2 * ============LICENSE_START=======================================================
3 * ONAP : ccsdk features
4 * ================================================================================
5 * Copyright (C) 2020 highstreet technologies GmbH Intellectual Property.
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
22 package org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters;
24 import java.util.Arrays;
25 import javax.servlet.ServletRequest;
26 import javax.servlet.ServletResponse;
27 import org.apache.shiro.subject.Subject;
28 import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;
29 import org.slf4j.Logger;
30 import org.slf4j.LoggerFactory;
34 * Requires the requesting user to be {@link org.apache.shiro.subject.Subject#isAuthenticated() authenticated} for the
35 * request to continue, and if they're not, requires the user to login via the HTTP Bearer protocol-specific challenge.
36 * Upon successful login, they're allowed to continue on to the requested resource/url.
38 * The {@link #onAccessDenied(ServletRequest, ServletResponse)} method will only be called if the subject making the
39 * request is not {@link org.apache.shiro.subject.Subject#isAuthenticated() authenticated}
41 * @see <a href="https://tools.ietf.org/html/rfc2617">RFC 2617</a>
42 * @see <a href="https://tools.ietf.org/html/rfc6750#section-2.1">OAuth2 Authorization Request Header Field</a>
46 public class AnyRoleHttpAuthenticationFilter extends RolesAuthorizationFilter {
49 * This class's private logger.
51 private static final Logger LOG = LoggerFactory.getLogger(AnyRoleHttpAuthenticationFilter.class);
54 public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
55 final Subject subject = getSubject(request, response);
56 final String[] rolesArray = (String[]) mappedValue;
57 LOG.debug("isAccessAllowed {}", Arrays.asList(rolesArray));
59 if (rolesArray == null || rolesArray.length == 0) {
60 //no roles specified, so nothing to check - allow access.
61 LOG.debug("no role specified: access allowed");
65 for (String roleName : rolesArray) {
66 LOG.debug("checking role {}", roleName);
67 if (subject.hasRole(roleName)) {
68 LOG.debug("role matched to {}: access allowed", roleName);
72 LOG.debug("no role matched: access denied");