001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2014-2015 ForgeRock AS.
015 */
016
017package org.forgerock.openig.filter.oauth2;
018
019import static java.lang.Boolean.TRUE;
020import static org.forgerock.openig.el.Bindings.bindings;
021import static org.forgerock.util.promise.Promises.newResultPromise;
022
023import org.forgerock.http.Filter;
024import org.forgerock.http.Handler;
025import org.forgerock.http.protocol.Request;
026import org.forgerock.http.protocol.Response;
027import org.forgerock.openig.el.Bindings;
028import org.forgerock.openig.el.Expression;
029import org.forgerock.openig.http.Responses;
030import org.forgerock.services.context.Context;
031import org.forgerock.util.promise.NeverThrowsException;
032import org.forgerock.util.promise.Promise;
033
034/**
035 * A {@link EnforcerFilter} makes sure that the handled {@link Request} verifies a condition.
036 * If the condition is not verified, it simply returns a {@literal 500} internal server error response
037 * (that actually stops the chain execution).
038 */
039public class EnforcerFilter implements Filter {
040
041    private final Expression<Boolean> enforcement;
042    private final Filter delegate;
043
044    /**
045     * Creates a new {@link EnforcerFilter} delegating to the given {@link Filter} if the enforcement expression yields
046     * {@literal true}.
047     *
048     * @param enforcement
049     *         {@link Expression} that needs to evaluates to {@literal true} for the delegating Filter to be executed.
050     * @param delegate
051     *         Filter instance to delegate to.
052     */
053    public EnforcerFilter(final Expression<Boolean> enforcement, final Filter delegate) {
054        this.enforcement = enforcement;
055        this.delegate = delegate;
056    }
057
058    @Override
059    public Promise<Response, NeverThrowsException> filter(final Context context,
060                                                          final Request request,
061                                                          final Handler next) {
062        if (!isConditionVerified(bindings(context, request))) {
063            return newResultPromise(Responses.newInternalServerError(
064                    "Cannot satisfy the enforcement expression"));
065        }
066        return delegate.filter(context, request, next);
067    }
068
069    private boolean isConditionVerified(final Bindings bindings) {
070        return TRUE.equals(enforcement.eval(bindings));
071    }
072}