59                 if(delegate == null) throw new ServletException("Invalid Servlet Delegate");\r
  60                 delegate.init(sc);\r
  61         }\r
  62         \r
  63         public ServletConfig getServletConfig() {\r
  64                 return delegate.getServletConfig();\r
  65         }\r
  66 \r
  67         public String getServletInfo() {\r
  68                 return delegate.getServletInfo();\r
  69         }\r
  70 \r
  71         public void service(ServletRequest req, ServletResponse resp) throws ServletException, IOException {\r
  72                 if(roles==null) {\r
  73                         delegate.service(req,resp);\r
  74                 } else { // Validate\r
  75                         try {\r
  76                                 HttpServletRequest hreq = (HttpServletRequest)req;\r
  77                                 boolean proceed = false;\r
  78                                 for(String role : roles) {\r
  79                                         if(hreq.isUserInRole(role)) {\r
  80                                                 proceed = true;\r
  81                                                 break;\r
  82                                         }\r
  83                                 }\r
  84                                 if(proceed) {\r
  85                                         delegate.service(req,resp);\r
  86                                 } else {\r
  87                                         //baseRequest.getServletContext().log(hreq.getUserPrincipal().getName()+" Refused " + roles);\r
  88                                         ((HttpServletResponse)resp).sendError(403); // forbidden\r
  89                                 }\r
  90                         } catch(ClassCastException e) {\r
  91                                 throw new ServletException("JASPIServlet only supports HTTPServletRequest/HttpServletResponse");\r
  92                         }\r
  93                 }\r
  94         }\r
  95 \r
  96         public void destroy() {\r
  97                 delegate.destroy();\r
  98         }\r
  99 \r
 100 \r
 101 }\r