/******************************************************************************* * Copyright (c) 2017-2019 DocDoku. * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html * * Contributors: * DocDoku - initial API and implementation *******************************************************************************/ package org.polarsys.eplmp.server.auth.modules; import org.polarsys.eplmp.core.security.UserGroupMapping; import org.polarsys.eplmp.server.auth.AuthServices; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.message.AuthException; import javax.security.auth.message.AuthStatus; import javax.security.auth.message.MessageInfo; import javax.security.auth.message.callback.CallerPrincipalCallback; import javax.security.auth.message.callback.GroupPrincipalCallback; import javax.servlet.http.HttpServletRequest; import java.io.IOException; import java.util.logging.Level; import java.util.logging.Logger; /** * This class set the caller group to guest if the requested resource is public * * @author Morgan Guimard */ public class GuestSAM extends CustomSAM { private static final Logger LOGGER = Logger.getLogger(GuestSAM.class.getName()); public GuestSAM() { } @Override public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); LOGGER.log(Level.FINE, "Validating request @" + request.getMethod() + " " + request.getRequestURI()); CallerPrincipalCallback callerPrincipalCallback = new CallerPrincipalCallback(clientSubject, ""); GroupPrincipalCallback groupPrincipalCallback = new GroupPrincipalCallback(clientSubject, new String[]{UserGroupMapping.GUEST_ROLE_ID}); Callback[] callbacks = {callerPrincipalCallback, groupPrincipalCallback}; try { callbackHandler.handle(callbacks); } catch (IOException | UnsupportedCallbackException e) { throw new AuthException(e.getMessage()); } return AuthStatus.SUCCESS; } @Override public boolean canHandle(MessageInfo messageInfo) { HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage(); return AuthServices.isPublicRequestURI(request.getContextPath(), request.getRequestURI()); } }