+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.filter;\r
-\r
-import java.io.IOException;\r
-\r
-import javax.servlet.Servlet;\r
-import javax.servlet.ServletConfig;\r
-import javax.servlet.ServletException;\r
-import javax.servlet.ServletRequest;\r
-import javax.servlet.ServletResponse;\r
-import javax.servlet.http.HttpServletRequest;\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-/**\r
- * \r
- *\r
- */\r
-public class AUTHZServlet<S extends Servlet> implements Servlet {\r
- private String[] roles;\r
- private Servlet delegate;\r
-\r
- protected AUTHZServlet(Class<S> cls) {\r
- try {\r
- delegate = cls.newInstance();\r
- } catch (Exception e) {\r
- delegate = null;\r
- }\r
- RolesAllowed rolesAllowed = cls.getAnnotation(RolesAllowed.class);\r
- if(rolesAllowed == null) {\r
- roles = null;\r
- } else {\r
- roles = rolesAllowed.value();\r
- }\r
- }\r
- \r
- public void init(ServletConfig sc) throws ServletException {\r
- if(delegate == null) throw new ServletException("Invalid Servlet Delegate");\r
- delegate.init(sc);\r
- }\r
- \r
- public ServletConfig getServletConfig() {\r
- return delegate.getServletConfig();\r
- }\r
-\r
- public String getServletInfo() {\r
- return delegate.getServletInfo();\r
- }\r
-\r
- public void service(ServletRequest req, ServletResponse resp) throws ServletException, IOException {\r
- if(roles==null) {\r
- delegate.service(req,resp);\r
- } else { // Validate\r
- try {\r
- HttpServletRequest hreq = (HttpServletRequest)req;\r
- boolean proceed = false;\r
- for(String role : roles) {\r
- if(hreq.isUserInRole(role)) {\r
- proceed = true;\r
- break;\r
- }\r
- }\r
- if(proceed) {\r
- delegate.service(req,resp);\r
- } else {\r
- //baseRequest.getServletContext().log(hreq.getUserPrincipal().getName()+" Refused " + roles);\r
- ((HttpServletResponse)resp).sendError(403); // forbidden\r
- }\r
- } catch(ClassCastException e) {\r
- throw new ServletException("JASPIServlet only supports HTTPServletRequest/HttpServletResponse");\r
- }\r
- }\r
- }\r
-\r
- public void destroy() {\r
- delegate.destroy();\r
- }\r
-\r
-\r
-}\r
Code Review / aaf / cadi.git / blobdiff