* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
/**
* CadiFilter
- *
+ *
* This class implements Servlet Filter, and ties together CADI implementations
- *
+ *
* This class can be used in a standard J2EE Servlet manner. Optimal usage is for POJO operations, where
- * one can enforce this Filter being first and primary. Depending on the Container, it
- * may be more effective, in some cases, to utilize features that allow earlier determination of
+ * one can enforce this Filter being first and primary. Depending on the Container, it
+ * may be more effective, in some cases, to utilize features that allow earlier determination of
* AUTHN (Authorization). An example would be "Tomcat Valve". These implementations, however, should
* be modeled after the "init" and "doFilter" functions, and be kept up to date as this class changes.
- *
- *
+ *
+ *
* @author Jonathan
*
*/
private Object[] additionalTafLurs;
private SideChain sideChain;
private static int count=0;
-
+
public Lur getLur() {
return httpChecker.getLur();
}
-
+
/**
* Construct a viable Filter
- *
- * Due to the vagaries of many containers, there is a tendency to create Objects and call "Init" on
+ *
+ * Due to the vagaries of many containers, there is a tendency to create Objects and call "Init" on
* them at a later time. Therefore, this object creates with an object that denies all access
* until appropriate Init happens, just in case the container lets something slip by in the meantime.
- *
+ *
*/
public CadiFilter() {
additionalTafLurs = CadiHTTPManip.noAdditional;
/**
* This constructor to be used when directly constructing and placing in HTTP Engine
- *
+ *
* @param access
* @param moreTafLurs
- * @throws ServletException
+ * @throws ServletException
*/
public CadiFilter(Access access, Object ... moreTafLurs) throws ServletException {
additionalTafLurs = moreTafLurs;
/**
* Init
- *
+ *
* Standard Filter "init" call with FilterConfig to obtain properties. POJOs can construct a
* FilterConfig with the mechanism of their choice, and standard J2EE Servlet engines utilize this
* mechanism already.
//TODO Always validate changes against Tomcat AbsCadiValve and Jaspi CadiSAM Init functions
public void init(FilterConfig filterConfig) throws ServletException {
// need the Context for Logging, instantiating ClassLoader, etc
- ServletContextAccess sca=new ServletContextAccess(filterConfig);
+ ServletContextAccess sca=new ServletContextAccess(filterConfig);
if (access==null) {
access = sca;
}
-
+
// Set Protected getter with base Access, for internal class instantiations
init(new FCGet(access, sca.context(), filterConfig));
}
-
+
@SuppressWarnings("unchecked")
protected void init(Get getter) throws ServletException {
} catch (Exception e) {
access.log(Level.INIT, "AAFTrustChecker cannot be loaded",e.getMessage());
}
-
+
try {
Class<Filter> cf=null;
try {
access.log(Level.INIT, "AAFTrustChecker cannot be loaded",e.getMessage());
}
-
+
// Synchronize, because some instantiations call init several times on the same object
// In this case, the epiTaf will be changed to a non-NullTaf, and thus not instantiate twice.
synchronized(CadiHTTPManip.noAdditional /*will always remain same Object*/) {
pathExceptions = str.split("\\s*:\\s*");
}
}
-
- /*
+
+ /*
* SETUP Permission Converters... those that can take Strings from a Vendor Product, and convert to appropriate AAF Permissions
*/
if (mapPairs==null) {
}
// Add API Enforcement Point
- String enforce = getter.get(Config.CADI_API_ENFORCEMENT, null, true);
+ String enforce = getter.get(Config.CADI_API_ENFORCEMENT, null, true);
if(enforce!=null && enforce.length()>0) {
sideChain.add(new CadiApiEnforcementFilter(access,enforce));
}
}
/**
- * Containers call "destroy" when time to cleanup
+ * Containers call "destroy" when time to cleanup
*/
public void destroy() {
// Synchronize, in case multiCadiFilters are used.
/**
* doFilter
- *
+ *
* This is the standard J2EE invocation. Analyze the request, modify response as necessary, and
* only call the next item in the filterChain if request is suitably Authenticated.
*/
}
- /**
+ /**
* If PathExceptions exist, report if these should not have Authn applied.
* @param hreq
* @return
}
return false;
}
-
+
/**
* Get Converter by Path
*/
}
return NullPermConverter.singleton();
}
-
+
/**
* store PermConverters by Path prefix
* @author Jonathan
Code Review / aaf / authz.git / blobdiff