|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.mortbay.http.handler.AbstractHttpHandler nbi.xmlsec.PEPHandler
This class realises the functionality of the PEP handling each incoming Http
request received via Jetty. Jetty calls the method
handle(String, String, HttpRequest, HttpResponse)
.
This method filters each incoming request and the resulting response from the
PyWrapper calling the methods
filterRequest(HttpRequest, Set, HttpResponse)
and
filterResponse(HttpURLConnection, HttpResponse, Set)
.
Field Summary | |
private X509Certificate |
cert
|
private Configuration |
config
The configuration. |
private String |
domain
The working domain for this PEP. |
private URI |
host
The host to redirect permitted requests to. |
private KeyStore |
keystore
|
(package private) static Logger |
logger
|
private RBACPDP |
pdp
The RBACPDP to evaluate the access control policies for a given role set. |
private PrivateKey |
privKey
|
(package private) Request |
request
BioCASE request to be filtered |
private RoleEnablementAuthority |
roleEnableAuth
The RoleEnablementAuthority to evaluate roles for a given subject. |
(package private) int |
status
Status of the filter |
(package private) static int |
STATUS_REQUEST_ERROR
Status Request denied |
(package private) static int |
STATUS_REQUEST_NONE
Initial status |
(package private) static int |
STATUS_REQUEST_OK
Status Request permitted |
(package private) static int |
STATUS_RESPONSE_ERROR
Status Response processing error |
(package private) static int |
STATUS_RESPONSE_OK
Status Response processed |
(package private) static String |
version
|
private URI |
wrapper
The PyWrapperURI to redirect BioCASE requests to.. |
Fields inherited from class org.mortbay.http.handler.AbstractHttpHandler |
|
Constructor Summary | |
PEPHandler()
|
|
PEPHandler(Configuration config)
Creates a PEPHandler based on its configuration. |
Method Summary | |
private String |
addQueryParameter(String query,
String paramLabel,
String paramValue)
Add a parameter to the given query request. |
private void |
addRoleQuery(Set roleIds,
URI uri)
|
private void |
addURLQuery(URI uri)
Add the wrapper-URL to the url-header parameter for a Http-GET request. |
private String |
buildHostURL(String urlRequest,
String urlHost)
Builds the wrapperURL to be set in the provider's interface. |
private String |
buildWrapperURL(String urlRequest,
String urlWrapper)
Builds the wrapperURL to be set in the provider's interface. |
private HttpResponse |
createErrorResponse(HttpResponse httpResponse,
Request request,
String errMess)
Creates an BioCASE error response. |
private List |
createReferences(ResponseFilter responseFilter,
XMLSignatureFactory fac)
|
private Reference |
createXPathReference(String xpath,
XMLSignatureFactory fac)
|
private int |
filterRequest(HttpRequest httpRequest,
Set roleIds,
HttpResponse httpResponse)
Filters the incoming request filtering any BioCASE request using the RBACPDP and rejecting all denied request. |
private int |
filterResponse(HttpURLConnection httpConnection,
HttpResponse httpResponse,
Set roleIds)
Filters the only responses corresponding to redirected requests and filtering any BioCASE responses using the RBACPDP eliminating all XML elements from the received document denied by the RBACPDP. |
(package private) static X509Certificate |
getClientCertificate(HttpRequest request,
String parameter)
Retrieves the client's certificate from a HttpRequest parameter. |
(package private) static X509Certificate |
getClientCertificate(SSLSocket socket)
Retrieves the client's certificate from a SSL ServerSocket. |
private String |
getQueryParameterValue(String query,
String paramLabel)
Get the value of a parameter from the current query request. |
private Set |
getRoles(HttpRequest request)
Retrieve the enabled roles from the REA for a given Http-request. |
void |
handle(String pathInContext,
String pathParams,
HttpRequest request,
HttpResponse response)
The handlers main function called from Jetty. |
private Set |
handleRoleParameter(Set roleIds,
HttpRequest httpRequest)
Reads the role parameter from the PyWrapper query, only if the requesting role is set to guest. |
private void |
handleWrapperURLParameter(HttpRequest httpRequest)
Redefines the wrapper_url parameter of a Http-Request to the wrapperURL build using the method buildWrapperURL(String, String) . |
private HttpURLConnection |
openHostConnection(HttpRequest request,
Set roleIds)
Opens an Http-connection to the provider's interface host and adds the client roles to the given Http-request and redirects the request to the provider's interface host. |
private void |
signResponse(ByteArrayInputStream contentIn,
OutputStream contentOut,
ResponseFilter responseFilter)
|
Methods inherited from class org.mortbay.http.handler.AbstractHttpHandler |
getHttpContext, getName, handleTrace, initialize, isStarted, setName, start, stop, toString |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
static Logger logger
static final int STATUS_REQUEST_NONE
static final int STATUS_REQUEST_OK
static final int STATUS_REQUEST_ERROR
static final int STATUS_RESPONSE_OK
static final int STATUS_RESPONSE_ERROR
private Configuration config
private KeyStore keystore
private PrivateKey privKey
private X509Certificate cert
private RoleEnablementAuthority roleEnableAuth
private RBACPDP pdp
private String domain
private URI host
private URI wrapper
int status
Request request
static final String version
Constructor Detail |
public PEPHandler()
public PEPHandler(Configuration config) throws ClassNotFoundException, NoSuchMethodException, InvocationTargetException, InstantiationException, IllegalAccessException
config
- The configuration.
