001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2014-2015 ForgeRock AS. 015 */ 016 017package org.forgerock.openig.filter.oauth2; 018 019import static java.lang.Boolean.TRUE; 020import static org.forgerock.openig.el.Bindings.bindings; 021import static org.forgerock.util.promise.Promises.newResultPromise; 022 023import org.forgerock.http.Filter; 024import org.forgerock.http.Handler; 025import org.forgerock.http.protocol.Request; 026import org.forgerock.http.protocol.Response; 027import org.forgerock.openig.el.Bindings; 028import org.forgerock.openig.el.Expression; 029import org.forgerock.openig.http.Responses; 030import org.forgerock.services.context.Context; 031import org.forgerock.util.promise.NeverThrowsException; 032import org.forgerock.util.promise.Promise; 033 034/** 035 * A {@link EnforcerFilter} makes sure that the handled {@link Request} verifies a condition. 036 * If the condition is not verified, it simply returns a {@literal 500} internal server error response 037 * (that actually stops the chain execution). 038 */ 039public class EnforcerFilter implements Filter { 040 041 private final Expression<Boolean> enforcement; 042 private final Filter delegate; 043 044 /** 045 * Creates a new {@link EnforcerFilter} delegating to the given {@link Filter} if the enforcement expression yields 046 * {@literal true}. 047 * 048 * @param enforcement 049 * {@link Expression} that needs to evaluates to {@literal true} for the delegating Filter to be executed. 050 * @param delegate 051 * Filter instance to delegate to. 052 */ 053 public EnforcerFilter(final Expression<Boolean> enforcement, final Filter delegate) { 054 this.enforcement = enforcement; 055 this.delegate = delegate; 056 } 057 058 @Override 059 public Promise<Response, NeverThrowsException> filter(final Context context, 060 final Request request, 061 final Handler next) { 062 if (!isConditionVerified(bindings(context, request))) { 063 return newResultPromise(Responses.newInternalServerError( 064 "Cannot satisfy the enforcement expression")); 065 } 066 return delegate.filter(context, request, next); 067 } 068 069 private boolean isConditionVerified(final Bindings bindings) { 070 return TRUE.equals(enforcement.eval(bindings)); 071 } 072}