* @author Instrumental(Jonathan)
*/
public class CadiApiEnforcementFilter implements Filter {
- private String type;
- private Map<String,List<String>> publicPaths;
- private Access access;
-
-
- public CadiApiEnforcementFilter(Access access, String enforce) throws ServletException {
- this.access = access;
- init(enforce);
- }
+ private String type;
+ private Map<String,List<String>> publicPaths;
+ private Access access;
+
+
+ public CadiApiEnforcementFilter(Access access, String enforce) throws ServletException {
+ this.access = access;
+ init(enforce);
+ }
- @Override
- public void init(FilterConfig fc) throws ServletException {
- init(fc.getInitParameter(Config.CADI_API_ENFORCEMENT));
+ @Override
+ public void init(FilterConfig fc) throws ServletException {
+ init(fc.getInitParameter(Config.CADI_API_ENFORCEMENT));
// need the Context for Logging, instantiating ClassLoader, etc
ServletContextAccess sca=new ServletContextAccess(fc);
if (access==null) {
access = sca;
}
- }
-
- private void init(final String ptypes) throws ServletException {
- if(ptypes==null) {
- throw new ServletException("CadiApiEnforcement requires " + Config.CADI_API_ENFORCEMENT + " property");
- }
- String[] full = Split.splitTrim(';', ptypes);
- if(full.length==0) {
- throw new ServletException(Config.CADI_API_ENFORCEMENT + " property is empty");
- }
- if(full.length>0) {
- type=full[0];
- }
- publicPaths = new TreeMap<String,List<String>>();
- if(full.length>1) {
- for(int i=1;i<full.length;++i) {
- String pubArray[] = Split.split(':', full[i]);
- if(pubArray.length==2) {
- List<String> ls = publicPaths.get(pubArray[0]);
- if(ls==null) {
- ls = new ArrayList<String>();
- publicPaths.put(pubArray[0], ls);
- }
- ls.add(pubArray[1]);
- }
- }
- }
- }
+ }
+
+ private void init(final String ptypes) throws ServletException {
+ if(ptypes==null) {
+ throw new ServletException("CadiApiEnforcement requires " + Config.CADI_API_ENFORCEMENT + " property");
+ }
+ String[] full = Split.splitTrim(';', ptypes);
+ if(full.length==0) {
+ throw new ServletException(Config.CADI_API_ENFORCEMENT + " property is empty");
+ }
+ if(full.length>0) {
+ type=full[0];
+ }
+ publicPaths = new TreeMap<String,List<String>>();
+ if(full.length>1) {
+ for(int i=1;i<full.length;++i) {
+ String pubArray[] = Split.split(':', full[i]);
+ if(pubArray.length==2) {
+ List<String> ls = publicPaths.get(pubArray[0]);
+ if(ls==null) {
+ ls = new ArrayList<String>();
+ publicPaths.put(pubArray[0], ls);
+ }
+ ls.add(pubArray[1]);
+ }
+ }
+ }
+ }
- @Override
- public void doFilter(ServletRequest req, ServletResponse resp, FilterChain fc) throws IOException, ServletException {
- HttpServletRequest hreq = (HttpServletRequest)req;
- final String meth = hreq.getMethod();
- String path = hreq.getContextPath()+hreq.getPathInfo();
-
- if(path == null || path.isEmpty() || "null".equals(path))
- path = hreq.getRequestURI().substring(hreq.getContextPath().length());
-
- List<String> list = publicPaths.get(meth);
- if(list!=null) {
- for( String p : publicPaths.get(meth)) {
- if(path.startsWith(p)) {
- access.printf(Level.INFO, "%s accessed public API %s %s\n",
- hreq.getUserPrincipal().getName(),
- meth,
- path);
- fc.doFilter(req, resp);
- return;
- }
- }
- }
- if(hreq.isUserInRole(type + '|'+path+'|'+meth)) {
- access.printf(Level.INFO, "%s is allowed access to %s %s\n",
- hreq.getUserPrincipal().getName(),
- meth,
- path);
- fc.doFilter(req, resp);
- } else {
- access.printf(Level.AUDIT, "%s is denied access to %s %s\n",
- hreq.getUserPrincipal().getName(),
- meth,
- path);
- }
- }
+ @Override
+ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain fc) throws IOException, ServletException {
+ HttpServletRequest hreq = (HttpServletRequest)req;
+ final String meth = hreq.getMethod();
+ String path = hreq.getContextPath()+hreq.getPathInfo();
+
+ if(path == null || path.isEmpty() || "null".equals(path))
+ path = hreq.getRequestURI().substring(hreq.getContextPath().length());
+
+ List<String> list = publicPaths.get(meth);
+ if(list!=null) {
+ for( String p : publicPaths.get(meth)) {
+ if(path.startsWith(p)) {
+ access.printf(Level.INFO, "%s accessed public API %s %s\n",
+ hreq.getUserPrincipal().getName(),
+ meth,
+ path);
+ fc.doFilter(req, resp);
+ return;
+ }
+ }
+ }
+ if(hreq.isUserInRole(type + '|'+path+'|'+meth)) {
+ access.printf(Level.INFO, "%s is allowed access to %s %s\n",
+ hreq.getUserPrincipal().getName(),
+ meth,
+ path);
+ fc.doFilter(req, resp);
+ } else {
+ access.printf(Level.AUDIT, "%s is denied access to %s %s\n",
+ hreq.getUserPrincipal().getName(),
+ meth,
+ path);
+ }
+ }
- @Override
- public void destroy() {
- }
+ @Override
+ public void destroy() {
+ }
}
Code Review / aaf / authz.git / blobdiff