import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.CadiWrap;
public TransFilter(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException, LocatorException {
cadi = new CadiHTTPManip(access, con, tc, additionalTafLurs);
String no = access.getProperty(Config.CADI_NOAUTHN, null);
- if(no!=null) {
+ if (no!=null) {
no_authn = Split.split(':', no);
} else {
no_authn=null;
return cadi.getLur();
}
- protected abstract TRANS newTrans(HttpServletRequest request);
- protected abstract TimeTaken start(TRANS trans, ServletRequest request);
+ protected abstract TRANS newTrans(HttpServletRequest request,HttpServletResponse response);
+ protected abstract TimeTaken start(TRANS trans);
protected abstract void authenticated(TRANS trans, Principal p);
- protected abstract void tallyHo(TRANS trans);
+ protected abstract void tallyHo(TRANS trans, String target);
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
- TRANS trans = newTrans(req);
+ TRANS trans = newTrans(req,res);
- TimeTaken overall = start(trans,request);
+ TimeTaken overall = start(trans);
+ String target = "n/a";
try {
request.setAttribute(TRANS_TAG, trans);
- if(no_authn!=null) {
- for(String prefix : no_authn) {
- if(req.getPathInfo().startsWith(prefix)) {
+ if (no_authn!=null) {
+ for (String prefix : no_authn) {
+ if (req.getPathInfo().startsWith(prefix)) {
chain.doFilter(request, response);
return;
}
CadiWrap cw = null;
try {
resp = cadi.validate(req,res,trans);
+ Object tag = req.getAttribute("CRED_TAG");
+ if(tag!=null) {
+ ((AuthzTrans)trans).setTag(tag.toString());
+ }
switch(r=resp.isAuthenticated()) {
case IS_AUTHENTICATED:
cw = new CadiWrap(req,resp,cadi.getLur());
security.done();
}
- if(r==RESP.IS_AUTHENTICATED) {
+ if (r==RESP.IS_AUTHENTICATED) {
trans.checkpoint(resp.desc());
- if(cadi.notCadi(cw, res)) {
+ if (cadi.notCadi(cw, res)) {
chain.doFilter(cw, response);
}
} else {
// Would need Cached Counter objects that are cleaned up on
// use
trans.checkpoint(resp.desc(),Env.ALWAYS);
- if(resp.isFailedAttempt())
- trans.audit().log(resp.desc());
+ if (resp.isFailedAttempt()) {
+ target = resp.getTarget();
+ }
}
- } catch(Exception e) {
+ } catch (Exception e) {
trans.error().log(e);
trans.checkpoint("Error: " + e.getClass().getSimpleName() + ": " + e.getMessage());
throw new ServletException(e);
} finally {
overall.done();
- tallyHo(trans);
+ tallyHo(trans,target);
}
}