ClassNotFoundException
NoSuchMethodException
InvocationTargetException
InstantiationException
IllegalAccessException
Method Detail |
static X509Certificate getClientCertificate(SSLSocket socket) throws SSLPeerUnverifiedException
socket
- The SSL server socket
null
.
SSLPeerUnverifiedException
static X509Certificate getClientCertificate(HttpRequest request, String parameter) throws CertificateException
request
- The Http request.parameter
- The Http request parameter name of the client certificate.
null
.
NullPointerException
- if parameter could not be retrieved from the request.
CertificateException
private Set getRoles(HttpRequest request)
request
- The received Http request
private HttpURLConnection openHostConnection(HttpRequest request, Set roleIds) throws IOException, ParsingException, URISyntaxException
request
- The received Http-RequestroleIds
- The roles to add to the Http-Request as parameters
IOException
ParsingException
URISyntaxException
private String buildWrapperURL(String urlRequest, String urlWrapper)
urlRequest
- The URL of the current Request.urlWrapper
- The URL of the PyWrapper.
null
.private String buildHostURL(String urlRequest, String urlHost)
urlRequest
- The URL of the current Request.urlHost
- The URL of the provider's interface host.
null
.private void handleWrapperURLParameter(HttpRequest httpRequest) throws MalformedURLException
buildWrapperURL(String, String)
.
httpRequest
- The request to modify.
MalformedURLException
private String getQueryParameterValue(String query, String paramLabel)
query
- The query.paramLabel
- The parameter to search for.
null
.private String addQueryParameter(String query, String paramLabel, String paramValue)
query
- The query of the current request.paramLabel
- The label of the parameter to add.paramValue
- The value of the parameter to add.
null
.private void addRoleQuery(Set roleIds, URI uri) throws ParsingException, URISyntaxException
ParsingException
URISyntaxException
private void addURLQuery(URI uri) throws ParsingException, URISyntaxException
uri
- The URI to build the wrapper url.
ParsingException
URISyntaxException
private Set handleRoleParameter(Set roleIds, HttpRequest httpRequest) throws ParsingException, URISyntaxException
roleIds
- The set of roles.httpRequest
- The request to inspect.
ParsingException
URISyntaxException
private int filterRequest(HttpRequest httpRequest, Set roleIds, HttpResponse httpResponse) throws ParserConfigurationException, SAXException, UnsupportedEncodingException, IOException
httpRequest
- The request to filter.roleIds
- The enabled role Id's for this request.httpResponse
- The Http Resopnse
ParserConfigurationException
SAXException
UnsupportedEncodingException
IOException
private int filterResponse(HttpURLConnection httpConnection, HttpResponse httpResponse, Set roleIds) throws ParserConfigurationException, SAXException, UnsupportedEncodingException, IOException
httpConnection
- The connection to the PyWrapperhttpResponse
- The Http-response receivedroleIds
- The roles enabled for this client request/response.
ParserConfigurationException
SAXException
UnsupportedEncodingException
IOException
private List createReferences(ResponseFilter responseFilter, XMLSignatureFactory fac) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException
NoSuchAlgorithmException
InvalidAlgorithmParameterException
private Reference createXPathReference(String xpath, XMLSignatureFactory fac) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException
NoSuchAlgorithmException
InvalidAlgorithmParameterException
private void signResponse(ByteArrayInputStream contentIn, OutputStream contentOut, ResponseFilter responseFilter) throws Exception
Exception
private HttpResponse createErrorResponse(HttpResponse httpResponse, Request request, String errMess) throws IOException
httpResponse
- The Http-response to be filled with the error messagerequest
- The BioCASE-requesterrMess
- The error message to be included in the Diagnostics of the
response.
IOException
public void handle(String pathInContext, String pathParams, HttpRequest request, HttpResponse response) throws HttpException, IOException
HttpException
IOException
HttpHandler.handle(java.lang.String,
java.lang.String, org.mortbay.http.HttpRequest,
org.mortbay.http.HttpResponse)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |